u/Heavy_Ad5263

Hi guys. Currently I’m doing VAPT as a job at a big 4.

Scope: web applications like HR, Insurance, banking comes throughout the tenure.

We have to be very careful when doing PT due to the consequences.

The team is not very bright and not much technical in depth nothing impactful is expected by the superiors as well.

You can understand the “Pay”.

But what I do is perform exploits which are known on the CVEs focusing on vulnerabilities which has high cvss score. I’m very passionate on offensive security.

At home I create my own lab mimicking the client infrastructure at my will no one does it here.

I practice the exploits beforehand and get thorough by understanding the bugs, the code and the exploits.

I do HTB, Studying for certifications, help undergrads get through.

Even though I generate the most impactful vulnerabilities it is not cared much at the firm.

I do a lot of research and put my time and commitment even after the 9-5 so I could deliver the best.

I feel like I’m wasting my time here.

What should I do ?

To get a proper job and find my own CVE

Am I on the right path ? Or is there anything I have to do get more skilled at this?

I’m inspired by the defcon black hat presentations. That’s an interesting community I would like to be with. For example orangestai with devcore is like crème de la crème bloody hell I love their work.

Web application PT bugs can be easily found at hackerone.

And also if there are other resources than hackerone can you guys share.

But where can I for Android ?

Web application PT bugs can be easily found at hackerone.

And also if there are other resources than hackerone can you guys share.

But where can I for Android ?

“These reports make bounties visible for people and helps understand more about bounties. This understanding can be honed into the skill of finding new ones “

Guys!, you guys have any resources?

I’ve to get this done in one month before the expected promotion any links, leads, techniques??

Guys can you recommend me some easy certifications, not the 900 series.

Needed to complete any one for the company I work in.

Thanks…

Guys, so I’ve been assessed and accepted(received supervisor approval)by one of the professors in QUT to grant a full scholarship towards a masters of research .

She gave me the Research Proposal as well.

She is currently adjoining me with an industry sponsor as well.

She and I was planning to be onboard at QUT grounds around mid june (26)

It’s start of May (26) still. The professor and I worked together without costing any time since she wanted me to be recruited soon. But the second round of application took 1 month and the contract letter is on the process for more than one month now.

How long does it take for these things normally ?

Will I lose this opp or is it actually normal ?

Guys I was able to get the root detection code of the android application, what are the next workable steps to bypass this root detection ??

PFA attached code:

: package a5;

import android.database.Cursor;

import android.database.sqlite.SQLiteDatabase;

import android.os.Build;

import android.util.Log;

import android.view.View;

import androidx.fragment.app.x0;

import com.applicationtest.applicationtest .MainActivity;

import com.google.android.gms.internal.measurement.f4;

import com.google.android.gms.internal.measurement.k5;

import java.io.BufferedReader;

import java.io.BufferedWriter;

import java.io.File;

import java.io.IOException;

import java.io.InputStream;

import java.io.InputStreamReader;

import java.io.OutputStream;

import java.io.OutputStreamWriter;

import java.lang.reflect.Constructor;

import java.lang.reflect.InvocationTargetException;

import java.net.ConnectException;

import java.net.HttpURLConnection;

import java.net.URL;

import java.net.UnknownHostException;

import java.util.ArrayList;

import java.util.HashMap;

import java.util.Iterator;

import java.util.List;

import java.util.concurrent.CountDownLatch;

import java.util.zip.GZIPInputStream;

import java.util.zip.GZIPOutputStream;

import org.json.JSONException;

import org.json.JSONObject;

/* JADX INFO: compiled from: r8-map-id-ad3c932dac4442e8de685b70a2b5217e088dcdf6e581bf023bd73931d1aa29fb */

/* JADX INFO: loaded from: classes.dex */

public final /* synthetic */ class h0 implements w3.a, h7.p, h7.c, i6.q, w3.c, r7.c, u4.d, y2.b, t5.a {

/* JADX INFO: renamed from: l */

public final /* synthetic */ int f131l;

/* JADX INFO: renamed from: m */

public final /* synthetic */ Object f132m;

public /* synthetic */ h0(int i9, Object obj) {

this.f131l = i9;

this.f132m = obj;

