Analysis of account takeover discovered in Android app with 100M+ installs from Google Play ($1000 bounty)
https://medium.com/@amolbhavar/how-i-get-1000-bounty-for-discovering-account-takeover-in-android-application-3c4f54fbde39
https://medium.com/@amolbhavar/how-i-get-1000-bounty-for-discovering-account-takeover-in-android-application-3c4f54fbde39
Medium
How I get 1000$ bounty for Discovering Account Takeover in Android Application
In this blog post, I will share my experience of discovering a critical account takeover vulnerability in an Android application which has…
👍17❤3
Analysis of Android EverSpy 2 Malware which source code price is $4,000
https://www.theobservator.net/everspy-2-malware-reverse-engineering/
https://www.theobservator.net/everspy-2-malware-reverse-engineering/
❤12👍4🤔3🤣3
Using MLIR for Dalvik Bytecode Analysis
Using intermediate representations allows analysts to write optimizations and code analysis passes easier than parsing binary or bytecode directly. Kunai is a library intended for static analysis of dalvik bytecode, in a newer version of the library, the idea is to use the capabilities and possibilities offered by MLIR, writing a new dialect centered on Dalvik instructions.
Presentation: https://youtu.be/hfqOivYdD40
Slides: https://llvm.org/devmtg/2023-05/slides/Lightning-Talks/01-Eduardo-EuroLLVM2023.pdf
Using intermediate representations allows analysts to write optimizations and code analysis passes easier than parsing binary or bytecode directly. Kunai is a library intended for static analysis of dalvik bytecode, in a newer version of the library, the idea is to use the capabilities and possibilities offered by MLIR, writing a new dialect centered on Dalvik instructions.
Presentation: https://youtu.be/hfqOivYdD40
Slides: https://llvm.org/devmtg/2023-05/slides/Lightning-Talks/01-Eduardo-EuroLLVM2023.pdf
YouTube
2023 EuroLLVM - Using MLIR for Dalvik Bytecode Analysis
2023 European LLVM Developers' Meeting
https://llvm.org/devmtg/2023-05/
------
Using MLIR for Dalvik Bytecode Analysis
Speaker: Eduardo Blázquez
------
Slides: https://llvm.org/devmtg/2023-05/slides/Lightning-Talks/01-Eduardo-EuroLLVM2023.pdf
-----
Using…
https://llvm.org/devmtg/2023-05/
------
Using MLIR for Dalvik Bytecode Analysis
Speaker: Eduardo Blázquez
------
Slides: https://llvm.org/devmtg/2023-05/slides/Lightning-Talks/01-Eduardo-EuroLLVM2023.pdf
-----
Using…
👍14❤3
Exploit Google Pixel 7
In detail analysis of exploiting CVE-2023-21400 on Google Pixel 7 with Dirty Pagetable exploit that uses file UAF and pid UAF vulnerabilities
https://yanglingxi1993.github.io/dirty_pagetable/dirty_pagetable.html
In detail analysis of exploiting CVE-2023-21400 on Google Pixel 7 with Dirty Pagetable exploit that uses file UAF and pid UAF vulnerabilities
https://yanglingxi1993.github.io/dirty_pagetable/dirty_pagetable.html
👍8❤1
Android malware installed directly from a website can bypass "installation from untrusted sources" warning using WebAPK technology
WebAPK enables creation Android native apps from web applications
https://www.linkedin.com/pulse/using-webapk-technology-phishing-attacks-csirt-knf
WebAPK enables creation Android native apps from web applications
https://www.linkedin.com/pulse/using-webapk-technology-phishing-attacks-csirt-knf
Linkedin
Using WebAPK Technology for Phishing Attacks
Report: Using WebAPK Technology for Phishing Attacks Introduction The CSIRT KNF team carried out a detailed analysis of a website reported by RIFFSEC (https://twitter.com/getriffsec/status/1676663509617131520).
