iOS Penetration Testing Cheat Sheet
https://github.com/ivan-sincek/ios-penetration-testing-cheat-sheet
https://github.com/ivan-sincek/ios-penetration-testing-cheat-sheet
GitHub
GitHub - ivan-sincek/ios-penetration-testing-cheat-sheet: Work in progress...
Work in progress... Contribute to ivan-sincek/ios-penetration-testing-cheat-sheet development by creating an account on GitHub.
👍13❤4
Android Penetration Testing Cheat Sheet
https://github.com/ivan-sincek/android-penetration-testing-cheat-sheet
https://github.com/ivan-sincek/android-penetration-testing-cheat-sheet
GitHub
GitHub - ivan-sincek/android-penetration-testing-cheat-sheet: Work in progress...
Work in progress... Contribute to ivan-sincek/android-penetration-testing-cheat-sheet development by creating an account on GitHub.
👍14🥰2
How does an Android app phishes Facebook credentials of an user?
https://medium.com/@themalwarebug/how-does-an-android-app-phish-facebook-credentials-of-an-user-2533f9ef2738
https://medium.com/@themalwarebug/how-does-an-android-app-phish-facebook-credentials-of-an-user-2533f9ef2738
Medium
How does an android app phish Facebook credentials of an user?
Hey guys,I am back with another malware this time which was named Facestealer malware which targets Facebook users exfiltrating their…
👍12❤1👎1🤔1
Extensive look at the hardware, software and security implemented by the new Xiaomi scooter
https://robocoffee.de/?p=436
https://robocoffee.de/?p=436
👍8
PoC for CVE-2023-28206 where an iOS app may be able to execute arbitrary code with kernel privileges
https://support.apple.com/en-il/HT213720
https://support.apple.com/en-il/HT213720
Apple Support
About the security content of iOS 16.4.1 and iPadOS 16.4.1
This document describes the security content of iOS 16.4.1 and iPadOS 16.4.1.
👍10
Overview of Google Play threats sold on the dark web
https://securelist.com/google-play-threats-on-the-dark-web/109452/
https://securelist.com/google-play-threats-on-the-dark-web/109452/
Securelist
Google Play threat market: overview of the dark web offers
Kaspersky research into dark web offers related to Android malware and its distribution via Google Play: hacked app developer accounts, malicious loaders, etc.
👍14🤔3❤2
Goldoson: Privacy-invasive and Clicker Android Adware found in popular apps in South Korea
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/goldoson-privacy-invasive-and-clicker-android-adware-found-in-popular-apps-in-south-korea/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/goldoson-privacy-invasive-and-clicker-android-adware-found-in-popular-apps-in-south-korea/
McAfee Blog
Goldoson: Privacy-invasive and Clicker Android Adware found in popular apps in South Korea | McAfee Blog
Authored by SangRyol Ryu McAfee’s Mobile Research Team discovered a software library we’ve named Goldoson, which collects lists of applications installed,
👍8👎1
Chameleon: A New Android Malware Spotted In The Wild
https://blog.cyble.com/2023/04/13/chameleon-a-new-android-malware-spotted-in-the-wild/
https://blog.cyble.com/2023/04/13/chameleon-a-new-android-malware-spotted-in-the-wild/
👍12🤔1
Kyocera Android printing app is vulnerable to improper intent handling and can be abused to drop malware (CVE-2023-25954)
https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2023-04-11.html
https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2023-04-11.html
Kyoceradocumentsolutions
KYOCERA Mobile Print for Android Security Vulnerability | KYOCERA Document Solutions
Security information of Kyocera Document Solutions Inc.
👍9
Android Malware Analysis of Chameleon banking trojan
Part 1: https://n0psn0ps.github.io/2023/03/02/android-malware-analysis-series-ato.apk-part-3.1/
Part 2: https://n0psn0ps.github.io/2023/04/13/android-malware-analysis-series-ato.apk-part-3.2/
Part 1: https://n0psn0ps.github.io/2023/03/02/android-malware-analysis-series-ato.apk-part-3.1/
Part 2: https://n0psn0ps.github.io/2023/04/13/android-malware-analysis-series-ato.apk-part-3.2/
n0ps
Android Malware Analysis Series - ATO.apk - Part 3.1
Permanent dark(er) theme for Poole
👍16
Uncovering Security Vulnerabilities in Smart Ray-Ban Sunglasses
https://code-byter.com/2023/04/16/rayban-hacking.html
https://code-byter.com/2023/04/16/rayban-hacking.html
👍9
Getting root on an Android 12 emulated device with Google Services
https://markuta.com/rooted-android-12-emulator/
https://markuta.com/rooted-android-12-emulator/
Markuta
Getting root on an Android 12 emulated device with Google Services
A short blog on how to get root on an emulated device running Android 12 with rootAVD.
