Trying to exploit my old Android using CVE-2020-0401 (PackageManagerService)
https://pwner.gg/blog/Android's-CVE-2020-0401
https://pwner.gg/blog/Android's-CVE-2020-0401
( ͡◕ _ ͡◕)👌
Android's CVE-2020-0401 (PackageManagerService)
Note This is another attempt in my Android Side Quest (the previous one was Android’s CVE-2020-0238). Intro While digging around through my old gadgets, I found my ancient OnePlus phone that had been gathering dust in a drawer.
👍20
Malimite: iOS decompiler designed to analyze and decode IPA files
Built on top of Ghidra to offer direct support for Swift, Objective-C, and iOS resources
https://github.com/LaurieWired/Malimite
Built on top of Ghidra to offer direct support for Swift, Objective-C, and iOS resources
https://github.com/LaurieWired/Malimite
GitHub
GitHub - LaurieWired/Malimite: iOS and macOS Decompiler
iOS and macOS Decompiler. Contribute to LaurieWired/Malimite development by creating an account on GitHub.
🔥22🥰4❤3
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
https://www.trendmicro.com/en_us/research/24/l/earth-minotaur.html
https://www.trendmicro.com/en_us/research/24/l/earth-minotaur.html
Trend Micro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
👍14
Android smartphone Confiscated by Russian Authorities Returned with Monokle-Type Spyware Installed
https://citizenlab.ca/2024/12/device-confiscated-by-russian-authorities-returned-with-monokle-type-spyware-installed/
https://citizenlab.ca/2024/12/device-confiscated-by-russian-authorities-returned-with-monokle-type-spyware-installed/
The Citizen Lab
Something to Remember Us By
In a joint investigation with The First Department, The Citizen Lab uncovered spyware covertly implanted on the phone of a Russian programmer following his release from Russian custody. The Monokle-like spyware allows an operator to track the device’s location…
👍13🔥2
Deobfuscate Android App: LLM tool to find any potential security vulnerabilities in Android apps and deobfuscate Android app code
https://github.com/In3tinct/deobfuscate-android-app
https://github.com/In3tinct/deobfuscate-android-app
GitHub
GitHub - In3tinct/Androidmeda: LLM tool to deobfuscate android app and find any potential vulnerabilities in android apps and …
LLM tool to deobfuscate android app and find any potential vulnerabilities in android apps and code. - In3tinct/Androidmeda
🔥25
OWApp Benchmark Suite: A comprehensive framework designed to automate and enhance the benchmarking process for mobile applications, particularly within the context of security analysis
https://github.com/Mobile-IoT-Security-Lab/OWApp-Benchmarking-Suite
https://github.com/Mobile-IoT-Security-Lab/OWApp-Benchmarking-Suite
GitHub
GitHub - Mobile-IoT-Security-Lab/OWApp-Benchmarking-Suite: The OWApp Benchmark: an OWASP-compliant Vulnerable Android App Dataset
The OWApp Benchmark: an OWASP-compliant Vulnerable Android App Dataset - Mobile-IoT-Security-Lab/OWApp-Benchmarking-Suite
🔥12👍4
AppLite: A New AntiDot Variant Targeting Mobile Employee Devices
https://www.zimperium.com/blog/applite-a-new-antidot-variant-targeting-mobile-employee-devices/
https://www.zimperium.com/blog/applite-a-new-antidot-variant-targeting-mobile-employee-devices/
Zimperium
AppLite: A New AntiDot Variant Targeting Mobile Employee Devices
true
🔥17
EagleMsgSpy: New Chinese Android Surveillance Tool Used by Public Security Bureaus
https://www.lookout.com/threat-intelligence/article/eaglemsgspy-chinese-android-surveillanceware
https://www.lookout.com/threat-intelligence/article/eaglemsgspy-chinese-android-surveillanceware
Lookout
Lookout Discovers New Chinese Surveillance Tool Used by Public Security | Threat Intel
Lookout researchers have discovered a new Chinese surveillance family used by Chinese law enforcement to collect extensive information from mobile devices.
👍12
Mobile Threat Landscape Report by Lookout in Q3 2024
-10 Most Common Mobile Browser Vulnerabilities
-5 Most Common Mobile App Vulnerabilities
-10 Most Encountered Malware Families in Q3 2024
https://www.lookout.com/threat-intelligence/report/q3-2024-mobile-landscape-threat-report-copy
-10 Most Common Mobile Browser Vulnerabilities
-5 Most Common Mobile App Vulnerabilities
-10 Most Encountered Malware Families in Q3 2024
https://www.lookout.com/threat-intelligence/report/q3-2024-mobile-landscape-threat-report-copy
Lookout
2024 Q3 Mobile Landscape Threat Report Copy
Learn about new Russian and Chinese mobile surveillanceware, how iOS is at significantly higher risk than Android, and why mobile phishing is the biggest problem right now.