👍23
The Turkish Government Masqueraded Site Distributing Android RAT
https://blog.cyble.com/2023/07/10/the-turkish-government-masqueraded-site-distributing-android-rat/
https://blog.cyble.com/2023/07/10/the-turkish-government-masqueraded-site-distributing-android-rat/
Cyble
Turkish Gov Site Masquerade Distributes Android RAT
CRIL analyzes the phishing campaign masquerading Turkish Government to distribute Android RAT with VNC and Keylogging feature
👍16❤1🥰1
How to install Kali NetHunter on rootless Android via Termux and how to set it up as a portable Kali Linux workstation
Blog: https://www.mobile-hacker.com/2023/07/11/nethunter-hacker-i-installation-of-rootless-kali-nethunter/
Video tutorial: https://youtu.be/fqaSEbaYkJQ
Blog: https://www.mobile-hacker.com/2023/07/11/nethunter-hacker-i-installation-of-rootless-kali-nethunter/
Video tutorial: https://youtu.be/fqaSEbaYkJQ
Mobile Hacker
NetHunter Hacker I: Installation of rootless Kali NetHunter Mobile Hacker
If you seek for Kali desktop experience on your smartphone without risks of voiding warranty by rooting it and a chance of sticking in bootloop or even bricking it, this tutorial is for you. If you rather prefer video tutorials, feel free to check installation…
👍17❤5
Letscall – new sophisticated Vishing toolset consists of three malicious stages
https://www.threatfabric.com/blogs/letscall-new-sophisticated-vishing-toolset
https://www.threatfabric.com/blogs/letscall-new-sophisticated-vishing-toolset
ThreatFabric
Letscall – new sophisticated Vishing toolset
ThreatFabric discovered new Vishing campaign targeting individuals from South Korea
👍14❤1🤔1
Finding the Entrypoint of iOS Apps in Ghidra
In video tutorial we extract the components of an iOS application and learn how to find the entrypoint using Ghidra to start reverse engineering
https://youtu.be/mLDsIMXafP4
In video tutorial we extract the components of an iOS application and learn how to find the entrypoint using Ghidra to start reverse engineering
https://youtu.be/mLDsIMXafP4
YouTube
Finding the Entrypoint of iOS Apps in Ghidra
In this video we extract the components of an iOS application and learn how to find the entrypoint in Ghidra to start reverse engineering.
---
Timestamps:
00:00 Intro
00:33 Grabbing Sample
01:41 Don't Dump the whole thing!
02:29 Info.plist
03:40 Mach-O…
---
Timestamps:
00:00 Intro
00:33 Grabbing Sample
01:41 Don't Dump the whole thing!
02:29 Info.plist
03:40 Mach-O…
👍20
Bypassing advance root detections using Frida
Techniques learned from video:
-presence of SU binary
-SELinux policies
-mountinfo
-attr/prev
-looking for SU bin paths using Supervisor calls
Video: https://youtu.be/7KqPwxlA-00
Scripts and POCs: https://github.com/fatalSec/in-app-protections
Techniques learned from video:
-presence of SU binary
-SELinux policies
-mountinfo
-attr/prev
-looking for SU bin paths using Supervisor calls
Video: https://youtu.be/7KqPwxlA-00
Scripts and POCs: https://github.com/fatalSec/in-app-protections
YouTube
Bypassing advance root detections using Frida
#mobilesecurity #rootdetection #android #mobilepentesting #reverseengineering #radare2 #arm64
Hello everyone, hope you all are doing good.
In this video, we are going to learn various different techniques used by app developers to protect their app from…
Hello everyone, hope you all are doing good.
In this video, we are going to learn various different techniques used by app developers to protect their app from…
🔥17👍12❤3
iOS Forensic Toolkit tips & tricks
https://blog.elcomsoft.com/2023/07/ios-forensic-toolkit-tips-tricks/
https://blog.elcomsoft.com/2023/07/ios-forensic-toolkit-tips-tricks/
ElcomSoft blog
iOS Forensic Toolkit Tips & Tricks
For forensic experts dealing with mobile devices, having a reliable and efficient forensic solution is crucial. Elcomsoft iOS Forensic Toolkit is an all-in-one software that aids in extracting data from iOS devices, yet it is still far away from being a one…
👍14❤2
How to root OnePlus 7 Pro and install Kali NetHunter with custom kernel
[blog] https://www.mobile-hacker.com/2023/07/18/how-to-install-kali-nethunter-on-rooted-oneplus-7-pro/
[video] https://youtu.be/nkiy5iwa6Vs
[blog] https://www.mobile-hacker.com/2023/07/18/how-to-install-kali-nethunter-on-rooted-oneplus-7-pro/
[video] https://youtu.be/nkiy5iwa6Vs
Mobile Hacker
NetHunter Hacker II: How to install Kali NetHunter on rooted OnePlus 7 Pro Mobile Hacker
In this post we will go through installation of NetHunter with full kernel support on OnePlus 7 Pro device. The main benefit is to have drivers support for internal or external devices such as Wi-fi, Bluetooth, HID, BadUSB and SDR gadgets. Our goal will be…
👍18❤1
Analysis of WyrmSpy and DragonEgg Android spyware attributed to Chinese Espionage Group APT41
https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41
https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41
Lookout
WyrmSpy and DragonEgg: Lookout Attributes Android Spyware to China’s APT41 | Threat Intel
Lookout researchers discover advanced Android surveillanceware tied to Chinese espionage group APT41 known to target a wide range of public and private sector organizations.
