Forwarded from The Bug Bounty Hunter
Using an Android emulator for API hacking
https://zerodayhacker.com/using-an-android-emulator-for-api-hacking
https://zerodayhacker.com/using-an-android-emulator-for-api-hacking
Zero Day Hacker - Teaching myself ethical hacking. Here's what I've learned, from day zero onward.
Using an Android emulator for API hacking - Zero Day Hacker
This article explains how to install Android Studio and set up the Android emulator to proxy its traffic through Burp Suite. This lets you monitor traffic from Android apps.
👍12❤4👏1😁1
Instagram vulnerability : Turn off all type of message requests using deeplink (Android)
https://servicenger.com/mobile/instagram-vulnerability-turn-off-message-requests-deeplink/
https://servicenger.com/mobile/instagram-vulnerability-turn-off-message-requests-deeplink/
👍11
City-Wide IMSI-Catcher Detection
https://seaglass.cs.washington.edu/
https://seaglass.cs.washington.edu/
SeaGlass
City-Wide IMSI-Catcher Detection - SeaGlass
SeaGlass is a system designed by security researchers at the University of Washington to measure IMSI-catcher use across a city. Cellular sensors are built from off-the-shelf parts and installed into volunteers’ vehicles Sensor data is continuously uploaded…
👍4😁1💩1
RedZei - Chinese-speaking scammers targeting Chinese students in the UK
https://blog.bushidotoken.net/2022/12/redzei-chinese-speaking-scammers.html
https://blog.bushidotoken.net/2022/12/redzei-chinese-speaking-scammers.html
blog.bushidotoken.net
Tracking Adversaries: RedZei, Chinese-speaking scammers targeting Chinese students in the UK
CTI, threat intelligence, OSINT, malware, APT, threat hunting, threat analysis, CTF, cybersecurity, security
👍12
SpyNote: Spyware with RAT capabilities targeting Financial Institutions
https://www.threatfabric.com/blogs/spynote-rat-targeting-financial-institutions.html
https://www.threatfabric.com/blogs/spynote-rat-targeting-financial-institutions.html
Threatfabric
SpyNote: Spyware with RAT capabilities targeting Financial Institutions
SpyNote, also known as SpyMax and CypherRat, is a unique and effective Spyware which developed unique interest in banking users
👍13
StrongPity espionage campaign targeting Android users
https://www.welivesecurity.com/2023/01/10/strongpity-espionage-campaign-targeting-android-users/
https://www.welivesecurity.com/2023/01/10/strongpity-espionage-campaign-targeting-android-users/
WeLiveSecurity
StrongPity espionage campaign targeting Android users
ESET researchers uncover an active StrongPity campaign that spreads a trojanized version of the Android Telegram app posing as the Shagle video chat app.
👍6
Bypassing Frida detection in Android
https://www.youtube.com/watch?v=M0ETKs6DZn8
https://www.youtube.com/watch?v=M0ETKs6DZn8
YouTube
Bypassing Frida detection in Android
#frida #rootdetection #fridadetection #android #pentest #r2pay
Hello everyone, in this video we are going to learn some new techniques which are used in android app for detecting frida based on some frida artifacts in the memory and filesystem.
For learning…
Hello everyone, in this video we are going to learn some new techniques which are used in android app for detecting frida based on some frida artifacts in the memory and filesystem.
For learning…
🔥8👍6❤1
Bypass of two-factor authentication in TikTok Android app
https://hackerone.com/reports/1747978
https://hackerone.com/reports/1747978
HackerOne
TikTok disclosed on HackerOne: bypass two-factor authentication in...
A vulnerability was found where a random timeout issue on a Two-Step Verification endpoint could have resulted in a potential bypass of authentication if multiple incorrect attempts were entered in...
👍8🤔2
Exploit for CVE-2022-20452, privilege escalation on Android from installed app to system app
https://github.com/michalbednarski/LeakValue
https://github.com/michalbednarski/LeakValue
GitHub
GitHub - michalbednarski/LeakValue: Exploit for CVE-2022-20452, privilege escalation on Android from installed app to system app…
Exploit for CVE-2022-20452, privilege escalation on Android from installed app to system app (or another app) via LazyValue using Parcel after recycle() - michalbednarski/LeakValue
👍11🤔2🤯2
Dissecting an Android stalkerware
https://andpalmier.com/posts/stalkerware-analysis/
https://andpalmier.com/posts/stalkerware-analysis/
Andpalmier
Dissecting an Android stalkerware
Analysis of an Italian stalkerware for Android
👍4🔥2🤩2
Explanation of various web injection techniques used by Android banking malware such as JavaScript injection, Overlay Attack and Cookie Stealing Attack
https://securityintelligence.com/posts/view-into-webview-attacks-android/
https://securityintelligence.com/posts/view-into-webview-attacks-android/
Security Intelligence
A View Into Web(View) Attacks in Android
Unpack two effective attack techniques as it relates to financial malware in Android: the Web(View) injection attack and mobile cookie stealing.
👍13
Apple DER Ennoscriptments: The (Brief) Return of the Psychic Paper (CVE-2022-42855)
https://googleprojectzero.blogspot.com/2023/01/der-ennoscriptments-brief-return-of.html
https://googleprojectzero.blogspot.com/2023/01/der-ennoscriptments-brief-return-of.html
Blogspot
DER Ennoscriptments: The (Brief) Return of the Psychic Paper
Posted by Ivan Fratric, Project Zero Note: The vulnerability discussed here, CVE-2022-42855, was fixed in iOS 15.7.2 and macOS Monte...
