Do you have hacking experience in mobiles and would like to earn much more bounty rewards than now?
Fill out the form below and we will provide free unlimited access to Oversecured Android/iOS vulnerability scanners
https://docs.google.com/document/u/0/d/1dwDtx9S3CSXtjThv-f9t9VbD1cw6c-KOVr506LxU3dg/mobilebasic
Apply here: https://docs.google.com/forms/d/e/1FAIpQLSde-rGWyGF7ug3MIhf3OGE3uJg78tQgcIlsf0MOBApnBVqqVw/viewform
Fill out the form below and we will provide free unlimited access to Oversecured Android/iOS vulnerability scanners
https://docs.google.com/document/u/0/d/1dwDtx9S3CSXtjThv-f9t9VbD1cw6c-KOVr506LxU3dg/mobilebasic
Apply here: https://docs.google.com/forms/d/e/1FAIpQLSde-rGWyGF7ug3MIhf3OGE3uJg78tQgcIlsf0MOBApnBVqqVw/viewform
👀15👍12🔥2👏2
MoneyMonger: Predatory Loan Scam Campaigns Move to Flutter
https://www.zimperium.com/blog/moneymonger-predatory-loan-scam-campaigns-move-to-flutter/
https://www.zimperium.com/blog/moneymonger-predatory-loan-scam-campaigns-move-to-flutter/
Zimperium
MoneyMonger: Predatory Loan Scam Campaigns Move to Flutter - Zimperium
The Zimperium zLabs team recently discovered a Flutter application with malicious code. The Flutter-obfuscated malware campaign, MoneyMonger, is solely distributed through third-party app stores and sideloaded onto the victim’s Android device. Read more to…
👍18
How to install firmware for external Wi-Fi adapters in NetHunter using Magisk
https://www.youtube.com/shorts/BjAKy97B1d4
https://www.youtube.com/shorts/BjAKy97B1d4
👍30🔥2
GodFather Android Malware Returns Targeting Banking Users
https://blog.cyble.com/2022/12/20/godfather-malware-returns-targeting-banking-users/
https://blog.cyble.com/2022/12/20/godfather-malware-returns-targeting-banking-users/
Cyble
Godfather Malware Returns: Targeting Banking Users And Online Security
The Godfather malware is back, specifically targeting banking users. Learn how this threat works and what steps you can take to protect your online banking security.
👍19
Two ways how to enable HID interface on Android to execute Rubber Ducky noscripts and avoid "Kernel not supported" error in Rucky app
https://www.instagram.com/p/CmeMnWdvcRX/
https://www.instagram.com/p/CmeMnWdvcRX/
👍11
Forwarded from The Bug Bounty Hunter
Turning Google smart speakers into wiretaps for $100k
https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
Matt's internet home
Turning Google smart speakers into wiretaps for $100k
I was recently rewarded a total of $107,500 by Google for responsibly disclosing security issues in the Google Home smart speaker that allowed an attacker within wireless proximity to install a "backdoor" account on the device, enabling them to send commands…
🔥13👍5❤4😁1
How to run desktop Wireshark on Android running NetHunter
https://youtu.be/WfMAeomnU_Y
https://youtu.be/WfMAeomnU_Y
YouTube
How to setup and run desktop Wireshark on Android running NetHunter
Quick tutorial how to run Wireshark on rooted Android with help of Kali NetHunter.
👍27👏2
Forwarded from The Bug Bounty Hunter
Using an Android emulator for API hacking
https://zerodayhacker.com/using-an-android-emulator-for-api-hacking
https://zerodayhacker.com/using-an-android-emulator-for-api-hacking
Zero Day Hacker - Teaching myself ethical hacking. Here's what I've learned, from day zero onward.
Using an Android emulator for API hacking - Zero Day Hacker
This article explains how to install Android Studio and set up the Android emulator to proxy its traffic through Burp Suite. This lets you monitor traffic from Android apps.
👍12❤4👏1😁1
Instagram vulnerability : Turn off all type of message requests using deeplink (Android)
https://servicenger.com/mobile/instagram-vulnerability-turn-off-message-requests-deeplink/
https://servicenger.com/mobile/instagram-vulnerability-turn-off-message-requests-deeplink/
👍11
City-Wide IMSI-Catcher Detection
https://seaglass.cs.washington.edu/
https://seaglass.cs.washington.edu/
SeaGlass
City-Wide IMSI-Catcher Detection - SeaGlass
SeaGlass is a system designed by security researchers at the University of Washington to measure IMSI-catcher use across a city. Cellular sensors are built from off-the-shelf parts and installed into volunteers’ vehicles Sensor data is continuously uploaded…
👍4😁1💩1
RedZei - Chinese-speaking scammers targeting Chinese students in the UK
https://blog.bushidotoken.net/2022/12/redzei-chinese-speaking-scammers.html
https://blog.bushidotoken.net/2022/12/redzei-chinese-speaking-scammers.html
blog.bushidotoken.net
Tracking Adversaries: RedZei, Chinese-speaking scammers targeting Chinese students in the UK
CTI, threat intelligence, OSINT, malware, APT, threat hunting, threat analysis, CTF, cybersecurity, security
👍12
SpyNote: Spyware with RAT capabilities targeting Financial Institutions
https://www.threatfabric.com/blogs/spynote-rat-targeting-financial-institutions.html
https://www.threatfabric.com/blogs/spynote-rat-targeting-financial-institutions.html
Threatfabric
SpyNote: Spyware with RAT capabilities targeting Financial Institutions
SpyNote, also known as SpyMax and CypherRat, is a unique and effective Spyware which developed unique interest in banking users
👍13
StrongPity espionage campaign targeting Android users
https://www.welivesecurity.com/2023/01/10/strongpity-espionage-campaign-targeting-android-users/
https://www.welivesecurity.com/2023/01/10/strongpity-espionage-campaign-targeting-android-users/
WeLiveSecurity
StrongPity espionage campaign targeting Android users
ESET researchers uncover an active StrongPity campaign that spreads a trojanized version of the Android Telegram app posing as the Shagle video chat app.
