https://florence-njeri.github.io/njeri/Recent content on Florence NjeriHugo -- gohugo.ioenWed, 15 Apr 2026 09:00:00 +0000https://florence-njeri.github.io/njeri/posts/android_storage/Wed, 15 Apr 2026 09:00:00 +0000https://florence-njeri.github.io/njeri/posts/android_storage/Insecure Storage in Android # Insecure storage is still one of the easiest ways to recover sensitive data from an Android app during a pentest. Even when an app has strong network protections, it may still expose tokens, cached responses, credentials, or personal data locally. This post is a quick guide to the main Android storage locations and what they mean from a security testing perspective. Shared Preferences # A key-value XML file that stores user preferences such as dark mode or light mode. They are also often used to store access tokens or other kinds of secrets. In itself, that is not an issue, but it makes shared preferences a very interesting target for stealing or overwriting internal files.https://florence-njeri.github.io/njeri/posts/andropseudoprotect/Sun, 01 Mar 2026 09:00:00 +0000https://florence-njeri.github.io/njeri/posts/andropseudoprotect/8ksec - AndroPseudoProtect: Ultimate Device Security # Exploiting Exported Components and Bypassing Security By Obscurity Mechanisms # The goal of this exercise was to develop an android application that exploits Android’s IPC by disabling AndroPseudoProtect.apk’s security functionality. My initial thought process was that this would likely involve exploiting improperly exposed components. Specifically, if sensitive components are configured with exported=true, an attacker application could potentially access internal functionality via Inter-Process Communication (IPC), manipulate behavior, and bypass security controls. This assumption proved to be correct. Installing and Running the App # Upon launching the app, the application asks for access to all files.https://florence-njeri.github.io/njeri/posts/factsdroid/Wed, 04 Feb 2026 09:00:00 +0000https://florence-njeri.github.io/njeri/posts/factsdroid/GOAL: Intercept network traffic in FactsDroid and view/modify the API requests and responses between FactsDroid and the backend server without statically patching the provided APK. The objective is to successfully implement a Man-in-The-Middle (MITM) attack that allows you to manipulate the facts being displayed to the user, potentially inserting custom content or modifying the retrieved facts before they reach the application. Upon installing the app using adb install factsdroid.apk, I immediately see this error message when launching the app: In order to bypass the root check, I injected the Frida anti-root script into my APK: frida -U --codeshare dzonerzy/fridantiroot -f com.https://florence-njeri.github.io/njeri/posts/database_security/Tue, 03 Feb 2026 00:00:00 +0000https://florence-njeri.github.io/njeri/posts/database_security/3 Critical Database Command Injection Security Threats # For software engineers, it may be easy to assume that no hacker would target our app since it isn’t big or well known. This attitude can lead to recklessness and lower measures for securing data on an app. However, it’s important to remember that security begins at the design phase. Database security is about protecting the “CIA Triad”: Confidentiality, Integrity, and Availability. In this blog post, you’ll learn about the core database threats that jeopardize the CIA triad principles. By the end of the post, you’ll have learned about the following topics:https://florence-njeri.github.io/njeri/posts/androgoat/Tue, 03 Feb 2026 00:00:00 +0000https://florence-njeri.github.io/njeri/posts/androgoat/Android Pentesting # To sharpen my skills, I recently took a deep dive into AndroGoat—a deliberately insecure Android application designed to showcase the most common OWASP Mobile Top 10 vulnerabilities. In this post, I’ll walk through how I combined both static and dynamic analysis to uncover hardcoded secrets, bypass security checks with Frida, and extract sensitive data from local storage. My pentesting toolkit: My pentesting tookit included: Jadx-GUI: For decompiling and reading Java/Kotlin source code. The Android Debug Bridge (adb)**: The “command line” for interacting with the emulator on android studio. Frida: For dynamic instrumentation. Instrumentation is the art of imjecting new functionality to the application at runtime e.https://florence-njeri.github.io/njeri/now/Fri, 19 Dec 2025 00:00:00 +0000https://florence-njeri.github.io/njeri/now/Learning Transformers (Next 4 weeks) Working through the ARENA Transformer Interpretability course to deepen my understanding of transformer architectures and mechanistic interpretability. Penetration Testing Currently pentesting vulnerable mobile applications to strengthen my security assessment skills.https://florence-njeri.github.io/njeri/posts/rails-memoryfootprint/Fri, 24 Jan 2025 09:00:41 +0000https://florence-njeri.github.io/njeri/posts/rails-memoryfootprint/Users desire apps that run smoothly, load fast, and don’t