👍8
Android TV box from Amazon has pre-installed malware (T95 Android TV box Malware Analysis)
https://github.com/DesktopECHO/T95-H616-Malware
https://github.com/DesktopECHO/T95-H616-Malware
GitHub
GitHub - DesktopECHO/T95-H616-Malware: "Pre-Owned" malware in ROM for AllWinner H616/H618 & RockChip RK3328 Android TV Boxes
"Pre-Owned" malware in ROM for AllWinner H616/H618 & RockChip RK3328 Android TV Boxes - DesktopECHO/T95-H616-Malware
👍12
How to instrument system applications on Android stock images
https://blog.talosintelligence.com/how-to-instrument-system-applications-on-android-stock-images/
https://blog.talosintelligence.com/how-to-instrument-system-applications-on-android-stock-images/
Cisco Talos Blog
How to instrument system applications on Android stock images
By Vitor Ventura
This post is the result of research presented at Recon Montreal 2022. Two slide decks are provided along with this research . One is the presentation showing the whole process and how to do it on Google Play Protect services. The other…
This post is the result of research presented at Recon Montreal 2022. Two slide decks are provided along with this research . One is the presentation showing the whole process and how to do it on Google Play Protect services. The other…
👍10
Analysis of a Secure Messenger Threema revealed six possible attack scenarios
https://breakingthe3ma.app/
Threema statement: https://threema.ch/en/blog/posts/news-alleged-weaknesses-statement
https://breakingthe3ma.app/
Threema statement: https://threema.ch/en/blog/posts/news-alleged-weaknesses-statement
Threema
Statement on ETH Findings
This is a statement on the NZZ news article from January 9, 2023 about alleged weaknesses in Threema's encryption. But these are completely impractical and theoretical.
👍16
Uncovering Iran’s Mobile Legal Intercept System
https://citizenlab.ca/2023/01/uncovering-irans-mobile-legal-intercept-system/
https://citizenlab.ca/2023/01/uncovering-irans-mobile-legal-intercept-system/
The Citizen Lab
You Move, They Follow
Citizen Lab examined a set of documents leaked to news outlet The Intercept that describe plans to develop and launch an Iranian mobile network, including subscriber management operations and services, and integration with a legal intercept solution. If implemented…
👍10❤3
Damn Vulnerable iOS App v2.
Learn about 15+ different security issues by hacking the app to learn
https://github.com/prateek147/DVIA-v2
Learn about 15+ different security issues by hacking the app to learn
https://github.com/prateek147/DVIA-v2
GitHub
GitHub - prateek147/DVIA-v2: Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to…
Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penet...
👍13
Android Botnet Hook: a new Ermac fork with RAT capabilities
https://www.threatfabric.com/blogs/hook-a-new-ermac-fork-with-rat-capabilities.html
https://www.threatfabric.com/blogs/hook-a-new-ermac-fork-with-rat-capabilities.html
ThreatFabric
Hook: a new Ermac fork with RAT capabilities
Hook, the latest project of the criminals behind the Ermac banking malware, adds Remote Access Tool features, allowing this variant to perform On Device Fraud.
👍9🤔5❤1
Roaming Mantis implements new DNS changer in its malicious mobile app in 2022
Android malicious app gets IP of router gateway, identifies the router manufacturer, tries default credentials and changes DNS settings. Malware uses this technique to every free/public Wi-Fi networks such as cafes, bars, hotels, airports etc. so anyone connecting in these places might become a victim.
https://securelist.com/roaming-mantis-dns-changer-in-malicious-mobile-app/108464/
Android malicious app gets IP of router gateway, identifies the router manufacturer, tries default credentials and changes DNS settings. Malware uses this technique to every free/public Wi-Fi networks such as cafes, bars, hotels, airports etc. so anyone connecting in these places might become a victim.
https://securelist.com/roaming-mantis-dns-changer-in-malicious-mobile-app/108464/
Securelist
Roaming Mantis implements new DNS changer in its malicious mobile app in 2022
Roaming Mantis (a.k.a Shaoye) is a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal data. In 2022, we observed a DNS changer function implemented in its Android malware Wroba.o.
👍13
Android Exploit to get a System based shell (UID 1000) on ANY Samsung Mobile Device based on CVE-2019-16253
1) Downgrade to vulnerable SamsungTTS app
2) Install exploit APK
3) Exploit vulnerability to achieve System rights
https://forum.xda-developers.com/t/system-shell-exploit-all-samsung-mobile-devices-no-bl-unlock-required.4543071/
1) Downgrade to vulnerable SamsungTTS app
2) Install exploit APK
3) Exploit vulnerability to achieve System rights
https://forum.xda-developers.com/t/system-shell-exploit-all-samsung-mobile-devices-no-bl-unlock-required.4543071/
XDA Forums
***LOCKED UNTIL FURTHER NOTICE*** System Shell Exploit - ALL...
***MODERATOR ANNOUNCEMENT: THREAD CLOSED***
@K0mraid3 you are hereby required to provide proper credit in your OP as follows:
Link the assigned CVE for this exploit as it mentions the author's...
@K0mraid3 you are hereby required to provide proper credit in your OP as follows:
Link the assigned CVE for this exploit as it mentions the author's...
👍19
VASTFLUX - sophisticated ad fraud operation takendown.
More than 1,700 apps and 120 publishers were spoofed, and the scheme ran inside apps on nearly 11 million devices.
https://www.humansecurity.com/learn/blog/traffic-signals-the-vastflux-takedown
More than 1,700 apps and 120 publishers were spoofed, and the scheme ran inside apps on nearly 11 million devices.
https://www.humansecurity.com/learn/blog/traffic-signals-the-vastflux-takedown
HUMAN Security
Traffic signals: The VASTFLUX Takedown - HUMAN Security
HUMAN's Satori Threat Intelligence and Research Team uncovered and led a private takedown of a massive ad fraud operation called VASTFLUX.
👍8