Mobile Pentesting with Frida
https://drive.google.com/file/d/1JccmMLi6YTnyRrp_rk6vzKrUX3oXK_Yw/view
https://drive.google.com/file/d/1JccmMLi6YTnyRrp_rk6vzKrUX3oXK_Yw/view
👍1
Automated Frida hook generation with JEB
https://bhamza.me/2019/10/06/Automated-Frida-hook-generation-with-JEB.html
jeb2frida: https://github.com/Hamz-a/jeb2frida
https://bhamza.me/2019/10/06/Automated-Frida-hook-generation-with-JEB.html
jeb2frida: https://github.com/Hamz-a/jeb2frida
How to modify iOS app with Frida to use Meterpreter
https://sensepost.com/blog/2019/mettle-your-ios-with-frida/
https://sensepost.com/blog/2019/mettle-your-ios-with-frida/
A Run-Time Approach For Pen-Testing IOS Applications Part-II (Objection In Action)
https://blog.securelayer7.net/a-run-time-approach-for-pen-testing-ios-applications-part-ii-objection-in-action/
https://blog.securelayer7.net/a-run-time-approach-for-pen-testing-ios-applications-part-ii-objection-in-action/
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
A run-time approach for pen-testing iOS applications Part-II (Objection in Action)
Objection in Action Once all things go right, we can inject Frida noscripts into our target application. Open target application and enter following command in powershell objection -g...
Vulnerable Twitter API of iOS apps may lead to possible MITM attack
The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. CVE-2019-16263
https://blog.appicaptor.com/2019/10/04/vulnerable-library-warning-twitterkit-for-ios/
The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. CVE-2019-16263
https://blog.appicaptor.com/2019/10/04/vulnerable-library-warning-twitterkit-for-ios/
Fake Antivirus Found on Google Play 100,000+ Installs
https://twitter.com/ReBensk/status/1181544987151855616
https://twitter.com/ReBensk/status/1181544987151855616
Twitter
Re-ind
Fake-AV Found on Google Play 100,000+ Installs https://t.co/FTLbBdDMlQ
HiddenApp Trojans that hide its presence and display ads found on Google Play: discovered 15 apps with over 1,300,000 installs
https://news.sophos.com/en-us/2019/10/08/icon-hiding-android-adware-returns-to-the-play-market/
https://news.sophos.com/en-us/2019/10/08/icon-hiding-android-adware-returns-to-the-play-market/
Sophos News
Icon-hiding Android adware returns to the Play Market
Adware apps attempt to evade easy removal by, literally, hiding their app icons from users
Doctor Web’s overview of malware detected on mobile devices in September 2019
https://news.drweb.com/show/?i=13446&lng=en
https://news.drweb.com/show/?i=13446&lng=en
Dr.Web
Dr.Web — Doctor Web’s overview of malware detected on mobile devices in September 2019
Find out on Doctor Web’s site about the latest virus threats and information security issues.
Two spy apps that steal contact list found on Google Play with 110+ installs
https://twitter.com/s_metanka/status/1181192866875559936
https://twitter.com/s_metanka/status/1181192866875559936
Twitter
smtnk
These two young apps on @GooglePlay steal the users' contact lists and leak them all (~3k unique records) via unprotected Firebase instances, mostly UAE/Pakistan/Saudi Arabia victims it seems. #Android #Malware https://t.co/6INCOHBiLE https://t.co/o1mPKjrHNr
New Joker Trojan app with 100,000+ installs found on Google Play
https://twitter.com/s_metanka/status/1181592422796664837
https://twitter.com/s_metanka/status/1181592422796664837
Twitter
smtnk
A new Joker app on @GooglePlay ”Amusing game station" - 100,000+ installs. The loader is slightly improved, the core build is an old s8-7-release. Targets: GR,AT,DE,PK,UAE,BD,TH. Distribution C&C: doocims[.]com, main C&C: 18.139.46[.]15 https://t.co/NXfFLZz6rD…
Analysis of WhatsApp bug CVE-2019-3568
https://github.com/maddiestone/ConPresentations/blob/master/Jailbreak2019.WhatsUpWithWhatsApp.pdf
https://github.com/maddiestone/ConPresentations/blob/master/Jailbreak2019.WhatsUpWithWhatsApp.pdf
GitHub
ConPresentations/Jailbreak2019.WhatsUpWithWhatsApp.pdf at master · maddiestone/ConPresentations
Slide decks from my conference presentations. Contribute to maddiestone/ConPresentations development by creating an account on GitHub.
