Starting from a weak local admin password, LSASS was dumped to obtain a domain user hash. An ESC1-misconfigured ADCS certificate template was then exploited to impersonate a Domain Admin — achieving full Active Directory compromise with Silver Ticket persistence.

A complete walkthrough for setting up a rooted Android Virtual Device ready for penetration testing — covering AVD creation, Magisk rooting via rootAVD, essential module configuration, and Burp Suite traffic interception.

Four IDOR vulnerabilities were identified in a live online banking platform, exposing other users' personal details, pending transactions, and account reports — all exploitable through simple parameter manipulation across multiple endpoints.

Boolseeker is an open-source Go tool that automates the identification of root detection, emulator detection, and integrity check mechanisms in Android APKs by extracting and scanning boolean Java methods and native shared object files.