}

@Override // r7.c

public boolean a(View view) {

for (Class cls : (Class[]) this.f132m) {

if (cls.isInstance(view)) {

return true;

}

}

return false;

}

@Override // y2.b

public Object b() {

SQLiteDatabase sQLiteDatabaseA;

int i9 = this.f131l;

Object obj = this.f132m;

switch (i9) {

case 14:

x2.h hVar = (x2.h) ((x2.c) obj);

hVar.getClass();

int i10 = t2.a.f6644e;

x0 x0Var = new x0(17, false);

x0Var.f868n = null;

x0Var.f867m = new ArrayList();

x0Var.f869o = null;

x0Var.f870p = "";

HashMap map = new HashMap();

sQLiteDatabaseA = hVar.a();

sQLiteDatabaseA.beginTransaction();

try {

t2.a aVar = (t2.a) x2.h.h(sQLiteDatabaseA.rawQuery("SELECT log_source, reason, events_dropped_count FROM log_event_dropped", new String[0]), new b5.a(hVar, map, x0Var, 4));

sQLiteDatabaseA.setTransactionSuccessful();

return aVar;

} finally {

}

case 15:

x2.h hVar2 = (x2.h) ((x2.d) obj);

long jB = hVar2.f8062m.b() - hVar2.f8064o.f8051d;

sQLiteDatabaseA = hVar2.a();

sQLiteDatabaseA.beginTransaction();

try {

String[] strArr = {String.valueOf(jB)};

Cursor cursorRawQuery = sQLiteDatabaseA.rawQuery("SELECT COUNT(*), transport_name FROM events WHERE timestamp_ms < ? GROUP BY transport_name", strArr);

while (cursorRawQuery.moveToNext()) {

try {

hVar2.e(cursorRawQuery.getInt(0), t2.c.MESSAGE_TOO_OLD, cursorRawQuery.getString(1));

} catch (Throwable th) {

cursorRawQuery.close();

throw th;

}

}

cursorRawQuery.close();

int iDelete = sQLiteDatabaseA.delete("events", "timestamp_ms < ?", strArr);

sQLiteDatabaseA.setTransactionSuccessful();

sQLiteDatabaseA.endTransaction();

return Integer.valueOf(iDelete);

} finally {

}

case 16:

x2.h hVar3 = (x2.h) ((x2.c) ((i5.e) obj).f3834i);

sQLiteDatabaseA = hVar3.a();

sQLiteDatabaseA.beginTransaction();

try {

sQLiteDatabaseA.compileStatement("DELETE FROM log_event_dropped").execute();

sQLiteDatabaseA.compileStatement("UPDATE global_log_event_state SET last_metrics_upload_ms=" + hVar3.f8062m.b()).execute();

sQLiteDatabaseA.setTransactionSuccessful();

return null;

} finally {

}

default:

x0 x0Var2 = (x0) obj;

Iterator it = ((Iterable) ((x2.h) ((x2.d) x0Var2.f868n)).c(new v4.j(2))).iterator();

while (it.hasNext()) {

((q7.g) x0Var2.f869o).y((q2.j) it.next(), 1, false);

}

return null;

}

}

/* JADX WARN: Can't wrap try/catch for region: R(40:175|(1:177)(1:179)|178|180|(1:182)|(1:184)(1:185)|186|(36:190|206|(1:208)|209|(1:211)|212|(3:214|(3:334|216|337)(1:336)|335)|333|217|328|218|(1:220)|221|222|(1:224)|225|(1:227)|(1:229)(1:230)|231|(4:234|(2:236|339)(1:340)|237|232)|338|238|(1:240)|341|241|(1:243)(1:245)|244|246|(1:248)(1:249)|250|(5:255|(1:257)|258|3fb|262)(1:254)|263|(13:274|270|275|(2:277|(1:279))(2:280|(2:308|309))|282|330|283|326|284|285|287|(3:302|(1:304)|305)(3:295|(1:297)|298)|307)(13:267|(1:269)(2:271|(1:273)(0))|270|275|(0)(0)|282|330|283|326|284|285|287|(6:289|291|302|(0)|305|307)(0))|315|(2:317|(1:319))|320)(3:191|(3:195|203|(1:205))(4:196|(2:199|197)|332|200)|201)|202|209|(0)|212|(0)|333|217|328|218|(0)|221|222|(0)|225|(0)|(0)(0)|231|(1:232)|338|238|(0)|341|241|(0)(0)|244|246|(0)(0)|250|(5:252|255|(0)|258|3fb)(0)|315|(0)|320) */

