Reverse Engineering Clubhouse
https://www.klmlabs.co/blog/club-house-observations-th5x8
https://www.klmlabs.co/blog/club-house-observations-th5x8
Samsung Investigation Part 1: TEEs, TrustZone and TEEGRIS
https://www.riscure.com/blog/samsung-investigation-part1
https://www.riscure.com/blog/samsung-investigation-part1
Activation of arbitrary intent due to unsafe deserialization - CVE-2020-0082
This leads to EoP in Android 10.
It could start any privileged intent without permission.
With this vulnerability it would be possible to silently install and uninstall any app.
https://github.com/0x742/CVE-2020-0082-ExternalVibration
This leads to EoP in Android 10.
It could start any privileged intent without permission.
With this vulnerability it would be possible to silently install and uninstall any app.
https://github.com/0x742/CVE-2020-0082-ExternalVibration
GitHub
GitHub - 0x742/CVE-2020-0082-ExternalVibration: This repo contains a proof-of-concept for 📱🚀👑⚡, a deserialization vuln for local…
This repo contains a proof-of-concept for 📱🚀👑⚡, a deserialization vuln for local escalation of privilege to system_server in Android 10. This proof-of-concept only activates a privileged intent. - ...
A Special Attack Surface in Android (Ⅱ) — The dangerous deeplinks
https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1359026676922851328
https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1359026676922851328
Using Frida to find hooks in Android applications (security products, malware, or even games deploying anti-cheat software)
https://corellium.com/blog/android-frida-finding-hooks
https://corellium.com/blog/android-frida-finding-hooks
Corellium
Using Frida to Find Hooks | Corellium Support Center
Frida is a dynamic code instrumentation toolkit for developing, researching, and reversing applications.
Use-After-Free in Browser Process that can be used to escape the Chromium sandbox on Android Devices
PoC + denoscription: https://microsoftedge.github.io/edgevr/posts/yet-another-uaf/
PoC + denoscription: https://microsoftedge.github.io/edgevr/posts/yet-another-uaf/
Microsoft Browser Vulnerability Research
Yet another RenderFrameHostImpl UAF
Introduction Back in 2020 while reviewing Chromium code, I found issue 1068395, a Use-After-Free in Browser Process that can be used to escape the Chromium sandbox on Android Devices. This is an interesting vulnerability as it’s a bug pattern that keeps happening…
Vulnerability found in Aiwinn multiple OEM devices allow silent installation of attacker provided app [CVE-2020-0222]
https://bugs.chromium.org/p/apvi/issues/detail?id=36&q=&can=1
https://bugs.chromium.org/p/apvi/issues/detail?id=36&q=&can=1
APKLeaks - scans APK files for URIs, endpoints & secrets
Tool: https://github.com/dwisiswant0/apkleaks
Demo: https://fb.watch/40Jd7HoAqs/
Tool: https://github.com/dwisiswant0/apkleaks
Demo: https://fb.watch/40Jd7HoAqs/
GitHub
GitHub - dwisiswant0/apkleaks: Scanning APK file for URIs, endpoints & secrets.
Scanning APK file for URIs, endpoints & secrets. Contribute to dwisiswant0/apkleaks development by creating an account on GitHub.
Android FluBot (aka Cabassous) - banking malware responsible for spam SMS campaings in Spain & Poland impersonates FedEx, DHL, Correos, Chrome.
