Skip to content

Choi-ej/COMP5618

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 

Repository files navigation

COMP5618 : Applied Cybersecurity

Assignment2 - Defensive Security Review & Penetration Testing Assessment

Conducted a full security assessment of a vulnerable web application and Linux host environment as part of COMP5618 Applied Cybersecurity at the University of Sydney. The project simulated a real-world attacker perspective to identify, exploit, analyse, and remediate vulnerabilities across network, OS, database, and web application layers.

Key Areas

  • Network reconnaissance & service enumeration
  • Web application security testing
  • Linux privilege escalation analysis
  • Authentication & database security review
  • Risk assessment and remediation planning

Vulnerabilities Investigated

  • SQL Injection (SQLi)
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • Exposed SSH keys
  • Passwordless sudo escalation
  • Weak credential storage
  • Anonymous FTP exposure
  • Misconfigured CSP/CORS and security headers

Tools & Technologies

  • Nmap
  • OWASP ZAP
  • Hydra
  • John the Ripper
  • SecLists
  • Flask / Werkzeug
  • SQLite
  • Linux security & SSH auditing

Frameworks & Methodologies

  • OWASP Testing Guide v4.2
  • OWASP ASVS
  • NIST SP 800-115
  • Defense-in-Depth principles

Skills Demonstrated

Penetration testing, vulnerability assessment, risk analysis, web security, Linux hardening, secure configuration review, and enterprise-style security reporting.

Assignment3 - Android Reverse Engineering & Mobile Security Analysis

Completed a series of Android reverse engineering and mobile security challenges as part of COMP5618 Applied Cybersecurity at the University of Sydney. The project focused on analysing vulnerable APK applications through static and dynamic analysis techniques to uncover hidden flags, decrypt secrets, and bypass security mechanisms.

Key Areas

  • Android APK reverse engineering
  • Mobile application security analysis
  • Native library (.so) analysis
  • AES & RSA cryptography analysis
  • Dynamic instrumentation & runtime hooking
  • Steganography & hidden data extraction

Techniques Used

  • APK decompilation with JADX & APKTool
  • JNI/native library analysis using Ghidra
  • Dynamic instrumentation with Frida
  • AES-CBC decryption and cryptographic key recovery
  • SQLite database extraction and analysis
  • Steganography analysis in image files
  • Runtime bypass and flag extraction
  • Static and dynamic malware-style analysis workflows

Tools & Technologies

  • JADX
  • APKTool
  • Ghidra
  • Frida
  • CyberChef
  • OpenSSL
  • SQLite3
  • PyCryptodome
  • Binwalk
  • Python
  • Android Emulator

Security Concepts Explored

  • Hardcoded cryptographic keys
  • Insecure mobile app storage
  • JNI obfuscation
  • AES/CBC/PKCS5Padding weaknesses
  • RSA encryption/decryption
  • Native code hiding techniques
  • Runtime hooking and instrumentation
  • Reverse engineering ARM/native binaries

Skills Demonstrated

Android reverse engineering, mobile penetration testing, cryptographic analysis, native binary analysis, dynamic instrumentation, secure coding analysis, and offensive security problem solving.

About

Applied Cybersecurity

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors