▲ 2 r/QUTreddit+1 crossposts

How does the Master of Philosophy work?

Hi everyone,
Can someone explain how an MPhil works? I'm trying to understand how it's different from or related to a PhD, and how industry-supervised research fits into it.
I'm also curious about the day-to-day side of things:
Do you usually work alone or as part of a research team?
How often do you meet with your supervisor?
What's the overall process like from start to finish?
What are the career opportunities after completing an MPhil?
I'd really appreciate hearing from anyone who's done one or is currently studying. Thanks!

Gonna start IF80 course

reddit.com
u/Heavy_Ad5263 — 3 days ago
▲ 2 r/androidroot+1 crossposts

The app_flutter/ application.db

After bypassing root detection the local db file was extracted and was password protected. The password was found in the flutter_assets/lib/env.

After getting access to the db..
what are the next steps if my objective is to report vulnerabilities with high cvss ratings?

I’m chaining vulnerabilities

reddit.com
u/Heavy_Ad5263 — 24 days ago
▲ 11 r/ITProfessionals+1 crossposts

From Helpdesk to OffSec Analyst at 21: Overloaded, stuck in administrative limbo, and burning out. Need advice.

Hey everyone,
I'm looking for some perspective from veterans in the offensive security space. I'm 21, and over the past few years, I've pushed myself incredibly hard. But right now, my mind is completely overloaded, my routine feels deeply inefficient, and I'm caught in a stressful spiral of trial, error, and administrative anxiety.
I need some brutal honesty and tactical advice on how to navigate this before I redline completely.

MY BACKGROUND & CONTEXT
I started my undergrad in Cybersecurity out of a genuine obsession with the field.
* The Hustle: In my second year, I took an IT helpdesk job and quickly moved up to team lead. From there, I secured an offensive security internship covering web apps, infrastructure, and workstations.
* The Method: To bridge the gap fast, I used a strict self-study framework: Witness -> understand -> Skill. If I saw an architecture or exploit, I forced myself to master the core mechanics until I could execute it.
* The Results: Within two years, I climbed to an Analyst role while finishing my final year. I wrote my thesis relating to blockchain with zero guidance from my supervisor, graduated first-class, and placed in the top 10% of my batch.

THE CURRENT PRESSURE POINTS

  1. The Scholarship Limbo (The Current Crisis

)

  1. I wanted to tackle a massive, real-world research problem. I successfully pitched a project to a professor at a leading university and got a scholarship to work on third-party

/supply-chain attacks.

  1. I've already fought through the hardest parts of the gauntlet—I passed the interview, the presentation, and the technical assessment. While I have officially secured the supervisor approval from the principal academic supervisor, everything has completely stalled with the industry supervisor. I still haven't received the formal letter of supervision from the industry supervisor. I'm terrified I'm going to lose this massive opportunity; the waiting game is giving me insane anxiety.

2

:

  1. To bypass HR gatekeepers and demand a respectable salary, I'm trying to fast-track my CPSA and CEH. But I have a habit of diving incredibly deep into the first principles of networking, OS, and source code. Even though I know it's overkill just to pass these specific exams, a lack of confidence makes me keep digging into systems until I am entirely wiped out.

3

:

  1. Weekend Labs: On weekends, I build custom lab environments to mimic client systems and safely test CVEs, because our commercial VAPT time windows are too tight to experiment on the clock. Hunting CVEs: I'm trying to find and report a CVE in my name via GitHub vulnerability disclosures (a childhood dream of mine to do real security science).Documentation: I'm building a private technical blog on GitHub to document my findings.

THE PERSONAL TOLL
The shift in my personal life has been pretty drastic. Naturally, I'm a very social guy—I used to love hitting raves, partying with people, drinking, smoking, you name it. But since diving headfirst into this internship and career, that side of my life has completely deprecated.
My passion has turned into total isolation. I have lost relationships with almost everyone except my immediate family. I've missed countless gatherings because I completely lost interest in them over time, and I find it incredibly hard to relate to people outside the grind anymore.

I have massive expectations weighing on me from my family and the university lecturers who supported me. I am not depressed—I know I am capable of doing big things—but my current trajectory feels completely unsustainable and ineffective.

reddit.com
u/Heavy_Ad5263 — 1 month ago

Has any dating app worked for you ?