👍11❤6
Bluetooth and Wi-Fi Jamming using Flipper Zero
https://www.mobile-hacker.com/2024/12/12/bluetooth-and-wi-fi-jamming-using-flipper-zero/
https://www.mobile-hacker.com/2024/12/12/bluetooth-and-wi-fi-jamming-using-flipper-zero/
Mobile Hacker
Bluetooth and Wi-Fi Jamming using Flipper Zero
Jamming is a technique used to disrupt wireless communications by overwhelming the signal with interference. This blog post explores the concept of jamming using Flipper Zero, how it works, its applications, and the legal considerations surrounding its use.…
🔥19❤3👍3
BoneSpy and PlainGnome: Two Russian Android Spyware Families Discovered and Connected to Gamaredon APT
https://www.lookout.com/threat-intelligence/article/gamaredon-russian-android-surveillanceware
https://www.lookout.com/threat-intelligence/article/gamaredon-russian-android-surveillanceware
Lookout
Lookout Discovers PlainGnome and Bonespy Uzbek Android spyware | Threat Intel
Researchers at the Lookout Threat Lab have discovered two Android surveillance families dubbed BoneSpy and PlainGnome attributed to Uzbekistan's State Security Service
👍10
A New Android Banking Trojan Masquerades as Utility and Banking Apps in India
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india/
McAfee Blog
A New Android Banking Trojan Masquerades as Utility and Banking Apps in India | McAfee Blog
Authored by Dexter Shin Over the years, cyber threats targeting Android devices have become more sophisticated and persistent. Recently, McAfee Mobile
👍10🤔2🥱2
This media is not supported in your browser
VIEW IN TELEGRAM
Denial-of-service (DoS) bug that affects Messenger for iOS
https://s11research.com/posts/Messenger-Group-Call-DoS-for-iOS/
https://s11research.com/posts/Messenger-Group-Call-DoS-for-iOS/
👍11❤2
Understanding XSS in Android Apps
https://medium.com/@anandrishav2228/earn-10-000-xss-in-android-apps-scratch-to-advance-cb3aa6c2b98f
https://medium.com/@anandrishav2228/earn-10-000-xss-in-android-apps-scratch-to-advance-cb3aa6c2b98f
Medium
Earn $10,000 XSS in Android Apps Scratch to Advance.
Cross-Site Scripting (XSS) attacks are often associated with web applications, but they can also be critical in Android application…
👍12
Bluetooth RCE allows to compromise the car to be able to record in-car audio, take screenshots, and download contacts from a Skoda Superb over the Internet
https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf
https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf
🔥16👍2❤1
Android's CVE-2022-20201 (InstalldNativeService)
https://pwner.gg/blog/Android's-CVE-2022-20201
https://pwner.gg/blog/Android's-CVE-2022-20201
( ͡◕ _ ͡◕)👌
Android's CVE-2022-20201 (InstalldNativeService)
Intro This is another attempt as part of my @vr_progress to hack my old, unpatched OnePlus phone which didn’t get any updates for years. This time I chose CVE-2022-20201, a crafty little bug hiding in one of the subsystems used by Android’s package manager.
🔥13🙏2❤1💩1
Vulnerabilities in the eSIM download protocol
http://i.blackhat.com/EU-24/Presentations/EU-24-Ahmed-VulnerabilitiesIneSIM.pdf
http://i.blackhat.com/EU-24/Presentations/EU-24-Ahmed-VulnerabilitiesIneSIM.pdf
🔥14
Unmasking State-Sponsored Mobile Surveillance Malware from Russia, China, and North Korea – Threat Actors, Tactics, and Defense Strategies
https://i.blackhat.com/EU-24/Presentations/EU-24-V2-Islamoglu-Unmasking-State-Sponsored-Mobile-Surveillance.pdf
https://i.blackhat.com/EU-24/Presentations/EU-24-V2-Islamoglu-Unmasking-State-Sponsored-Mobile-Surveillance.pdf
🔥10😁8
My other ClassLoader is your ClassLoader: Creating evil twin instances of a class
https://i.blackhat.com/EU-24/Presentations/EU-24-Valsamaras-My-other-classloader.pdf
https://i.blackhat.com/EU-24/Presentations/EU-24-Valsamaras-My-other-classloader.pdf
🔥12
WiFi Calling: Revealing Downgrade Attacks and Not-so-private private Keys
https://i.blackhat.com/EU-24/Presentations/EU-24-DabrowskiGegenhuber-WiFi-Calling-Revealing-Downgrade-Attacks.pdf
https://i.blackhat.com/EU-24/Presentations/EU-24-DabrowskiGegenhuber-WiFi-Calling-Revealing-Downgrade-Attacks.pdf
🔥12
How to detect ARP spoofing attack using Android app
https://www.mobile-hacker.com/2024/12/16/detect-arp-spoofing-attack-using-android-app/
https://www.mobile-hacker.com/2024/12/16/detect-arp-spoofing-attack-using-android-app/
Mobile Hacker
Detect ARP spoofing attack using Android app
ARP spoofing attacks are often used in combination with other types of attacks, such as DNS spoofing, SSL stripping, and more. These attacks can be used to steal sensitive information, launch phishing attacks.
👍13🔥3👏1