Android WebViews use and abuse
https://docs.google.com/presentation/d/18xhCZ4fnC2UC4FZ7w_zEIKfiejckn86JU1RqGxvEhTM/mobilepresent?slide=id.g1006589e594_0_3
https://docs.google.com/presentation/d/18xhCZ4fnC2UC4FZ7w_zEIKfiejckn86JU1RqGxvEhTM/mobilepresent?slide=id.g1006589e594_0_3
Google Docs
AS - WebViews
APPLICATION SECURITY (Threats and Malpractices) Speaker: Dimitrios Valsamaras | @Ch0pin https://www.linkedin.com/in/valsamaras/
Mobile malware activity - Threat Intelligence Report 2021 by Nokia
https://onestore.nokia.com/asset/210870
https://onestore.nokia.com/asset/210870
OneStore
Nokia: Threat Intelligence Report 2021
This report provides a view of malware activity in mobile and fixed networks around
the world. The data has been aggregated from service provider net
the world. The data has been aggregated from service provider net
Sophos threat report (Flubot, fake iPhone finance apps, Joker)
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices
https://cseweb.ucsd.edu//~nibhaska/papers/sp22_paper.pdf
https://cseweb.ucsd.edu//~nibhaska/papers/sp22_paper.pdf
Targeted SMiShing Attacks on Indian Banking Users
https://labs.k7computing.com/index.php/targeted-smishing-attacks-on-indian-banking-users/
https://labs.k7computing.com/index.php/targeted-smishing-attacks-on-indian-banking-users/
K7 Labs
Targeted SMiShing Attacks on Indian Banking Users
Threat actors are constantly using new tricks and tactics to collect various confidential credentials from users’ mobile devices via phishing […]
PhoneSpy: The App-Based Cyberattack Snooping South Korean Citizens
https://blog.zimperium.com/phonespy-the-app-based-cyberattack-snooping-south-korean-citizens/
https://blog.zimperium.com/phonespy-the-app-based-cyberattack-snooping-south-korean-citizens/
Zimperium
PhoneSpy: The App-Based Cyberattack Snooping South Korean Citizens - Zimperium
true
BrakTooth Proof of Concept Tool Demonstrates Bluetooth Vulnerabilities
BrakTooth—originally disclosed in August 2021—is a family of security vulnerabilities in commercial Bluetooth stacks. An attacker could exploit BrakTooth vulnerabilities to cause a range of effects from denial-of-service to arbitrary code execution.
https://github.com/Matheus-Garbelini/braktooth_esp32_bluetooth_classic_attacks
BrakTooth—originally disclosed in August 2021—is a family of security vulnerabilities in commercial Bluetooth stacks. An attacker could exploit BrakTooth vulnerabilities to cause a range of effects from denial-of-service to arbitrary code execution.
https://github.com/Matheus-Garbelini/braktooth_esp32_bluetooth_classic_attacks
GitHub
GitHub - Matheus-Garbelini/braktooth_esp32_bluetooth_classic_attacks: A Series of Baseband & LMP Exploits against Bluetooth Classic…
A Series of Baseband & LMP Exploits against Bluetooth Classic Controllers - Matheus-Garbelini/braktooth_esp32_bluetooth_classic_attacks
The Art of Exploiting UAF by Ret2bpf in Android Kernel [slides][whitepaper]
https://www.blackhat.com/eu-21/briefings/schedule/#the-art-of-exploiting-uaf-by-retbpf-in-android-kernel-24544
https://www.blackhat.com/eu-21/briefings/schedule/#the-art-of-exploiting-uaf-by-retbpf-in-android-kernel-24544
Blackhat
Black Hat Europe 2021
Re-route Your Intent for Privilege Escalation: A Universal Way to Exploit Android PendingIntents in High-profile and System Apps [slides]
https://www.blackhat.com/eu-21/briefings/schedule/index.html#re-route-your-intent-for-privilege-escalation-a-universal-way-to-exploit-android-pendingintents-in-high-profile-and-system-apps-24340
https://www.blackhat.com/eu-21/briefings/schedule/index.html#re-route-your-intent-for-privilege-escalation-a-universal-way-to-exploit-android-pendingintents-in-high-profile-and-system-apps-24340
Blackhat
Black Hat Europe 2021
A Deep Dive into Privacy Dashboard of Top Android Vendors [slides]
https://www.blackhat.com/eu-21/briefings/schedule/index.html#a-deep-dive-into-privacy-dashboard-of-top-android-vendors-24791
https://www.blackhat.com/eu-21/briefings/schedule/index.html#a-deep-dive-into-privacy-dashboard-of-top-android-vendors-24791
Blackhat
Black Hat Europe 2021
SharkBot: a new generation of Android Trojans is targeting banks in Europe
https://www.cleafy.com/cleafy-labs/sharkbot-a-new-generation-of-android-trojan-is-targeting-banks-in-europe
https://www.cleafy.com/cleafy-labs/sharkbot-a-new-generation-of-android-trojan-is-targeting-banks-in-europe
Cleafy
SharkBot: a new generation of Android Trojans is targeting banks in Europe | Cleafy Labs
SharkBot: a new generation of Android Trojans is targeting European banks. It has been discovered by the threat intelligence team of Cleafy: here's the technical analysis.