/* JADX WARN: Code restructure failed: missing block: B:313:0x0624, code lost:

r0 = move-exception;

*/

/* JADX WARN: Code restructure failed: missing block: B:314:0x0625, code lost:

r6 = "FirebaseCrashlytics";

android.util.Log.e(r6, "Error retrieving app package info.", r0);

r15 = null;

*/

/* JADX WARN: Removed duplicated region for block: B:211:0x01ec */

/* JADX WARN: Removed duplicated region for block: B:214:0x01f6 */

/* JADX WARN: Removed duplicated region for block: B:220:0x0252 */

/* JADX WARN: Removed duplicated region for block: B:224:0x027c */

/* JADX WARN: Removed duplicated region for block: B:227:0x02f1 */

/* JADX WARN: Removed duplicated region for block: B:229:0x02f9 */

/* JADX WARN: Removed duplicated region for block: B:230:0x0302 */

/* JADX WARN: Removed duplicated region for block: B:234:0x0310 */

/* JADX WARN: Removed duplicated region for block: B:240:0x033b A[LOOP:3: B:239:0x0339->B:240:0x033b, LOOP_END] */

/* JADX WARN: Removed duplicated region for block: B:243:0x0354 */

/* JADX WARN: Removed duplicated region for block: B:245:0x035c */

/* JADX WARN: Removed duplicated region for block: B:248:0x0362 */

/* JADX WARN: Removed duplicated region for block: B:249:0x0364 */

/* JADX WARN: Removed duplicated region for block: B:255:0x03de */

/* JADX WARN: Removed duplicated region for block: B:257:0x03e5 */

/* JADX WARN: Removed duplicated region for block: B:274:0x044c */

/* JADX WARN: Removed duplicated region for block: B:277:0x0456 */

/* JADX WARN: Removed duplicated region for block: B:280:0x0466 */

/* JADX WARN: Removed duplicated region for block: B:302:0x05a9 */

/* JADX WARN: Removed duplicated region for block: B:304:0x05b2 */

/* JADX WARN: Removed duplicated region for block: B:317:0x0638 */

/* JADX WARN: Removed duplicated region for block: B:324:0x03fc A[EXC_TOP_SPLITTER, SYNTHETIC] */

@Override // u4.d

/*

Code decompiled incorrectly, please refer to instructions dump.

To view partially-correct code enable 'Show inconsistent code' option in preferences

*/

public java.lang.Object c(u4.s r55) {

/*

Method dump skipped, instruction units count: 1688

To view this dump change 'Code comments level' option to 'DEBUG'

*/

throw new UnsupportedOperationException("Method not decompiled: a5.h0.c(u4.s):java.lang.Object");

}

@Override // w3.a

public Object d(w3.h hVar) {

int i9 = this.f131l;

Object obj = this.f132m;

switch (i9) {

case 0:

((CountDownLatch) obj).countDown();

return null;

case 1:

return (w3.h) ((n) obj).call();

default:

((Runnable) obj).run();

return a.a.d(null);

}

}

@Override // h7.c

public void e(Object obj) {

h0 h0Var = (h0) this.f132m;

boolean z9 = false;

if (obj != null) {

try {

z9 = ((JSONObject) obj).getBoolean("handled");

} catch (JSONException e10) {

Log.e("KeyEventChannel", "Unable to unpack JSON message: " + e10);

}

}

((c5.i) h0Var.f132m).d(z9);

}

@Override // i6.q

public Object f() {

int i9 = this.f131l;

Object obj = this.f132m;

switch (i9) {

case 5:

Constructor constructor = (Constructor) obj;

try {

return constructor.newInstance(null);