Google has removed 29 popular Android apps with a total download of more 10 million from Google Play store
https://m.gadgetsnow.com/slideshows/delete-these-29-popular-apps-from-your-android-phone-right-now/amp_photolist/71573856.cms
https://m.gadgetsnow.com/slideshows/delete-these-29-popular-apps-from-your-android-phone-right-now/amp_photolist/71573856.cms
Gadgets Now
Delete these 29 popular apps from your Android phone right now | Gadgets Now
Adware app with 10,000+ installs on Google Play
https://twitter.com/ReBensk/status/1183742308652466178?s=19
https://twitter.com/ReBensk/status/1183742308652466178?s=19
Twitter
Re-ind
AdDisplay.Clevernet Malware Found on Google Play 10,000+ Installs Display Ads with full screen https://t.co/as6KAW65eY
Joker Trojan found on Google Play with 10,000+ installs
https://twitter.com/sh1shk0va/status/1184054662003134464?s=19
https://twitter.com/sh1shk0va/status/1184054662003134464?s=19
Twitter
Tatyana Shishkova
Yet another #Joker Trojan on Google Play. 10,000+ installs, contacts nichfyy[.]com, 52.77.93[.]217. https://t.co/PeUMxyCUbc
Seven HiddenApp Trojans with 190,000+ installs found on Google Play
https://twitter.com/0xabc0/status/1184373381086531584
https://twitter.com/0xabc0/status/1184373381086531584
Twitter
Ahmet Bilal Can
#HiddenApp total of 190.000+ installs. drops another app to show full screen ads. Dropper apps : https://t.co/INVS618R2G Adware : https://t.co/EVo7A9rN71
Subnoscription scam with 1,000,000+ installs requests €94.99 per week after 3 day free trial
https://twitter.com/fs0c131y/status/1184414820281540608?s=19
https://twitter.com/fs0c131y/status/1184414820281540608?s=19
Twitter
Elliot Alderson
This horoscope app available on the PlayStore has been downloaded 1M+ times. You have 3-days free and after it’s €94.99/week… Don’t worry this app has been verified by PlayProtect... https://t.co/gWlmacyucY
Qu1ckR00t - Exploit CVE-2019-2215 to Achieve Root
Blog: https://hernan.de/blog/2019/10/15/tailoring-cve-2019-2215-to-achieve-root/
PoC exploit: https://github.com/grant-h/qu1ckr00t
Blog: https://hernan.de/blog/2019/10/15/tailoring-cve-2019-2215-to-achieve-root/
PoC exploit: https://github.com/grant-h/qu1ckr00t
hernan.de
Tailoring CVE-2019-2215 to Achieve Root
When I heard about the emergency disclosure of CVE-2019-2215 by Project Zero, I decided to replicate the exploit on my local device to see it in action. I so...
How to Reverse Engineer an iOS App and macOS Software
https://www.apriorit.com/dev-blog/363-how-to-reverse-engineer-os-x-and-ios-software
https://www.apriorit.com/dev-blog/363-how-to-reverse-engineer-os-x-and-ios-software
Apriorit
How to Reverse Engineer an iOS App - Apriorit
Learn how to reverse engineer an iOS app, break down its components, and understand functionality without source code access for debugging or maintenance.
Checkrain fake iOS jailbreak leads to click fraud
https://blog.talosintelligence.com/2019/10/checkrain-click-fraud.html
https://blog.talosintelligence.com/2019/10/checkrain-click-fraud.html
Cisco Talos Blog
Checkrain fake iOS jailbreak leads to click fraud
By Warren Mercer and Paul Rascagneres.
Introduction
Attackers are capitalizing on the recent discovery of a new vulnerability that exists across legacy iOS hardware. Cisco Talos recently discovered a malicious actor using a fake website that claims to give…
Introduction
Attackers are capitalizing on the recent discovery of a new vulnerability that exists across legacy iOS hardware. Cisco Talos recently discovered a malicious actor using a fake website that claims to give…