Guys I’m 21M, 6ft

I was just wandering about in bumble and tinder to find someone atleast to go out n have a drink.

Nothing worked out is there any Srilankan page or anything that’s more interactive than the foreign apps? I’m dying, help us out girls ! 😂

reddit.com
u/Heavy_Ad5263 — 1 month ago

Where to start ?

Hi guys. Currently I’m doing VAPT as a job at a big 4.

Scope: web applications like HR, Insurance, banking comes throughout the tenure.

We have to be very careful when doing PT due to the consequences.

The team is not very bright and not much technical in depth nothing impactful is expected by the superiors as well.

You can understand the “Pay”.

But what I do is perform exploits which are known on the CVEs focusing on vulnerabilities which has high cvss score. I’m very passionate on offensive security.

At home I create my own lab mimicking the client infrastructure at my will no one does it here.

I practice the exploits beforehand and get thorough by understanding the bugs, the code and the exploits.

I do HTB, Studying for certifications, help undergrads get through.

Even though I generate the most impactful vulnerabilities it is not cared much at the firm.

I do a lot of research and put my time and commitment even after the 9-5 so I could deliver the best.

I feel like I’m wasting my time here.

What should I do ?

To get a proper job and find my own CVE

Am I on the right path ? Or is there anything I have to do get more skilled at this?

I’m inspired by the defcon black hat presentations. That’s an interesting community I would like to be with. For example orangestai with devcore is like crème de la crème bloody hell I love their work.

reddit.com
u/Heavy_Ad5263 — 2 months ago

Web application PT bugs can be easily found at hackerone.

And also if there are other resources than hackerone can you guys share.

But where can I for Android ?

reddit.com
u/Heavy_Ad5263 — 2 months ago

Web application PT bugs can be easily found at hackerone.

And also if there are other resources than hackerone can you guys share.

But where can I for Android ?

“These reports make bounties visible for people and helps understand more about bounties. This understanding can be honed into the skill of finding new ones “

reddit.com
u/Heavy_Ad5263 — 2 months ago
▲ 0 r/CEH

Guys!, you guys have any resources?

I’ve to get this done in one month before the expected promotion any links, leads, techniques??

reddit.com
u/Heavy_Ad5263 — 2 months ago

Guys, so I’ve been assessed and accepted(received supervisor approval)by one of the professors in QUT to grant a full scholarship towards a masters of research .

She gave me the Research Proposal as well.

She is currently adjoining me with an industry sponsor as well.

She and I was planning to be onboard at QUT grounds around mid june (26)

It’s start of May (26) still. The professor and I worked together without costing any time since she wanted me to be recruited soon. But the second round of application took 1 month and the contract letter is on the process for more than one month now.

How long does it take for these things normally ?

Will I lose this opp or is it actually normal ?

reddit.com
u/Heavy_Ad5263 — 2 months ago

Guys I was able to get the root detection code of the android application, what are the next workable steps to bypass this root detection ??

PFA attached code:

: package a5;

import android.database.Cursor;

import android.database.sqlite.SQLiteDatabase;

import android.os.Build;

import android.util.Log;

import android.view.View;

import androidx.fragment.app.x0;

import com.applicationtest.applicationtest .MainActivity;

import com.google.android.gms.internal.measurement.f4;

import com.google.android.gms.internal.measurement.k5;

import java.io.BufferedReader;

import java.io.BufferedWriter;

import java.io.File;

import java.io.IOException;

import java.io.InputStream;

import java.io.InputStreamReader;

import java.io.OutputStream;

import java.io.OutputStreamWriter;

import java.lang.reflect.Constructor;

import java.lang.reflect.InvocationTargetException;

import java.net.ConnectException;

import java.net.HttpURLConnection;

import java.net.URL;

import java.net.UnknownHostException;

import java.util.ArrayList;

import java.util.HashMap;

import java.util.Iterator;

import java.util.List;

import java.util.concurrent.CountDownLatch;

import java.util.zip.GZIPInputStream;

import java.util.zip.GZIPOutputStream;

import org.json.JSONException;

import org.json.JSONObject;

/* JADX INFO: compiled from: r8-map-id-ad3c932dac4442e8de685b70a2b5217e088dcdf6e581bf023bd73931d1aa29fb */

