https://florence-njeri.github.io/njeri/tags/pentest/Recent content in pentest on Florence NjeriHugo -- gohugo.ioenTue, 03 Feb 2026 00:00:00 +0000https://florence-njeri.github.io/njeri/posts/androgoat/Tue, 03 Feb 2026 00:00:00 +0000https://florence-njeri.github.io/njeri/posts/androgoat/Android Pentesting # To sharpen my skills, I recently took a deep dive into AndroGoat—a deliberately insecure Android application designed to showcase the most common OWASP Mobile Top 10 vulnerabilities. In this post, I’ll walk through how I combined both static and dynamic analysis to uncover hardcoded secrets, bypass security checks with Frida, and extract sensitive data from local storage. My pentesting toolkit: My pentesting tookit included: Jadx-GUI: For decompiling and reading Java/Kotlin source code. The Android Debug Bridge (adb)**: The “command line” for interacting with the emulator on android studio. Frida: For dynamic instrumentation. Instrumentation is the art of imjecting new functionality to the application at runtime e.