Cognisys Labs
Preview Image

How to Decompile a Hermes React Native Binary (Android Pentest)

Overview At Cognisys, our days are filled with uncovering the intricacies of various applications, but some projects stand out due to their complexity and the insights they provide. Recently, we t...

Preview Image

Breaking Custom Encryption Using Frida (Mobile Application Pentesting)

Overview It was a typical day at Cognisys, where we were engaged in routine Android application testing. However, this session took an intriguing turn when we encountered a unique encryption imple...

Preview Image

Burp Suite Certified Practitioner Exam (BSCP) Review

At Cognisys, we are driven by experts in cybersecurity. Our team comprises individuals with extensive skills and a deep understanding of the field, always ready to secure your business. In the eve...

Preview Image

Breaking Login Pages

We daily come across login pages as normal internet users, but as a security guy, one is always curious to find ways to bypass the login panels. Hi everyone we hope you all are doing great. In this...

Preview Image

Securing the Insecure Objects

Overview Greetings, everyone! In this blog, our Application Security Specialist Punit, will be talking about a critical security category. Punit’s primary role within our team involves penetration...

Preview Image

An Interesting XSS-Bypassing WAF

Overview Greetings, everyone! I’m Punit, an Application Security Specialist working with Cognisys Group. My primary role involves being a Pentester with expertise in testing the security of Web, M...

Preview Image

Advanced Module Stomping & Heap/Stack Encryption

Overview This blog will talk about the in-depth analysis and implementation of: Heaps allocations Encryption while sleeping Threads Stack Encryption while sleeping Reverting stomped module...

Preview Image

Writing your first Frida script for Android

Overview Hi everyone, I wish you all are doing amazing. My name is Rajveersinh Parmar and I’m an Application Security Consultant at Cognisys, specialised in Web, Mobile and API Pentesting. In this...

Preview Image

Combining Indirect Dynamic Syscalls and API Hashing

Overview This blog will talk about in depth analysis and implementation of : API hashing, how to resolve module’s base address and API’s base address from PEB using C & WinDbg. Indirect ...