/* JADX INFO: loaded from: classes.dex */

public final /* synthetic */ class h0 implements w3.a, h7.p, h7.c, i6.q, w3.c, r7.c, u4.d, y2.b, t5.a {

/* JADX INFO: renamed from: l */

public final /* synthetic */ int f131l;

/* JADX INFO: renamed from: m */

public final /* synthetic */ Object f132m;

public /* synthetic */ h0(int i9, Object obj) {

this.f131l = i9;

this.f132m = obj;

}

@Override // r7.c

public boolean a(View view) {

for (Class cls : (Class[]) this.f132m) {

if (cls.isInstance(view)) {

return true;

}

}

return false;

}

@Override // y2.b

public Object b() {

SQLiteDatabase sQLiteDatabaseA;

int i9 = this.f131l;

Object obj = this.f132m;

switch (i9) {

case 14:

x2.h hVar = (x2.h) ((x2.c) obj);

hVar.getClass();

int i10 = t2.a.f6644e;

x0 x0Var = new x0(17, false);

x0Var.f868n = null;

x0Var.f867m = new ArrayList();

x0Var.f869o = null;

x0Var.f870p = "";

HashMap map = new HashMap();

sQLiteDatabaseA = hVar.a();

sQLiteDatabaseA.beginTransaction();

try {

t2.a aVar = (t2.a) x2.h.h(sQLiteDatabaseA.rawQuery("SELECT log_source, reason, events_dropped_count FROM log_event_dropped", new String[0]), new b5.a(hVar, map, x0Var, 4));

sQLiteDatabaseA.setTransactionSuccessful();

return aVar;

} finally {

}

case 15:

x2.h hVar2 = (x2.h) ((x2.d) obj);

long jB = hVar2.f8062m.b() - hVar2.f8064o.f8051d;

sQLiteDatabaseA = hVar2.a();

sQLiteDatabaseA.beginTransaction();

try {

String[] strArr = {String.valueOf(jB)};

Cursor cursorRawQuery = sQLiteDatabaseA.rawQuery("SELECT COUNT(*), transport_name FROM events WHERE timestamp_ms < ? GROUP BY transport_name", strArr);

while (cursorRawQuery.moveToNext()) {

try {

hVar2.e(cursorRawQuery.getInt(0), t2.c.MESSAGE_TOO_OLD, cursorRawQuery.getString(1));

} catch (Throwable th) {

cursorRawQuery.close();

throw th;

}

}

cursorRawQuery.close();

int iDelete = sQLiteDatabaseA.delete("events", "timestamp_ms < ?", strArr);

sQLiteDatabaseA.setTransactionSuccessful();

sQLiteDatabaseA.endTransaction();

return Integer.valueOf(iDelete);

} finally {

}

case 16:

x2.h hVar3 = (x2.h) ((x2.c) ((i5.e) obj).f3834i);

sQLiteDatabaseA = hVar3.a();

sQLiteDatabaseA.beginTransaction();

try {

sQLiteDatabaseA.compileStatement("DELETE FROM log_event_dropped").execute();

sQLiteDatabaseA.compileStatement("UPDATE global_log_event_state SET last_metrics_upload_ms=" + hVar3.f8062m.b()).execute();

sQLiteDatabaseA.setTransactionSuccessful();

return null;

} finally {

}

default:

x0 x0Var2 = (x0) obj;

Iterator it = ((Iterable) ((x2.h) ((x2.d) x0Var2.f868n)).c(new v4.j(2))).iterator();

while (it.hasNext()) {

((q7.g) x0Var2.f869o).y((q2.j) it.next(), 1, false);

}

return null;

