Reversing HackEx Android Game for fun & profit - static, dynamic and network analysis
https://0x00sec.org/t/reversing-hackex-an-android-game/16243
https://0x00sec.org/t/reversing-hackex-an-android-game/16243
0x00sec - The Home of the Hacker
Reversing HackEx - An android game
Hello peeps. I’m sp0re. This is my first post on 0x00sec, you can find more about me on my website. Today we are going to reverse engineer the network protocol of an android game so that we can automate the game, and earn unlimited money while drinking sodas…
How to bypass Android certificate pinning and intercept SSL traffic
https://vavkamil.cz/2019/09/15/how-to-bypass-android-certificate-pinning-and-intercept-ssl-traffic/
https://vavkamil.cz/2019/09/15/how-to-bypass-android-certificate-pinning-and-intercept-ssl-traffic/
Kamil Vavra @vavkamil
How to bypass Android certificate pinning and intercept SSL traffic
Offensive website security Bug bounty Ethical hacking
Threat actor recycles leaked source code of Android RAT SpyNote and sells it as new Android RAT MobiHok v4.
Threat actore sells it with entire source code for $15,000!
https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/
Threat actore sells it with entire source code for $15,000!
https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/
ES File Explorer - Authentication bypass via insecure FTP Activity execution
3rd party app can bypass master password to start local FTP server. Because of that, attacker on local network could access files on device without authentication.
https://medium.com/@bhaveshthakur2015/cve-2019-11380-how-i-was-able-to-access-complete-storage-of-es-fileexplorer-end-user-9bd8da5ac3b8
3rd party app can bypass master password to start local FTP server. Because of that, attacker on local network could access files on device without authentication.
https://medium.com/@bhaveshthakur2015/cve-2019-11380-how-i-was-able-to-access-complete-storage-of-es-fileexplorer-end-user-9bd8da5ac3b8
Medium
CVE-2019–11380 | How I was able to access complete storage of ES-FileExplorer End user
ES-file explorer was a very popular file manager having more than 30 lac downloads on play store. I found a critical vulnerability by…
Bypass iOS 13 Lockscreen to see contacts info
https://youtu.be/pW0TTnBCA04
https://youtu.be/pW0TTnBCA04
YouTube
With No Enter the Passcode you can See Contacts info. iOS 13 Feature. Read denoscription please.
Follow me on Twitter for more coming.
http://twitter.com/intent/follow/user?screen_name=vbarraquito
Original video shared to Apple on July 17:
https://youtu.be/7eWJkePoNAU
Sent to Apple in July 2019 as part of a report of two security flaws (Lock screen…
http://twitter.com/intent/follow/user?screen_name=vbarraquito
Original video shared to Apple on July 17:
https://youtu.be/7eWJkePoNAU
Sent to Apple in July 2019 as part of a report of two security flaws (Lock screen…
Simplify reverse-engineering ARM firmware in Ghidra
SVD-Loader for Ghidra automates the entire generation of peripheral structs and memory maps for over 650 different microcontrollers
https://leveldown.de/blog/svd-loader/
SVD-Loader for Ghidra automates the entire generation of peripheral structs and memory maps for over 650 different microcontrollers
https://leveldown.de/blog/svd-loader/
Now available SQLite vulnerabilities affecting iOS 12.3/macOS Mojave 10.14.5
CVE-2019-8598: https://cpr-zero.checkpoint.com/vulns/cprid-2118/
CVE-2019-8577: https://cpr-zero.checkpoint.com/vulns/cprid-2119/
CVE-2019-8600: https://cpr-zero.checkpoint.com/vulns/cprid-2120/
CVE-2019-8602: https://cpr-zero.checkpoint.com/vulns/cprid-2121/
CVE-2019-8598: https://cpr-zero.checkpoint.com/vulns/cprid-2118/
CVE-2019-8577: https://cpr-zero.checkpoint.com/vulns/cprid-2119/
CVE-2019-8600: https://cpr-zero.checkpoint.com/vulns/cprid-2120/
CVE-2019-8602: https://cpr-zero.checkpoint.com/vulns/cprid-2121/
CPR-Zero
CPR-Zero: CVE-2019-8598
Check Point Research Vulnerability Repository
WhatsApp 'Delete for Everyone' Doesn't Delete Media Files Sent to iPhone Users
https://thehackernews.com/2019/09/whatsapp-delete-for-everyone-privacy.html
https://thehackernews.com/2019/09/whatsapp-delete-for-everyone-privacy.html
Phishing site impersonating SecureDrop - site meant for whistleblowers submissions - distributed Android RAT malware
https://www.bleepingcomputer.com/news/security/phishing-attack-targets-the-guardians-whistleblowing-site/
https://www.bleepingcomputer.com/news/security/phishing-attack-targets-the-guardians-whistleblowing-site/
BleepingComputer
Phishing Attack Targets The Guardian's Whistleblowing Site
The Guardian's SecureDrop whistleblower submission site was targeted with a phishing page that attempted to harvest the unique "codenames" used to identify sources who used the service. In addition, this phishing page promoted an Android app that allowed…
Documents reveal how Russia taps phone companies for surveillance
https://techcrunch.com/2019/09/18/russia-sorm-nokia-surveillance/
https://techcrunch.com/2019/09/18/russia-sorm-nokia-surveillance/
TechCrunch
Documents reveal how Russia wiretaps phone companies
In cities across Russia, large boxes in locked rooms are directly connected to the networks of some of the country's largest phone and internet companies.
Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites
https://blog.trendmicro.com/trendlabs-security-intelligence/magecart-skimming-attack-targets-mobile-users-of-hotel-chain-booking-websites/
https://blog.trendmicro.com/trendlabs-security-intelligence/magecart-skimming-attack-targets-mobile-users-of-hotel-chain-booking-websites/
Trend Micro
Magecart Targets Hotel Booking Websites on Mobile
We discovered a series of incidents where the credit card skimming attack was used to hit the booking websites of chain-brand hotels — the second time we’ve seen a Magecart threat actor directly hit ecommerce service providers.
Two hidden ads Trojans found on Google Play with 1,500,000+ installs
https://www.wandera.com/mobile-security/google-play-adware/
https://www.wandera.com/mobile-security/google-play-adware/
Wandera
Adware with millions of downloads found on the Google Play Store
Two selfie filter camera apps on the Google Play Store have been identified as adware. The apps have a combined 1.5 million downloads.
Two fake apps with all together 200+ installs requests credit card credentials
https://twitter.com/emilio_simoni/status/1175122486029160448?s=19
https://twitter.com/emilio_simoni/status/1175103047762141185?s=19
https://twitter.com/emilio_simoni/status/1175122486029160448?s=19
https://twitter.com/emilio_simoni/status/1175103047762141185?s=19
Twitter
Emilio
More one fake app in @GooglePlay that steal credit card numbers, this time the victim is @CarrefourGroup https://t.co/hzQ64xG4c3 @LukasStefanko @fs0c131y @BleepinComputer
MobSF v2.0 released
https://github.com/MobSF/Mobile-Security-Framework-MobSF
https://github.com/MobSF/Mobile-Security-Framework-MobSF
GitHub
GitHub - MobSF/Mobile-Security-Framework-MobSF: Mobile Security Framework (MobSF) is an automated, all-in-one mobile application…
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a...
👎1
Andromeda - Interactive Reverse Engineering Tool for Android apps
https://github.com/secrary/Andromeda
https://github.com/secrary/Andromeda
GitHub
GitHub - secrary/Andromeda: Andromeda - Interactive Reverse Engineering Tool for Android Applications
Andromeda - Interactive Reverse Engineering Tool for Android Applications - secrary/Andromeda
How Edward Snowden Would Use A Smartphone
-Graphene OS
-all traffic through TOR
-use ad-blocker and password manager
-use Signal or Wire
-...
https://www.eva.nmccann.net/blog/snowden-smartphone
-Graphene OS
-all traffic through TOR
-use ad-blocker and password manager
-use Signal or Wire
-...
https://www.eva.nmccann.net/blog/snowden-smartphone
McCann Tech
How Edward Snowden Would Use A Smartphone — McCann Tech
How Edward Snowden would use a smartphone, if he had to.
Pwnedbg - debugging the iOS kernel in IDA
https://akayn.github.io/2019/09/21/debugging-the-ios-kernel-in-ida.html
https://akayn.github.io/2019/09/21/debugging-the-ios-kernel-in-ida.html
25 hidden adware found on Google Play with over 2,100,000 installs
https://www.symantec.com/blogs/threat-intelligence/hidden-adware-google-play
https://www.symantec.com/blogs/threat-intelligence/hidden-adware-google-play
Security
More Hidden App Malware Found on Google Play with over 2.1 Million Downloads
Malicious apps hide themselves after installation and aggressively display full-screen advertisements.
Tibetan Groups Targeted with 1-Click Mobile Exploits. Espionage campaign for iOS and Android OS
https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/
IOCs: https://github.com/citizenlab/malware-indicators/blob/master/201909_MissingLink/iocs.csv
https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/
IOCs: https://github.com/citizenlab/malware-indicators/blob/master/201909_MissingLink/iocs.csv
The Citizen Lab
Missing Link
This is the first documented case of one-click mobile exploits used to target Tibetan groups, and reflects an escalation in the sophistication of digital espionage threats targeting the community.
Android Spying Trojan impersonates Korean National Police Agency app that spreads via fake websites that mimic Google Play
https://twitter.com/ninoseki/status/1176732200873578496
https://twitter.com/ninoseki/status/1176732200873578496
Twitter
にのせき
Unknown(?) Android malware impersonates Korean National Police Agency. https://t.co/jdkz6rnoqe A list of URLs: https://t.co/rM9lvNBi3M FYI @051R15 @ZeroCERT @unpacker @kisa118