👍8❤3💯2🔥1
Mobile Exploitation, the past, present, and future [slides]
https://github.com/externalist/presentations/blob/master/2023%20Zer0con/Mobile%20Exploitation%2C%20the%20past%2C%20present%2C%20and%20future.pdf
https://github.com/externalist/presentations/blob/master/2023%20Zer0con/Mobile%20Exploitation%2C%20the%20past%2C%20present%2C%20and%20future.pdf
GitHub
presentations/2023 Zer0con/Mobile Exploitation, the past, present, and future.pdf at master · externalist/presentations
Some presentations I did in the past. Contribute to externalist/presentations development by creating an account on GitHub.
👍8
A Nexi phishing campaign spread malicious app via official Google Play Store
https://www.d3lab.net/a-nexi-phishing-campaign-spread-malicious-app-via-official-google-play-store/
https://www.d3lab.net/a-nexi-phishing-campaign-spread-malicious-app-via-official-google-play-store/
D3Lab
A Nexi phishing campaign spread malicious App via official Google Play Store
A malicious application present in the official Google Play Store was spread through a Italian Nexi Phishing campaign. The intent was to capture 2FA tokens.
👍10🔥2🤔2❤1
Attacking McAfee VPN Android App
https://blog.scrt.ch/2023/03/29/attacking-android-antivirus-applications/
https://blog.scrt.ch/2023/03/29/attacking-android-antivirus-applications/
👍7
How to unpack protected Android APK with Frida
Tutorial: https://youtu.be/PLX8_z0EmGw
Scripts: https://github.com/fatalSec/unpacking-APK
Tutorial: https://youtu.be/PLX8_z0EmGw
Scripts: https://github.com/fatalSec/unpacking-APK
YouTube
How to Unpack Protected Android APK with Frida
#androidpentest #dexdump #frida #apkunpacking #memdump
In this video we unpacked an APK file named AntiSplit-G2. All the classes in this application are protected using some kind of protector and the classes gets extracted into the memory as a de file by…
In this video we unpacked an APK file named AntiSplit-G2. All the classes in this application are protected using some kind of protector and the classes gets extracted into the memory as a de file by…
👍12❤4
DoNot APT Targets Individuals in South Asia using Android Malware
https://www.cyfirma.com/outofband/donot-apt-targets-individuals-in-south-asia-using-android-malware/
https://www.cyfirma.com/outofband/donot-apt-targets-individuals-in-south-asia-using-android-malware/
CYFIRMA
DoNot APT Targets Individuals in South Asia using Android Malware - CYFIRMA
EXECUTIVE SUMMARY Recently CYFIRMA observed a cyber-attack on an individual residing in Kashmir, India. CYFIRMA research team collected two pieces...
👍16
DAAM Android Botnet being distributed through Trojanized Applications
https://blog.cyble.com/2023/04/20/daam-android-botnet-being-distributed-through-trojanized-applications/
https://blog.cyble.com/2023/04/20/daam-android-botnet-being-distributed-through-trojanized-applications/
Cyble
DAAM Botnet Spread Via Trojanized Android Apps
Discover how Cyble Research & Intelligence Labs analyzes Trojanized Android apps distributing the DAAM botnet, including a malicious Psiphon variant.
👍9❤2
The Fuzzing Guide to the Galaxy: An Attempt with Android System Services
https://blog.thalium.re/posts/fuzzing-samsung-system-services/
https://blog.thalium.re/posts/fuzzing-samsung-system-services/
THALIUM
The Fuzzing Guide to the Galaxy: An Attempt with Android System Services
Although the Android base is open source, many different constructors customize it with their own UIs and APIs. All these additions represent an extra attack surface that can change from one phone model to another. We tried to automatically fuzz the closed…
👍9
Fakecalls Android Malware Abuses Legitimate Signing Key
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fakecalls-android-malware-abusing-legitimate-signing-key/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fakecalls-android-malware-abusing-legitimate-signing-key/
McAfee Blog
Fakecalls Android Malware Abuses Legitimate Signing Key | McAfee Blog
Authored by Dexter Shin McAfee Mobile Research Team found an Android banking trojan signed with a key used by legitimate apps in South Korea last year.
👍19❤2