}

}

/* JADX WARN: Can't wrap try/catch for region: R(40:175|(1:177)(1:179)|178|180|(1:182)|(1:184)(1:185)|186|(36:190|206|(1:208)|209|(1:211)|212|(3:214|(3:334|216|337)(1:336)|335)|333|217|328|218|(1:220)|221|222|(1:224)|225|(1:227)|(1:229)(1:230)|231|(4:234|(2:236|339)(1:340)|237|232)|338|238|(1:240)|341|241|(1:243)(1:245)|244|246|(1:248)(1:249)|250|(5:255|(1:257)|258|3fb|262)(1:254)|263|(13:274|270|275|(2:277|(1:279))(2:280|(2:308|309))|282|330|283|326|284|285|287|(3:302|(1:304)|305)(3:295|(1:297)|298)|307)(13:267|(1:269)(2:271|(1:273)(0))|270|275|(0)(0)|282|330|283|326|284|285|287|(6:289|291|302|(0)|305|307)(0))|315|(2:317|(1:319))|320)(3:191|(3:195|203|(1:205))(4:196|(2:199|197)|332|200)|201)|202|209|(0)|212|(0)|333|217|328|218|(0)|221|222|(0)|225|(0)|(0)(0)|231|(1:232)|338|238|(0)|341|241|(0)(0)|244|246|(0)(0)|250|(5:252|255|(0)|258|3fb)(0)|315|(0)|320) */

/* JADX WARN: Code restructure failed: missing block: B:313:0x0624, code lost:

r0 = move-exception;

*/

/* JADX WARN: Code restructure failed: missing block: B:314:0x0625, code lost:

r6 = "FirebaseCrashlytics";

android.util.Log.e(r6, "Error retrieving app package info.", r0);

r15 = null;

*/

/* JADX WARN: Removed duplicated region for block: B:211:0x01ec */

/* JADX WARN: Removed duplicated region for block: B:214:0x01f6 */

/* JADX WARN: Removed duplicated region for block: B:220:0x0252 */

/* JADX WARN: Removed duplicated region for block: B:224:0x027c */

/* JADX WARN: Removed duplicated region for block: B:227:0x02f1 */

/* JADX WARN: Removed duplicated region for block: B:229:0x02f9 */

/* JADX WARN: Removed duplicated region for block: B:230:0x0302 */

/* JADX WARN: Removed duplicated region for block: B:234:0x0310 */

/* JADX WARN: Removed duplicated region for block: B:240:0x033b A[LOOP:3: B:239:0x0339->B:240:0x033b, LOOP_END] */

/* JADX WARN: Removed duplicated region for block: B:243:0x0354 */

/* JADX WARN: Removed duplicated region for block: B:245:0x035c */

/* JADX WARN: Removed duplicated region for block: B:248:0x0362 */

/* JADX WARN: Removed duplicated region for block: B:249:0x0364 */

/* JADX WARN: Removed duplicated region for block: B:255:0x03de */

/* JADX WARN: Removed duplicated region for block: B:257:0x03e5 */

/* JADX WARN: Removed duplicated region for block: B:274:0x044c */

/* JADX WARN: Removed duplicated region for block: B:277:0x0456 */

/* JADX WARN: Removed duplicated region for block: B:280:0x0466 */

/* JADX WARN: Removed duplicated region for block: B:302:0x05a9 */

/* JADX WARN: Removed duplicated region for block: B:304:0x05b2 */

/* JADX WARN: Removed duplicated region for block: B:317:0x0638 */

/* JADX WARN: Removed duplicated region for block: B:324:0x03fc A[EXC_TOP_SPLITTER, SYNTHETIC] */

@Override // u4.d

/*

Code decompiled incorrectly, please refer to instructions dump.

To view partially-correct code enable 'Show inconsistent code' option in preferences

*/

public java.lang.Object c(u4.s r55) {

/*

Method dump skipped, instruction units count: 1688

To view this dump change 'Code comments level' option to 'DEBUG'

*/

throw new UnsupportedOperationException("Method not decompiled: a5.h0.c(u4.s):java.lang.Object");

}

@Override // w3.a

public Object d(w3.h hVar) {

int i9 = this.f131l;

Object obj = this.f132m;

switch (i9) {

case 0:

((CountDownLatch) obj).countDown();

return null;

case 1:

return (w3.h) ((n) obj).call();

default:

((Runnable) obj).run();

return a.a.d(null);

}

}

@Override // h7.c

public void e(Object obj) {

h0 h0Var = (h0) this.f132m;

boolean z9 = false;

if (obj != null) {

try {

z9 = ((JSONObject) obj).getBoolean("handled");

} catch (JSONException e10) {

Log.e("KeyEventChannel", "Unable to unpack JSON message: " + e10);

}

}

((c5.i) h0Var.f132m).d(z9);

