Conducted a full security assessment of a vulnerable web application and Linux host environment as part of COMP5618 Applied Cybersecurity at the University of Sydney. The project simulated a real-world attacker perspective to identify, exploit, analyse, and remediate vulnerabilities across network, OS, database, and web application layers.
- Network reconnaissance & service enumeration
- Web application security testing
- Linux privilege escalation analysis
- Authentication & database security review
- Risk assessment and remediation planning
- SQL Injection (SQLi)
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Exposed SSH keys
- Passwordless sudo escalation
- Weak credential storage
- Anonymous FTP exposure
- Misconfigured CSP/CORS and security headers
- Nmap
- OWASP ZAP
- Hydra
- John the Ripper
- SecLists
- Flask / Werkzeug
- SQLite
- Linux security & SSH auditing
- OWASP Testing Guide v4.2
- OWASP ASVS
- NIST SP 800-115
- Defense-in-Depth principles
Penetration testing, vulnerability assessment, risk analysis, web security, Linux hardening, secure configuration review, and enterprise-style security reporting.
Completed a series of Android reverse engineering and mobile security challenges as part of COMP5618 Applied Cybersecurity at the University of Sydney. The project focused on analysing vulnerable APK applications through static and dynamic analysis techniques to uncover hidden flags, decrypt secrets, and bypass security mechanisms.
- Android APK reverse engineering
- Mobile application security analysis
- Native library (.so) analysis
- AES & RSA cryptography analysis
- Dynamic instrumentation & runtime hooking
- Steganography & hidden data extraction
- APK decompilation with JADX & APKTool
- JNI/native library analysis using Ghidra
- Dynamic instrumentation with Frida
- AES-CBC decryption and cryptographic key recovery
- SQLite database extraction and analysis
- Steganography analysis in image files
- Runtime bypass and flag extraction
- Static and dynamic malware-style analysis workflows
- JADX
- APKTool
- Ghidra
- Frida
- CyberChef
- OpenSSL
- SQLite3
- PyCryptodome
- Binwalk
- Python
- Android Emulator
- Hardcoded cryptographic keys
- Insecure mobile app storage
- JNI obfuscation
- AES/CBC/PKCS5Padding weaknesses
- RSA encryption/decryption
- Native code hiding techniques
- Runtime hooking and instrumentation
- Reverse engineering ARM/native binaries
Android reverse engineering, mobile penetration testing, cryptographic analysis, native binary analysis, dynamic instrumentation, secure coding analysis, and offensive security problem solving.