UPDATE (20-Mar-2022): MagiskHide has been dropped from Magisk 24.3. Checkout my blog post on comparing root detection for 24 banking apps where I also use Frida to spawn apps. For mobile app analysis, using a rooted device with Magisk and Frida has become my bread and butter. I’m aware that emulators exist (which I also use) but solutions, such as Android Studio or Genymotion fail to offer the same level of performance as a physical device....

Update (25/11/21) added a section on Page Rules. For markuta.com I now use Hugo with a theme called PaperMod. Github is still used storage on a private repository (Github pages doesn’t allow private repos for free accounts). And Cloudflare Pages is linked to Github to deploy the website. Requirements To get started you need the following: Hugo and Git software Github account (free) Cloudflare account (free) Domain name (not required but nice to have) Install Software You need to make sure Hugo and Git are installed....

In this blog post I’ll be covering how to install a self hosted Bitwarden server as a password management solution using Docker on a Raspberry Pi. We will get two containers running (Bitwarden server) and (Nginx reverse proxy). I’ll also go into hardening the Bitwarden configuration and applying 2FA for log-ins. What is Bitwarden? Bitwarden is an open-source password management solution. It supports almost all major systems. The version we’re going to be using is the unofficial one created by Daniel Garcia, Github page: https://github....

Its been a while since I posted. This is a quick update of the new changes. I’m now using a new Jekyll theme called klisé by Mahendrata Harpi. With this change, I’ll also try to post more regularly since my last post was back in 2019. I have also added my public key which is available here.

In this blog post I’ll share a report I wrote a few months ago for a XSS bug found on podcasters.spotify.com. This was submitted on HackerOne but unfortunately, it was already reported and mine was considered a duplicate, oh well, better luck next time. Summary When a user submits a new podcast RSS feed for verification, the description tag inside it is not properly escaped. This results in JavaScript being executed on the page which could allow attackers to hijack users’ session cookies and/or take over accounts....