}

@Override // i6.q

public Object f() {

int i9 = this.f131l;

Object obj = this.f132m;

switch (i9) {

case 5:

Constructor constructor = (Constructor) obj;

try {

return constructor.newInstance(null);

} catch (IllegalAccessException e10) {

f4 f4Var = l6.c.f4565a;

throw new RuntimeException("Unexpected IllegalAccessException occurred (Gson 2.12.0). Certain ReflectionAccessFilter features require Java >= 9 to work correctly. If you are not using ReflectionAccessFilter, report this to the Gson maintainers.", e10);

} catch (InstantiationException e11) {

throw new RuntimeException("Failed to invoke constructor '" + l6.c.b(constructor) + "' with no args", e11);

} catch (InvocationTargetException e12) {

throw new RuntimeException("Failed to invoke constructor '" + l6.c.b(constructor) + "' with no args", e12.getCause());

}

default:

Class cls = (Class) obj;

try {

return i6.v.f3903a.a(cls);

} catch (Exception e13) {

throw new RuntimeException("Unable to create instance of " + cls + ". Registering an InstanceCreator or a TypeAdapter for this type, or adding a no-args constructor may fix this problem.", e13);

}

}

}

public com.google.crypto.tink.shaded.protobuf.d g(a4.i iVar) throws IOException {

o2.b bVar = (o2.b) this.f132m;

URL url = (URL) iVar.f56n;

String strConcat = "TRuntime.".concat("CctTransportBackend");

if (Log.isLoggable(strConcat, 4)) {

Log.i(strConcat, String.format("Making request to: %s", url));

}

HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();

httpURLConnection.setConnectTimeout(30000);

httpURLConnection.setReadTimeout(bVar.f5700g);

httpURLConnection.setDoOutput(true);

httpURLConnection.setInstanceFollowRedirects(false);

httpURLConnection.setRequestMethod("POST");

httpURLConnection.setRequestProperty("User-Agent", "datatransport/3.3.0 android/");

httpURLConnection.setRequestProperty("Content-Encoding", "gzip");

httpURLConnection.setRequestProperty("Content-Type", "application/json");

httpURLConnection.setRequestProperty("Accept-Encoding", "gzip");

String str = (String) iVar.f55m;

if (str != null) {

httpURLConnection.setRequestProperty("X-Goog-Api-Key", str);

}

try {

OutputStream outputStream = httpURLConnection.getOutputStream();

try {

GZIPOutputStream gZIPOutputStream = new GZIPOutputStream(outputStream);

try {

n.j jVar = bVar.f5694a;

p2.m mVar = (p2.m) iVar.f57o;

BufferedWriter bufferedWriter = new BufferedWriter(new OutputStreamWriter(gZIPOutputStream));

p5.d dVar = (p5.d) jVar.f4912m;

p5.e eVar = new p5.e(bufferedWriter, dVar.f5899a, dVar.f5900b, dVar.f5901c, dVar.f5902d);

eVar.h(mVar);

eVar.j();

eVar.f5904b.flush();

gZIPOutputStream.close();

if (outputStream != null) {

outputStream.close();

}

int responseCode = httpURLConnection.getResponseCode();

Integer numValueOf = Integer.valueOf(responseCode);

String strConcat2 = "TRuntime.".concat("CctTransportBackend");

if (Log.isLoggable(strConcat2, 4)) {

Log.i(strConcat2, String.format("Status Code: %d", numValueOf));

}

k5.d("CctTransportBackend", "Content-Type: %s", httpURLConnection.getHeaderField("Content-Type"));

k5.d("CctTransportBackend", "Content-Encoding: %s", httpURLConnection.getHeaderField("Content-Encoding"));

if (responseCode == 302 || responseCode == 301 || responseCode == 307) {

return new com.google.crypto.tink.shaded.protobuf.d(responseCode, new URL(httpURLConnection.getHeaderField("Location")), 0L);

}

if (responseCode != 200) {

return new com.google.crypto.tink.shaded.protobuf.d(responseCode, null, 0L);

