NetHunter Hacker VII: Wi-Fi compatibility check and setup on Android
https://www.mobile-hacker.com/2023/08/15/nethunter-hacker-vii-wi-fi-compatibility-check-and-setup-on-android/
https://www.mobile-hacker.com/2023/08/15/nethunter-hacker-vii-wi-fi-compatibility-check-and-setup-on-android/
Mobile Hacker
NetHunter Hacker VII: Wi-Fi compatibility check and setup on Android Mobile Hacker
If you are interested in Wi-Fi hacking using NetHunter, you need to have a supported Wi-Fi adapter by your system that can supports various wireless modes and features. In this blogpost, we will explain what the different types of Wi-Fi adapters are, how…
👍14❤2🤔1
Mobile Malware Analysis Part 1 – Leveraging Accessibility Features To Steal Crypto Wallet
https://8ksec.io/mobile-malware-analysis-part-1-crypto-wallet-stealer/
https://8ksec.io/mobile-malware-analysis-part-1-crypto-wallet-stealer/
👍14
Forwarded from The Bug Bounty Hunter
Making Chrome more secure by bringing Key Pinning to Android
http://security.googleblog.com/2023/08/making-chrome-more-secure-by-bringing.html
http://security.googleblog.com/2023/08/making-chrome-more-secure-by-bringing.html
Google Online Security Blog
Making Chrome more secure by bringing Key Pinning to Android
Posted by David Adrian, Joe DeBlasio and Carlos Joan Rafael Ibarra Lopez, Chrome Security Chrome 106 added support for enforcing key pins...
👍9❤3👏1🤔1
Over 3,000 Android Malware Samples Using Multiple Techniques to Bypass Detection
https://www.zimperium.com/blog/over-3000-android-malware-samples-using-multiple-techniques-to-bypass-detection/
https://www.zimperium.com/blog/over-3000-android-malware-samples-using-multiple-techniques-to-bypass-detection/
Zimperium
Unsupported Compression Methods Enable Android Malware to Bypass Detection
true
👍16🤔3
Unmasking – EVLF DEV - The Creator of Android CypherRAT and CraxsRAT
https://www.cyfirma.com/outofband/unmasking-evlf-dev-the-creator-of-cypherrat-and-craxsrat/
https://www.cyfirma.com/outofband/unmasking-evlf-dev-the-creator-of-cypherrat-and-craxsrat/
CYFIRMA
Unmasking - EVLF DEV-The Creator of CypherRAT and CraxsRAT - CYFIRMA
EXECUTIVE SUMMARY The CYFIRMA research team has discovered a new Malware-as-a-service (MaaS) operator that goes by the moniker EVLF DEV....
👍19👏2
Content Providers and the potential weak spots they can have
https://blog.oversecured.com/Content-Providers-and-the-potential-weak-spots-they-can-have/
https://blog.oversecured.com/Content-Providers-and-the-potential-weak-spots-they-can-have/
News, Techniques & Guides
Content Providers and the potential weak spots they can have
Before we jump into the details, we want to stress how important it is to keep your users' data safe.
👍16
NetHunter Hacker VIII: Wi-Fi hacking using wifite, deauthentication and wardriving
https://www.mobile-hacker.com/2023/08/29/nethunter-hacker-viii-wi-fi-hacking-using-wifite-deauthentication-and-wardriving/
https://www.mobile-hacker.com/2023/08/29/nethunter-hacker-viii-wi-fi-hacking-using-wifite-deauthentication-and-wardriving/
Mobile Hacker
NetHunter Hacker VIII: Wi-Fi hacking using wifite, deauthentication and wardriving Mobile Hacker
This blog will provide you with information on the several techniques and tools used to attack Wi-Fi networks using NetHunter app. We'll talk about the various tools such as the wifite, shed light on the deauthentication attack technique, and explore the…
👍18❤5🤔4
Technical Analysis of Multi-layered Obfuscation Techniques in AndroidManifest.xml Aimed at Evading Static Analysis
https://www.liansecurity.com/#/main/news/H_NoQIoBE2npFSfF-iQ5/detail
https://www.liansecurity.com/#/main/news/H_NoQIoBE2npFSfF-iQ5/detail
🔥8👍3🤡3💩1💅1
Mobile Malware Analysis Part 2 – MasterFred
https://8ksec.io/mobile-malware-analysis-part-2-masterfred/
https://8ksec.io/mobile-malware-analysis-part-2-masterfred/
👍7❤1
Android Goes All-in on Fuzzing
https://security.googleblog.com/2023/08/android-goes-all-in-on-fuzzing.html
https://security.googleblog.com/2023/08/android-goes-all-in-on-fuzzing.html
Google Online Security Blog
Android Goes All-in on Fuzzing
Posted by Hamzeh Zawawy and Jon Bottarini, Android Security Fuzzing is an effective technique for finding software vulnerabilities. Over ...