👍12🤔2❤1
Advanced Frida Usage Part 3 – Inspecting iOS XPC Calls
XPC is a type of IPC (InterProcess Communication) used on *OS
https://8ksec.io/advanced-frida-usage-part-3-inspecting-ios-xpc-calls/
XPC is a type of IPC (InterProcess Communication) used on *OS
https://8ksec.io/advanced-frida-usage-part-3-inspecting-ios-xpc-calls/
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
Advanced Frida Usage Part 3 – Inspecting XPC Calls - 8kSec
In Part 3, Explore inner workings of XPC communication between processes on iOS, intercept and modify XPC messages for advanced insights. Read now!
🔥7👍3
How to reverse engineer #Xamarin iOS and Android apps
Xamarin is open-source platform that allows to create cross platform apps for iOS, Android, and Windows using C#
https://www.appknox.com/security/xamarin-reverse-engineering-a-guide-for-penetration-testers
Xamarin is open-source platform that allows to create cross platform apps for iOS, Android, and Windows using C#
https://www.appknox.com/security/xamarin-reverse-engineering-a-guide-for-penetration-testers
Appknox
Xamarin Reverse Engineering: A Guide for Penetration Testers
Learn the essentials of reverse engineering Xamarin apps and why penetration testing is essential to keep your mobile applications secure
👍19
Android SpyNote attacks electric and water public utility users in Japan
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/android-spynote-attacks-electric-and-water-public-utility-users-in-japan/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/android-spynote-attacks-electric-and-water-public-utility-users-in-japan/
McAfee Blog
Android SpyNote attacks electric and water public utility users in Japan | McAfee Blog
Authored by Yukihiro Okutomi McAfee's Mobile team observed a smishing campaign against Japanese Android users posing as a power and water infrastructure
👍11👏1
Bypass Instagram and Threads SSL pinning on Android
You can download already patched APKs for none-rooted devices, patch APK using Python noscript yourself, or download Frida bypass noscript for rooted Android
https://github.com/Eltion/Instagram-SSL-Pinning-Bypass
You can download already patched APKs for none-rooted devices, patch APK using Python noscript yourself, or download Frida bypass noscript for rooted Android
https://github.com/Eltion/Instagram-SSL-Pinning-Bypass
GitHub
GitHub - Eltion/Instagram-SSL-Pinning-Bypass: Bypass Instagram SSL pinning on Android devices.
Bypass Instagram SSL pinning on Android devices. Contribute to Eltion/Instagram-SSL-Pinning-Bypass development by creating an account on GitHub.
👍16❤6👏1
Reverse Engineering Android game Coin Hunt World and its communication protocol to cheat the app. Bug reported and fixed
https://research.nccgroup.com/2023/05/31/reverse-engineering-coin-hunt-worlds-binary-protocol/
https://research.nccgroup.com/2023/05/31/reverse-engineering-coin-hunt-worlds-binary-protocol/
👍7❤1
In details slides explaining exploitation of binder kernel use-after-free (UAF) vulnerability in the Android kernel (CVE-2022-20421) to achieves full kernel R/W
Affected devices: devices running Kernel version 5.4.x and 5.10.x
Slides: https://0xkol.github.io/assets/files/OffensiveCon23_Racing_Against_the_Lock__Exploiting_Spinlock_UAF_in_the_Android_Kernel.pdf
Research: https://0xkol.github.io/assets/files/Racing_Against_the_Lock__Exploiting_Spinlock_UAF_in_the_Android_Kernel.pdf
PoC: https://github.com/0xkol/badspin
Affected devices: devices running Kernel version 5.4.x and 5.10.x
Slides: https://0xkol.github.io/assets/files/OffensiveCon23_Racing_Against_the_Lock__Exploiting_Spinlock_UAF_in_the_Android_Kernel.pdf
Research: https://0xkol.github.io/assets/files/Racing_Against_the_Lock__Exploiting_Spinlock_UAF_in_the_Android_Kernel.pdf
PoC: https://github.com/0xkol/badspin
🔥9👍3