}

InputStream inputStream = httpURLConnection.getInputStream();

try {

InputStream gZIPInputStream = "gzip".equals(httpURLConnection.getHeaderField("Content-Encoding")) ? new GZIPInputStream(inputStream) : inputStream;

try {

com.google.crypto.tink.shaded.protobuf.d dVar2 = new com.google.crypto.tink.shaded.protobuf.d(responseCode, null, p2.u.a(new BufferedReader(new InputStreamReader(gZIPInputStream))).f5850a);

if (gZIPInputStream != null) {

gZIPInputStream.close();

}

if (inputStream != null) {

inputStream.close();

}

return dVar2;

} finally {

}

} finally {

}

} finally {

}

} finally {

}

} catch (ConnectException | UnknownHostException e10) {

k5.f("CctTransportBackend", "Couldn't open connection, returning with 500", e10);

return new com.google.crypto.tink.shaded.protobuf.d(500, null, 0L);

} catch (IOException | n5.b e11) {

k5.f("CctTransportBackend", "Couldn't encode request, returning with 400", e11);

return new com.google.crypto.tink.shaded.protobuf.d(400, null, 0L);

}

}

@Override // t5.a

public void h(t5.b bVar) {

x4.a aVar = (x4.a) this.f132m;

aVar.getClass();

if (Log.isLoggable("FirebaseCrashlytics", 3)) {

Log.d("FirebaseCrashlytics", "Crashlytics native component now available.", null);

}

aVar.f8083b.set((x4.a) bVar.get());

}

@Override // w3.c

public void m(w3.h hVar) {

int i9 = this.f131l;

n7.h hVar2 = (n7.h) this.f132m;

switch (i9) {

case r0.j.BYTES_FIELD_NUMBER /* 8 */:

HashMap map = n7.d.f5190n;

if (!hVar.g()) {

hVar2.a(hVar.d());

break;

} else {

switch (hVar2.f5212a) {

case 0:

ArrayList arrayList = hVar2.f5213b;

arrayList.add(0, null);

hVar2.f5214c.e(arrayList);

break;

case 1:

ArrayList arrayList2 = hVar2.f5213b;

arrayList2.add(0, null);

hVar2.f5214c.e(arrayList2);

break;

default:

ArrayList arrayList3 = hVar2.f5213b;

arrayList3.add(0, null);

hVar2.f5214c.e(arrayList3);

break;

}

}

break;

default:

HashMap map2 = n7.d.f5190n;

if (!hVar.g()) {

hVar2.a(hVar.d());

break;

} else {

Object objE = hVar.e();

switch (hVar2.f5212a) {

case 3:

ArrayList arrayList4 = hVar2.f5213b;

arrayList4.add(0, (n7.f) objE);

hVar2.f5214c.e(arrayList4);

break;

case 4:

ArrayList arrayList5 = hVar2.f5213b;

arrayList5.add(0, (List) objE);

hVar2.f5214c.e(arrayList5);

break;

default:

ArrayList arrayList6 = hVar2.f5213b;

arrayList6.add(0, (n7.e) objE);

hVar2.f5214c.e(arrayList6);

break;

}

}

break;

}

}

@Override // h7.p

public void onMethodCall(h7.o oVar, h7.q qVar) {

MainActivity mainActivity = (MainActivity) this.f132m;

int i9 = MainActivity.f1681r;

f8.i.e(oVar, "call");

String str = oVar.f3524a;

if (!f8.i.a(str, "rootDeviceCheck")) {

if (f8.i.a(str, "getSdkInt")) {

((g7.k) qVar).success(Integer.valueOf(Build.VERSION.SDK_INT));

return;

}

return;

}

mainActivity.getClass();

String[] strArr = {"/system/app/Superuser.apk", "/system/xbin/su", "/system/bin/su", "/sbin/su", "/vendor/bin/su"};

boolean z9 = false;

int i10 = 0;

while (true) {

if (i10 < 5) {

String str2 = strArr[i10];

if (new File(str2).exists()) {

Log.d("SecurityCheck", "Root file found: " + str2);

break;

}

i10++;

} else {

try {

if (Runtime.getRuntime().exec(new String[]{"/system/xbin/which", "su"}).getInputStream().read() != -1) {

break;

}

} catch (Exception unused) {

}

}

}

z9 = true;

((g7.k) qVar).success(Boolean.valueOf(z9));

}

}

reddit.com
u/Heavy_Ad5263 — 2 months ago