Introduction to Android Bytecode Exploitation (Part 1) Android resides among the most popular operating systems for mobile devices, which causes Android to also be among the most popular targets for exploitation. While Android is frequently updated to fix…

The Trident Exploit Chain deep-dive (Part I)

Welcome to another blog in the series of Advance Frida Usage. This blog post demonstrates how to use Frida’s Stalker APIs to trace instructions as they execute in a app in real time.

TL;DR I discovered a one-click account takeover vulnerability in a popular Indonesian Android app called Tokopedia . Th...

Kaspersky experts have discovered a new version of the Necro Trojan, which has infected tens of thousands of Android devices through Google Play and Spotify and WhatsApp mods.

ThreatFabric unveils the evolution of Octo2 malware, enhancing mobile banking security with sophisticated techniques and remote access capabilities.

Introduction Memory management in XNU Page tables Physical use-after-free Exploitation strategy Heap spray Kernel memory read/write Conclusion Bonus: arm64e, PPL and SPTM

Learn about the sophisticated campaign compromising Kurdish websites. Gain insights into the scale and variants used by malicious actors.

Key takeaways Introduction Crypto drainers are malicious tools that steal digital assets like NFTs, and tokens from cryptocurrency wallets. They often use phishing techniques and leverage smart contracts to enhance their impact. Typically, users are tricked…

WiFiPumpkin3 is a powerful framework designed for rogue access point attacks and network security testing. It allows security researchers, and red teamers to create fake Wi-Fi networks, custom captive portals, intercept traffic, and deploy phishing attacks.…

CTI, threat intelligence, OSINT, malware, APT, threat hunting, threat analysis, CTF, cybersecurity, security

We have analyzed the CVE-2024-7965 vulnerability that allows adversaries to execute arbitrary code in the Google Chrome renderer

Dvuln is a specialist information security company founded by Australian cyber security specialists based out of Sydney, Melbourne and Brisbane

Zespół CERT Polska zaobserwował w ostatnich tygodniach nowe próbki złośliwego oprogramowania na urządzenia mobilne

In this article, Group-IB specialists uncovered a large-scale fraud campaign involving fake trading apps targeting Apple iOS and Android users across multiple regions through the UniApp framework, and distributed through official app stores and phishing sites.

This guide shows you how to set up a headless Pi-Tail, controlled entirely from your smartphone via SSH or VNC. This compact and cost-effective setup is perfect for on-the-go Wi-Fi pentesting, network scanning, and vulnerability assessments.

Many months ago, a slightly younger Tim thought that porting mainline Linux to his old Android phone for the purpose of experimentation would be a great way to pass time. (In hindsight it was, but not for the reasons imagined.)

Fraud and scams cost consumers more than $1 trillion in losses globally, and it’s one of the most common forms of cyber crime that India witnesses. According to the Indi…