FluBot has already infected more than 60,000 victims and stolen 11 million+ phone numbers
https://raw.githubusercontent.com/prodaft/malware-ioc/master/FluBot/FluBot.pdf
FluBot has already infected more than 60,000 victims and stolen 11 million+ phone numbers
https://raw.githubusercontent.com/prodaft/malware-ioc/master/FluBot/FluBot.pdf
👍1
How we could have tracked anyone's live location using Truecaller's "Guardians" app
https://www.pingsafe.ai/blog/hacking-truecallers-guardian-application-to-track-you
https://www.pingsafe.ai/blog/hacking-truecallers-guardian-application-to-track-you
Reverse Engineering a Flutter app by recompiling Flutter Engine
https://tinyhack.com/2021/03/07/reversing-a-flutter-app-by-recompiling-flutter-engine/
https://tinyhack.com/2021/03/07/reversing-a-flutter-app-by-recompiling-flutter-engine/
Tinyhack.com
Reverse Engineering a Flutter app by recompiling Flutter Engine
It is not easy to reverse engineer a release version of a flutter app because the tooling is not available and the flutter engine itself changes rapidly. As of now, if you are lucky, you can dump the classes and method names of a flutter app using darter…
A new Dropper on Google Play Dropping the AlienBot Banker and MRAT
https://research.checkpoint.com/2021/clast82-a-new-dropper-on-google-play-dropping-the-alienbot-banker-and-mrat/
https://research.checkpoint.com/2021/clast82-a-new-dropper-on-google-play-dropping-the-alienbot-banker-and-mrat/
Check Point Research
Clast82 – A new Dropper on Google Play Dropping the AlienBot Banker and MRAT - Check Point Research
Research by: Aviran Hazum, Bohdan Melnykov, Israel Wernik Check Point Research (CPR) recently discovered a new Dropper spreading via the official Google Play store, which downloads and installs the AlienBot Banker and MRAT. This Dropper, dubbed Clast82, utilizes…
Android proxy malware - Mobdro - was downloaded more than 100 million times and made more than €5 million
https://therecord.media/police-shut-down-android-app-that-transformed-smartphones-into-proxies/
https://therecord.media/police-shut-down-android-app-that-transformed-smartphones-into-proxies/
The Record
Police shut down Android app that turned smartphones into proxies
Spanish police have seized servers and arrested the operators of an Android app designed to broadcast pirate video streams, but which also secretly sold users' personal data and ensnared smartphones into proxy and DDoS botnets.
The Brief Glory of Cabassous/FluBot — a private Android banking botnet
https://medium.com/csis-techblog/the-brief-glory-of-cabassous-flubot-a-private-android-banking-botnet-bc2ed7917027
https://medium.com/csis-techblog/the-brief-glory-of-cabassous-flubot-a-private-android-banking-botnet-bc2ed7917027
Medium
The Brief Glory of Cabassous/FluBot — a private Android banking botnet
A new botnet has surfaced in late 2020, take a look at the details about this criminal operation targeting banking users in Spain and…
Samsung Investigation Part 2: Exploiting Trusted Applications (TAs)
https://www.riscure.com/blog/samsung-investigation-part2
https://www.riscure.com/blog/samsung-investigation-part2
Still using SMS as 2FA?
For $16 a hacker can rerouted all received SMS messages to him and break into online accounts. This isn't SIM jacking or SS7.
Attacker just pays a company and get control of text routing in minutes
https://www.vice.com/en/article/y3g8wb/hacker-got-my-texts-16-dollars-sakari-netnumber
For $16 a hacker can rerouted all received SMS messages to him and break into online accounts. This isn't SIM jacking or SS7.
Attacker just pays a company and get control of text routing in minutes
https://www.vice.com/en/article/y3g8wb/hacker-got-my-texts-16-dollars-sakari-netnumber
VICE
A Hacker Got All My Texts for $16
A gaping flaw in SMS lets hackers take over phone numbers in minutes by simply paying a company to reroute text messages.
👍1
Android reverse engineering for beginners - Dexcalibur
https://braincoke.fr/blog/2021/03/android-reverse-engineering-for-beginners-dexcalibur/
https://braincoke.fr/blog/2021/03/android-reverse-engineering-for-beginners-dexcalibur/
braincoke.fr
Android reverse engineering for beginners - Dexcalibur - Braincoke | Security Blog
Thoughts and write-ups
TikTok for Android 1-Click RCE
XSS -> Launch arbitrary intent to download ZIP file -> exploit file traversal -> overwrite native library -> RCE
https://medium.com/@dPhoeniixx/tiktok-for-android-1-click-rce-240266e78105
XSS -> Launch arbitrary intent to download ZIP file -> exploit file traversal -> overwrite native library -> RCE
https://medium.com/@dPhoeniixx/tiktok-for-android-1-click-rce-240266e78105
Medium
TikTok for Android 1-Click RCE
Chaining multiple bugs on TikTok for Android to achieving Remote code execution in the application’s context.
Android TapJacking Attacks, a thorough guide
https://valsamaras.medium.com/tapjacking-attacks-a-thorough-guide-2cd6486d0fc9
https://valsamaras.medium.com/tapjacking-attacks-a-thorough-guide-2cd6486d0fc9
Medium
TapJacking Attacks, a thorough guide
PART 1
Forwarded from The Bug Bounty Hunter
IOS Pentesting Guide From A N00bs Perspective
https://payatu.com/blog/abhilashnigam/ios-pentesing-guide-from-a-n00bs-perspective.1
https://payatu.com/blog/abhilashnigam/ios-pentesing-guide-from-a-n00bs-perspective.1