} catch (IllegalAccessException e10) {

f4 f4Var = l6.c.f4565a;

throw new RuntimeException("Unexpected IllegalAccessException occurred (Gson 2.12.0). Certain ReflectionAccessFilter features require Java >= 9 to work correctly. If you are not using ReflectionAccessFilter, report this to the Gson maintainers.", e10);

} catch (InstantiationException e11) {

throw new RuntimeException("Failed to invoke constructor '" + l6.c.b(constructor) + "' with no args", e11);

} catch (InvocationTargetException e12) {

throw new RuntimeException("Failed to invoke constructor '" + l6.c.b(constructor) + "' with no args", e12.getCause());

}

default:

Class cls = (Class) obj;

try {

return i6.v.f3903a.a(cls);

} catch (Exception e13) {

throw new RuntimeException("Unable to create instance of " + cls + ". Registering an InstanceCreator or a TypeAdapter for this type, or adding a no-args constructor may fix this problem.", e13);

}

}

}

public com.google.crypto.tink.shaded.protobuf.d g(a4.i iVar) throws IOException {

o2.b bVar = (o2.b) this.f132m;

URL url = (URL) iVar.f56n;

String strConcat = "TRuntime.".concat("CctTransportBackend");

if (Log.isLoggable(strConcat, 4)) {

Log.i(strConcat, String.format("Making request to: %s", url));

}

HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();

httpURLConnection.setConnectTimeout(30000);

httpURLConnection.setReadTimeout(bVar.f5700g);

httpURLConnection.setDoOutput(true);

httpURLConnection.setInstanceFollowRedirects(false);

httpURLConnection.setRequestMethod("POST");

httpURLConnection.setRequestProperty("User-Agent", "datatransport/3.3.0 android/");

httpURLConnection.setRequestProperty("Content-Encoding", "gzip");

httpURLConnection.setRequestProperty("Content-Type", "application/json");

httpURLConnection.setRequestProperty("Accept-Encoding", "gzip");

String str = (String) iVar.f55m;

if (str != null) {

httpURLConnection.setRequestProperty("X-Goog-Api-Key", str);

}

try {

OutputStream outputStream = httpURLConnection.getOutputStream();

try {

GZIPOutputStream gZIPOutputStream = new GZIPOutputStream(outputStream);

try {

n.j jVar = bVar.f5694a;

p2.m mVar = (p2.m) iVar.f57o;

BufferedWriter bufferedWriter = new BufferedWriter(new OutputStreamWriter(gZIPOutputStream));

p5.d dVar = (p5.d) jVar.f4912m;

p5.e eVar = new p5.e(bufferedWriter, dVar.f5899a, dVar.f5900b, dVar.f5901c, dVar.f5902d);

eVar.h(mVar);

eVar.j();

eVar.f5904b.flush();

gZIPOutputStream.close();

if (outputStream != null) {

outputStream.close();

}

int responseCode = httpURLConnection.getResponseCode();

Integer numValueOf = Integer.valueOf(responseCode);

String strConcat2 = "TRuntime.".concat("CctTransportBackend");

if (Log.isLoggable(strConcat2, 4)) {

Log.i(strConcat2, String.format("Status Code: %d", numValueOf));

}

k5.d("CctTransportBackend", "Content-Type: %s", httpURLConnection.getHeaderField("Content-Type"));

k5.d("CctTransportBackend", "Content-Encoding: %s", httpURLConnection.getHeaderField("Content-Encoding"));

if (responseCode == 302 || responseCode == 301 || responseCode == 307) {

return new com.google.crypto.tink.shaded.protobuf.d(responseCode, new URL(httpURLConnection.getHeaderField("Location")), 0L);

}

if (responseCode != 200) {

return new com.google.crypto.tink.shaded.protobuf.d(responseCode, null, 0L);