👍8
Obfuscating Android Apps with Native Code
The presentation explores writing Android applications in purely native code to obfuscate app flow-of-control
Resources: https://github.com/LaurieWired/AndroidPurelyNative_Troopers23
Presentation: https://youtu.be/wayMcQQZV1U?si=UJ6m_6jogtzcnNBF
The presentation explores writing Android applications in purely native code to obfuscate app flow-of-control
Resources: https://github.com/LaurieWired/AndroidPurelyNative_Troopers23
Presentation: https://youtu.be/wayMcQQZV1U?si=UJ6m_6jogtzcnNBF
GitHub
GitHub - LaurieWired/AndroidPurelyNative_Troopers23: This contains notes and code for my Troopers23 Beyond Java talk
This contains notes and code for my Troopers23 Beyond Java talk - GitHub - LaurieWired/AndroidPurelyNative_Troopers23: This contains notes and code for my Troopers23 Beyond Java talk
🔥8❤1👍1
Trojanized Signal and Telegram apps were discovered on Google Play and Galaxy Store
Patched Signal is the first documented case of spying on a victim’s Signal communications by secretly autolinking the compromised device to attacker’s Signal device
https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/
Patched Signal is the first documented case of spying on a victim’s Signal communications by secretly autolinking the compromised device to attacker’s Signal device
https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/
Welivesecurity
BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps
ESET research uncovers active campaigns linked to the China-aligned APT group known as GREF that distributing espionage code previously targeting Uyghurs.
👍11
Bypassing Hardened Android Application available on the Play Store
-Root Detection Check in Native Java code and in React Native file
-Emulator Check
-Frida Running Check
-SSL Pinning Bypass
https://notsosecure.com/bypassing-hardened-android-applications
-Root Detection Check in Native Java code and in React Native file
-Emulator Check
-Frida Running Check
-SSL Pinning Bypass
https://notsosecure.com/bypassing-hardened-android-applications
NotSoSecure
Bypassing Hardened Android Applications
Recently, we performed a penetration test on an Android application available on the Play Store. The app had good security in place to protect it from being opened and executed on a rooted app. In
👍12
How to port custom build of Kali Nethunter to an unsupported phone (Xiaomi Poco X3 NFC) and compile custom Kernel with support for TP-LINK W722N V2/V3 (RTL8812AU drivers)
https://r0ttenbeef.github.io/Port-Custom-Build-of-Kali-Nethunter-to-an-Unsupported-Phone-Walkthrough/
https://r0ttenbeef.github.io/Port-Custom-Build-of-Kali-Nethunter-to-an-Unsupported-Phone-Walkthrough/
r0ttenbeef.github.io
Port Custom Build of Kali Nethunter to an Unsupported Phone Walkthrough
Cybersecurity Blog
👍8
Infamous Chisel: Detailed analysis of each component associated with Sandworm APT group designed to enable remote access and exfiltrate information from Android phones
https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/infamous-chisel/NCSC-MAR-Infamous-Chisel.pdf
https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/infamous-chisel/NCSC-MAR-Infamous-Chisel.pdf
👍10❤1
Account takeover using PIN brute-force
BillPoint app didn't use brute-force PIN protection, which allowed attacker to gain unauthorized access to any user account simply by knowing their email
https://medium.com/@hackedbyeldee/account-takeover-on-billpoint-co-mobile-app-9cc3aedd92b
BillPoint app didn't use brute-force PIN protection, which allowed attacker to gain unauthorized access to any user account simply by knowing their email
https://medium.com/@hackedbyeldee/account-takeover-on-billpoint-co-mobile-app-9cc3aedd92b
Medium
Account Takeover on Billpoint.co Mobile App
Hello fellow cyber security enthusiasts
🔥19👍6❤1👏1
Video explanation on a bug discovered in PayPal Business Android app how it was possible to steal authentication token to takeover victim account
https://youtu.be/AoSvq9v8kvY?si=shOkn5aq_mXrhlu3
https://youtu.be/AoSvq9v8kvY?si=shOkn5aq_mXrhlu3
👍12🔥1🤔1
Android.Pandora trojans (ancestor of Linux Mirai trojan) compromise Android devices, either during firmware updates or when applications for viewing pirated video content are installed
https://news.drweb.com/show/?i=14743&lng=en
https://news.drweb.com/show/?i=14743&lng=en
Dr.Web
Pandora's box is now open: the well-known Mirai trojan arrives in a new disguise to Android-based TV sets and TV boxes
Doctor Web has identified a family of Android.Pandora trojans that compromise Android devices, either during firmware updates or when applications for viewing pirated video content are installed. This backdoor inherited its advanced DDoS-attack capabilities…
👍12🤔1
How to spoof iOS devices with Bluetooth pairing messages using Android
https://www.mobile-hacker.com/2023/09/07/spoof-ios-devices-with-bluetooth-pairing-messages-using-android/
https://www.mobile-hacker.com/2023/09/07/spoof-ios-devices-with-bluetooth-pairing-messages-using-android/
Mobile Hacker
Spoof iOS devices with Bluetooth pairing messages using Android Mobile Hacker
[update 09.10.2023] In this update, I will share how to extend the signal of Android nRF Connect app that can send pairing messages, demonstrate AppleJuice on the latest iOS 17, show which specific advertisement packet can trigger pop-ups from up to 50 meters…
👍20🤣6❤1
New 0-click exploit chain discovered targeting iOS devices delivers Pegasus Spyware
Exploit chain was capable of compromising iPhones (iOS 16.6) without any user interaction.
The device is compromised just by receiving malicious image in iMessage (CVE-2023-41064, CVE-2023-41061).
➡️ Update your iOS devices
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
Exploit chain was capable of compromising iPhones (iOS 16.6) without any user interaction.
The device is compromised just by receiving malicious image in iMessage (CVE-2023-41064, CVE-2023-41061).
➡️ Update your iOS devices
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
The Citizen Lab
BLASTPASS
Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware while checking the device of an individual employed by a Washington DC-based civil society organization with international offices. We…
🔥20👍8❤5😁2🤯1🏆1🆒1