crash. But what determines an app’s performance? There are two key factors: performance and memory usage. Performance refers to how fast your app loads for users. Memory footprint is the amount of system memory your app uses. If your app is slow or hogs too much memory, users won’t stick around. That’s where optimizing your Ruby on Rails app becomes essential. In this article, we’ll explore techniques that enhance performance and reduce memory usage, ensuring user satisfaction and the success of your app. Understanding performance and memory footprint # The performance of an app refers to how fast your app loads for the end-users.https://florence-njeri.github.io/njeri/posts/toctou_c/Fri, 24 Jan 2025 09:00:41 +0000https://florence-njeri.github.io/njeri/posts/toctou_c/The objective of this lab is to build on our understanding of secure programming in C by analyzing, enhancing, and securing the functionality of the program from Project Lab 1, with a focus on identifying and mitigating vulnerabilities and improving resilience against attacks like fuzzing. This lab focuses on identifying vulnerabilities in the source code, applying and validating patches, and proposing future best practices to prevent similar issues. Additionally, we will analyze the code using security analysis tools (cppcheck) to find out about the vulnerabilities in code. After compiling the project, we will inspect the resulting binary in Ghidra to identify similarities and differences, which will further inform our understanding of the program’s security and allow us to apply effective mitigations.https://florence-njeri.github.io/njeri/posts/reverse_engineering/Sun, 01 Dec 2024 09:36:41 +0000https://florence-njeri.github.io/njeri/posts/reverse_engineering/Reverse Engineering # Decompiling a program from assemnly back to high level language to try and understand what the program does. Example uses cases: Vulnerability Analysis Malware Research Binary Analysis Tools Summary (Ghidra Book, Ch. 2) # 1. file # What: Identifies the file format (ELF, PE, Mach-O), architecture (x86, ARM), and bit-width (32/64-bit). When: Step 1 (Triage). Use it the moment you receive a mystery file. Why vs Others: Use this instead of nm or objdump initially because it tells you if the file is even an executable or if it is “stripped” (missing names). Example Command: file <filename> 2.https://florence-njeri.github.io/njeri/posts/buffer_overflow_c/Sun, 01 Dec 2024 09:36:41 +0000https://florence-njeri.github.io/njeri/posts/buffer_overflow_c/Introduction # The objective of this lab is to build on our understanding of secure programming in C by analyzing, enhancing, and securing the functionality of the program from Project Lab 1, with a focus on identifying and mitigating vulnerabilities and improving resilience against attacks like fuzzing. This lab focuses on identifying vulnerabilities in the source code, applying and validating patches, and proposing future best practices to prevent similar issues. Additionally, we will analyze the code using security analysis tools (cppcheck) to find out about the vulnerabilities in code. After compiling the project, we will inspect the resulting binary in Ghidra to identify similarities and differences, which will further inform our understanding of the program’s security and allow us to apply effective mitigations.https://florence-njeri.github.io/njeri/posts/get_curl_commands/Sat, 16 Sep 2023 09:36:41 +0000https://florence-njeri.github.io/njeri/posts/get_curl_commands/Getting Started With GET Curl Commands # Introduction to curl # A curl command is a tool used on the terminal to make network requests using various protocols. curl is designed to aid with the data transfer to and from a server without the need for a web browser. With curl ,you can upload or download files, send requests to API endpoints to simulate user interaction from the terminal using a supported protocol such as HTTPs, FTP, and more. Explanation of GET requests Webpages display content to the end-user by requesting for resources from the server.These requests are commonly made using a GET HTTP request, often accompanied by query parameters when necessary.https://florence-njeri.github.io/njeri/posts/rails_excessive_data_exposure/Wed, 18 May 2022 09:36:41 +0000https://florence-njeri.github.io/njeri/posts/rails_excessive_data_exposure/For software engineers, it may be easy to assume that no hacker would target our app since it isn’t big or well known. This attitude can lead to recklessness and lower measures for securing data on an app. However, it’s important to remember that data collected by an organization is very valuable. There can also be legal consequences in terms of lawsuits against the business that ensue from leakage of a user’s personally identifiable information (PII). What Is Excessive Data Exposure? # Excessive data exposure occurs when an API response returns more data than the client needs. As a rule of thumb, if a client application needs three fields, for example, you shouldn’t return the whole object.