👍6
Bypassing Frida detection in Android
https://www.youtube.com/watch?v=M0ETKs6DZn8
https://www.youtube.com/watch?v=M0ETKs6DZn8
YouTube
Bypassing Frida detection in Android
#frida #rootdetection #fridadetection #android #pentest #r2pay
Hello everyone, in this video we are going to learn some new techniques which are used in android app for detecting frida based on some frida artifacts in the memory and filesystem.
For learning…
Hello everyone, in this video we are going to learn some new techniques which are used in android app for detecting frida based on some frida artifacts in the memory and filesystem.
For learning…
🔥8👍6❤1
Bypass of two-factor authentication in TikTok Android app
https://hackerone.com/reports/1747978
https://hackerone.com/reports/1747978
HackerOne
TikTok disclosed on HackerOne: bypass two-factor authentication in...
A vulnerability was found where a random timeout issue on a Two-Step Verification endpoint could have resulted in a potential bypass of authentication if multiple incorrect attempts were entered in...
👍8🤔2
Exploit for CVE-2022-20452, privilege escalation on Android from installed app to system app
https://github.com/michalbednarski/LeakValue
https://github.com/michalbednarski/LeakValue
GitHub
GitHub - michalbednarski/LeakValue: Exploit for CVE-2022-20452, privilege escalation on Android from installed app to system app…
Exploit for CVE-2022-20452, privilege escalation on Android from installed app to system app (or another app) via LazyValue using Parcel after recycle() - michalbednarski/LeakValue
👍11🤔2🤯2
Dissecting an Android stalkerware
https://andpalmier.com/posts/stalkerware-analysis/
https://andpalmier.com/posts/stalkerware-analysis/
Andpalmier
Dissecting an Android stalkerware
Analysis of an Italian stalkerware for Android
👍4🔥2🤩2
Explanation of various web injection techniques used by Android banking malware such as JavaScript injection, Overlay Attack and Cookie Stealing Attack
https://securityintelligence.com/posts/view-into-webview-attacks-android/
https://securityintelligence.com/posts/view-into-webview-attacks-android/
Security Intelligence
A View Into Web(View) Attacks in Android
Unpack two effective attack techniques as it relates to financial malware in Android: the Web(View) injection attack and mobile cookie stealing.
👍13
Apple DER Ennoscriptments: The (Brief) Return of the Psychic Paper (CVE-2022-42855)
https://googleprojectzero.blogspot.com/2023/01/der-ennoscriptments-brief-return-of.html
https://googleprojectzero.blogspot.com/2023/01/der-ennoscriptments-brief-return-of.html
Blogspot
DER Ennoscriptments: The (Brief) Return of the Psychic Paper
Posted by Ivan Fratric, Project Zero Note: The vulnerability discussed here, CVE-2022-42855, was fixed in iOS 15.7.2 and macOS Monte...
👍8
Android TV box from Amazon has pre-installed malware (T95 Android TV box Malware Analysis)
https://github.com/DesktopECHO/T95-H616-Malware
https://github.com/DesktopECHO/T95-H616-Malware
GitHub
GitHub - DesktopECHO/T95-H616-Malware: "Pre-Owned" malware in ROM for AllWinner H616/H618 & RockChip RK3328 Android TV Boxes
"Pre-Owned" malware in ROM for AllWinner H616/H618 & RockChip RK3328 Android TV Boxes - DesktopECHO/T95-H616-Malware
👍12
How to instrument system applications on Android stock images
https://blog.talosintelligence.com/how-to-instrument-system-applications-on-android-stock-images/
https://blog.talosintelligence.com/how-to-instrument-system-applications-on-android-stock-images/
Cisco Talos Blog
How to instrument system applications on Android stock images
By Vitor Ventura
This post is the result of research presented at Recon Montreal 2022. Two slide decks are provided along with this research . One is the presentation showing the whole process and how to do it on Google Play Protect services. The other…
This post is the result of research presented at Recon Montreal 2022. Two slide decks are provided along with this research . One is the presentation showing the whole process and how to do it on Google Play Protect services. The other…
👍10