}

InputStream inputStream = httpURLConnection.getInputStream();

try {

InputStream gZIPInputStream = "gzip".equals(httpURLConnection.getHeaderField("Content-Encoding")) ? new GZIPInputStream(inputStream) : inputStream;

try {

com.google.crypto.tink.shaded.protobuf.d dVar2 = new com.google.crypto.tink.shaded.protobuf.d(responseCode, null, p2.u.a(new BufferedReader(new InputStreamReader(gZIPInputStream))).f5850a);

if (gZIPInputStream != null) {

gZIPInputStream.close();

}

if (inputStream != null) {

inputStream.close();

}

return dVar2;

} finally {

}

} finally {

}

} finally {

}

} finally {

}

} catch (ConnectException | UnknownHostException e10) {

k5.f("CctTransportBackend", "Couldn't open connection, returning with 500", e10);

return new com.google.crypto.tink.shaded.protobuf.d(500, null, 0L);

} catch (IOException | n5.b e11) {

k5.f("CctTransportBackend", "Couldn't encode request, returning with 400", e11);

return new com.google.crypto.tink.shaded.protobuf.d(400, null, 0L);

}

}

@Override // t5.a

public void h(t5.b bVar) {

x4.a aVar = (x4.a) this.f132m;

aVar.getClass();

if (Log.isLoggable("FirebaseCrashlytics", 3)) {

Log.d("FirebaseCrashlytics", "Crashlytics native component now available.", null);

}

aVar.f8083b.set((x4.a) bVar.get());

}

@Override // w3.c

public void m(w3.h hVar) {

int i9 = this.f131l;

n7.h hVar2 = (n7.h) this.f132m;

switch (i9) {

case r0.j.BYTES_FIELD_NUMBER /* 8 */:

HashMap map = n7.d.f5190n;

if (!hVar.g()) {

hVar2.a(hVar.d());

break;

} else {

switch (hVar2.f5212a) {

case 0:

ArrayList arrayList = hVar2.f5213b;

arrayList.add(0, null);

hVar2.f5214c.e(arrayList);

break;

case 1:

ArrayList arrayList2 = hVar2.f5213b;

arrayList2.add(0, null);

hVar2.f5214c.e(arrayList2);

break;

default:

ArrayList arrayList3 = hVar2.f5213b;

arrayList3.add(0, null);

hVar2.f5214c.e(arrayList3);

break;

}

}

break;

default:

HashMap map2 = n7.d.f5190n;

if (!hVar.g()) {

hVar2.a(hVar.d());

break;

} else {

Object objE = hVar.e();

switch (hVar2.f5212a) {

case 3:

ArrayList arrayList4 = hVar2.f5213b;

arrayList4.add(0, (n7.f) objE);

hVar2.f5214c.e(arrayList4);

break;

case 4:

ArrayList arrayList5 = hVar2.f5213b;

arrayList5.add(0, (List) objE);

hVar2.f5214c.e(arrayList5);

break;

default:

ArrayList arrayList6 = hVar2.f5213b;

arrayList6.add(0, (n7.e) objE);

hVar2.f5214c.e(arrayList6);

break;

}

}

break;

}

}

@Override // h7.p

public void onMethodCall(h7.o oVar, h7.q qVar) {

MainActivity mainActivity = (MainActivity) this.f132m;

int i9 = MainActivity.f1681r;

f8.i.e(oVar, "call");

String str = oVar.f3524a;

if (!f8.i.a(str, "rootDeviceCheck")) {

if (f8.i.a(str, "getSdkInt")) {

((g7.k) qVar).success(Integer.valueOf(Build.VERSION.SDK_INT));

return;

}

return;

}

mainActivity.getClass();

String[] strArr = {"/system/app/Superuser.apk", "/system/xbin/su", "/system/bin/su", "/sbin/su", "/vendor/bin/su"};

boolean z9 = false;

int i10 = 0;

while (true) {

if (i10 < 5) {

String str2 = strArr[i10];

if (new File(str2).exists()) {

Log.d("SecurityCheck", "Root file found: " + str2);

break;

}

i10++;

} else {

try {

if (Runtime.getRuntime().exec(new String[]{"/system/xbin/which", "su"}).getInputStream().read() != -1) {

break;

}

} catch (Exception unused) {

}

}

}

z9 = true;

((g7.k) qVar).success(Boolean.valueOf(z9));

}

}