👍1
Mobile malware mimicking framework #blackhat
https://maxkersten.nl/wp-content/uploads/2021/11/BHEU21_m3.pdf
https://maxkersten.nl/wp-content/uploads/2021/11/BHEU21_m3.pdf
Armv8 / AArch64 Assembly Cheatsheet
https://azeria.gumroad.com/l/aarch64-cheatsheet
https://azeria.gumroad.com/l/aarch64-cheatsheet
Gumroad
Armv8-A AArch64 Cheatsheet 2021
Brand-new Armv8-A AArch64 Assembly Cheatsheet! Resolution for 2880 x 1800 screens (MacBook) at 150 PPI (6000 x 3750).Free download (you can set price to $0, then download) since it's the first vers...
Remotely and permanent crash of Mapillary Android app #DoS #Facebook
https://pathleax.medium.com/this-is-how-i-was-able-to-permanently-crash-all-mapillary-users-within-minutes-c7276def5a94
https://pathleax.medium.com/this-is-how-i-was-able-to-permanently-crash-all-mapillary-users-within-minutes-c7276def5a94
Medium
This is how i was able to Permanently Crash all Mapillary users within minutes
Hello everyone! Myself Abhishek Pathak from Gorakhpur, Uttar Pradesh, I’m 17 years old. This is my first Bug Bounty from Facebook Social…
How to Write Frida Hook For Android
https://github.com/cyberheartmi9/Frida-Guide/blob/main/Frida%20Guide/Frida%20Guide.md
https://github.com/cyberheartmi9/Frida-Guide/blob/main/Frida%20Guide/Frida%20Guide.md
GitHub
Frida-Guide/Frida Guide/Frida Guide.md at main · cyberheartmi9/Frida-Guide
This repository explain how to write frida hook noscripts and analysis written hooks. - cyberheartmi9/Frida-Guide
How to compile QEMU support to AFL++ on Android #fuzzing
https://alephsecurity.com/2021/11/16/fuzzing-qemu-android/
https://alephsecurity.com/2021/11/16/fuzzing-qemu-android/
Alephsecurity
AFL++ on Android with QEMU support
BrazKing Android Malware Upgraded and Targeting Brazilian Banks
https://securityintelligence.com/posts/brazking-android-malware-upgraded-targeting-brazilian-banks/
https://securityintelligence.com/posts/brazking-android-malware-upgraded-targeting-brazilian-banks/
Security Intelligence
BrazKing Android Malware Upgraded and Targeting Brazilian Banks
IBM Trusteer researchers found the BrazKing Android malware has new tactics. See how it infects and hides in phones that use Brazilian banking apps.
What can a cyber criminal learn about you using your mobile number?
https://www.proofpoint.com/us/blog/email-and-cloud-threats/what-can-cyber-criminal-learn-about-you-using-your-mobile-number
https://www.proofpoint.com/us/blog/email-and-cloud-threats/what-can-cyber-criminal-learn-about-you-using-your-mobile-number
Proofpoint
What can a cyber criminal learn about you using your mobile number? | Proofpoint US
Your digits are the key to unlocking a huge amount of freely available personal information.