Suraj Sharma sudosuraj

CONFIG

Include `adb` and other android tools on your path

In Users/sudosuraj.bash_profile add export PATH=$PATH:/Users/sudosuraj/Documents/AndroidSDKs/sdk/platform-tools export PATH=$PATH:/Users/sudosuraj/Documents/AndroidSDKs/sdk/tools

My own adb location

cd /Users/sudosuraj/Documents/AndroidSDKs/sdk/platform-tools

API Security Checklist

Checklist of the most important security countermeasures when designing, testing, and releasing your API.

Enumeration

Use a fuzzer for discover new APIs. For several levels.
Enumerate restricted endpoints. For trying to bypass. Add to the final endpoint(..;/, etc).
Modifying the request for additional parameters. For example: &admin=true.

Frida & Objection Guide

1. Checking Android Architecture

Find Device Architecture

adb shell getprop ro.product.cpu.abi

Check Android Version

Certified Ethical Hacker (CEHv13) AI Question Dumps

Which tool can be used to perform session splicing attacks?
Which of the following characteristics is not true about the Simple Object Access Protocol?
According to the Payment Card Industry Data Security Standard, when is it necessary to conduct external and internal penetration testing?
What scanning technique does Alex use when he splits the TCP Header into many packets to make it difficult to determine their purpose?
What kind of attack does Antonio perform when he uses several fake identities to create an illusion of traffic congestion in IoT networks?
Which of the following wireless standards has a bandwidth of up to 54 Mbit/s and signals in a regulated frequency spectrum around 5 GHz?
Which IDS evasion method depends on the Time-to-Live (TTL) fields of a TCP/IP packet?
What is the method of determining the movement of a data packet from an untrusted external host to a protected internal host through a firewall?

Port Scan Types

1. Full Connect Scan (TCP Connect / Full Open Scan)

What It Does:
Completes the entire TCP three-way handshake (SYN → SYN-ACK → ACK) to fully establish a connection and then tears it down (often with an RST).
Pros & Cons:
- Pros: Most reliable; uses standard OS networking calls.
- Cons: Easiest to detect since it creates a real connection.
Nmap Example:

NetBIOS (Network Basic Input/Output System) is a legacy protocol that still plays a role in many Windows networks. It handles several functions:

Name Servicing:
NetBIOS allows computers to register and resolve 16-character names. This makes it possible to identify and communicate with devices on a local network using human-readable names.
Connectionless Communication:
It supports communication methods that don’t require a sustained connection. This means messages can be sent without establishing a persistent link.
Session Layer Functions:
While primarily associated with lower-level operations, NetBIOS also provides some session layer capabilities to manage communication sessions.

OSI & TCP/IP Layers – Attacks, Protocols, Services, and Tools (Cybersecurity Cheat Sheet)

OSI Layer	TCP/IP Layer	Protocols	Services	Attacks	Tools
7 - Application	4 - Application	HTTP, HTTPS, DNS, FTP, SMTP, IMAP, SSH, Telnet, SNMP	Web, Email, File Transfer, Remote Login	XSS, SQLi, Command Injection, SSRF, SMTP Spoofing, Auth Bypass	Burp Suite, ZAP, Postman, curl, dig, ffuf, nslookup
6 - Presentation	4 - Application	SSL/TLS, JPEG, MPEG, ASCII, EBCDIC	Encryption, Encoding, Compression

	from pydriller import RepositoryMining
	import re
	import base64

	foundSet = set()
	for commit in RepositoryMining('./').traverse_commits():
	for mod in commit.modifications:
	if mod.source_code_before != None:
	regex = re.findall(r"<text encoding=\"base64\">[^>]+</text>", mod.source_code_before)
	for result in regex:

	#!/bin/bash
	#
	# crt.sh sub-domain check by 1N3@CrowdShield
	# https://crowdshield.com
	#

	OKBLUE='\033[94m'
	OKRED='\033[91m'
	OKGREEN='\033[92m'
	OKORANGE='\033[93m'

	AI
	├── Machine Learning (ML)
	│ ├── Supervised Learning
	│ │ ├── Regression
	│ │ └── Classification
	│ ├── Unsupervised Learning
	│ │ ├── Clustering
	│ │ └── Dimensionality Reduction
	│ ├── Reinforcement Learning
	│ └── Semi-supervised Learning