penetration testing Archives

AppWizard

January 16, 2026

Your Android App Needs Scanning – Best Android App Vulnerability Scanner in 2026

The past year saw a 45% increase in new vulnerabilities targeting Android. By the end of 2024, there are projected to be 2.87 million apps on Google Play, with 66% of American employees using personal smartphones for work. Mobile applications are responsible for 70% of digital interactions, and vulnerabilities in these apps contributed to approximately 40% of data breaches involving personal data in 2023. Effective Android App Vulnerability Scanners analyze app security by identifying insecure local storage, hardcoded credentials, weak cryptography, insecure network configurations, broken authentication flows, and misconfigured components. AI-powered scanners, like AutoSecT, can autonomously generate new scanning protocols quickly, detect zero-day vulnerabilities, automate penetration testing, and operate with near-zero false positives.

Tech Optimizer

November 5, 2025

Hackers Are Using Linux Malware to Invisibly Bypass Windows Security

Hackers are refining tactics to evade detection by EDR systems and antivirus software, with a notable strategy being the use of Linux malware to infiltrate Windows systems. Investigations by Bitdefender and CERT-GE revealed a campaign by the Russian hacker group Curly COMrades, which exploits the Hyper-V virtualization platform on Windows 10 to create covert access channels. They utilize Alpine Linux for lightweight virtual machines that are difficult to detect, requiring only 120 MB of disk space and 256 MB of RAM. The attackers maintain persistent access using tools like Resocks and Stunnel, starting their activities in early July 2024 by activating Hyper-V on compromised systems and deploying misleading virtual machines labeled “WSL.” They introduced custom malware, CurlyShell and CurlCat, for communication and remote access. This trend of using Linux malware against Windows systems is growing, as seen in recent Qilin ransomware attacks documented by Trend Micro.

Tech Optimizer

November 2, 2025

New EDR-Redir V2 Blinds Windows Defender on Windows 11 With Fake Program Files

An upgraded release of the EDR-Redir V2 tool has been developed to circumvent Endpoint Detection and Response (EDR) systems by using Windows bind link technology. This version targets the parent directories of EDR installations, such as Program Files, and creates redirection loops that blind security software while keeping legitimate applications intact. Unlike its predecessor, EDR-Redir V2 uses a more complex mechanism that loops subfolders back to themselves, isolating the EDR's path for manipulation without triggering alarms. The tool utilizes the bind link feature from Windows 11 24H2, allowing filesystem namespace redirection without needing kernel privileges. EDR solutions typically secure their subfolders but cannot entirely restrict writes to parent directories. EDR-Redir V2 queries all subfolders in a targeted parent directory and mirrors them in a controlled directory, establishing bidirectional bind links that create loops for normal access by non-EDR software. In a demonstration against Windows Defender, EDR-Redir V2 successfully redirected access to its operational files, making Defender blind to its actual files. This technique highlights vulnerabilities in EDR systems regarding filesystem manipulations at the parent directory level, suggesting that folder-specific safeguards are inadequate. Although there are no widespread reports of exploits using this method, it poses significant concerns for enterprise environments, prompting security teams to monitor bind link usage in critical directories and implement integrity checks on EDR paths.

AppWizard

October 25, 2025

OWASP Mobile Top 10 for Android – How AutoSecT Detects Each Risk?

Mobile applications account for 70% of global interactions, with over 6.8 billion smartphone users. In 2023, 40% of data breaches are linked to vulnerabilities in mobile applications. The OWASP Mobile Top 10 outlines critical security risks for mobile apps, including: 1. Improper Credential Usage: Mishandling of passwords and session tokens. 2. Inadequate Supply Chain Security: Risks from unverified third-party components. 3. Insecure Authentication/Authorization: Failures in verifying user identities. 4. Insufficient Input/Output Validation: Lack of checks on incoming and outgoing data. 5. Insecure Communication: Unprotected data during transmission. 6. Inadequate Privacy Controls: Poor safeguards for personal data. 7. Insufficient Binary Protections: Lack of defenses against reverse engineering. 8. Security Misconfiguration: Improperly secured application settings. 9. Insecure Data Storage: Weak protection of sensitive information on devices. 10. Insufficient Cryptography: Use of weak or improperly implemented encryption. AutoSecT, an AI-driven mobile app security testing platform, detects these risks through various methods, including static code analysis, software composition analysis, and dynamic testing. It helps developers identify and mitigate vulnerabilities effectively.

Tech Optimizer

October 20, 2025

New DefenderWrite Tool Allows Attackers to Inject Malicious DLLs into AV Executable Folders

DefenderWrite is a new tool that uses whitelisted Windows programs to bypass antivirus protections and write files into executable folders. Developed by cybersecurity expert Two Seven One Three, it allows penetration testers to deploy payloads in secure locations without needing kernel-level access. The tool identifies whitelisted system programs, enabling attackers to inject malicious DLLs into antivirus folders. In tests on Windows 11 with Microsoft Defender, four vulnerable programs were identified: msiexec.exe, Register-CimProvider.exe, svchost.exe, and lsass.exe. DefenderWrite includes parameters for targeted operations and a PowerShell script for scanning executables. It highlights the need for antivirus vendors to improve their whitelisting policies and process isolation. The tool is publicly available, raising concerns about its potential use in real-world attacks.