A detailed walk through of reverse engineering CVE-2019-3568 (WhatsApp 0-day from May)
Slides: https://github.com/maddiestone/ConPresentations/blob/master/Jailbreak2019.WhatsUpWithWhatsApp.pdf
Video: https://thecyberwire.com/stories/Maddie-Stone-Whatsup-with-WhatsApp-A-Detailed-Walk-Through-of-Reverse-Engineering-CVE-2019-3568.html
Slides: https://github.com/maddiestone/ConPresentations/blob/master/Jailbreak2019.WhatsUpWithWhatsApp.pdf
Video: https://thecyberwire.com/stories/Maddie-Stone-Whatsup-with-WhatsApp-A-Detailed-Walk-Through-of-Reverse-Engineering-CVE-2019-3568.html
GitHub
ConPresentations/Jailbreak2019.WhatsUpWithWhatsApp.pdf at master · maddiestone/ConPresentations
Slide decks from my conference presentations. Contribute to maddiestone/ConPresentations development by creating an account on GitHub.
A Deep Dive into Reversing Android Pre-Installed Apps
https://youtu.be/U6qTcpCfuFc
Slides: https://github.com/maddiestone/ConPresentations/blob/master/Blackhat2019.SecuringTheSystem.pdf
https://youtu.be/U6qTcpCfuFc
Slides: https://github.com/maddiestone/ConPresentations/blob/master/Blackhat2019.SecuringTheSystem.pdf
YouTube
Securing the System: A Deep Dive into Reversing Android Pre-Installed Apps
This talk will detail the differences in reversing and analyzing pre-installed Android applications compared to the user-space applications that most security research has focused on. This will include things like identifying when a pre-installed application…
AndroidProjectCreator: Open an APK in Android Studio project
https://t.co/4diAmkM3oj?amp=1
https://t.co/4diAmkM3oj?amp=1
Forwarded from fs0c131y - Official Channel (Elliot Alderson)
Frida API Fuzzer to fuzz APIs of Android apps https://github.com/andreafioraldi/frida-fuzzer
GitHub
GitHub - andreafioraldi/frida-fuzzer: This experimetal fuzzer is meant to be used for API in-memory fuzzing.
This experimetal fuzzer is meant to be used for API in-memory fuzzing. - andreafioraldi/frida-fuzzer
Android Malware Sandbox
Modulable sandbox for quickly sandbox known or unknown families of Android Malware
https://github.com/Areizen/Android-Malware-Sandbox
Modulable sandbox for quickly sandbox known or unknown families of Android Malware
https://github.com/Areizen/Android-Malware-Sandbox
GitHub
GitHub - Areizen/Android-Malware-Sandbox: Android Malware Sandbox
Android Malware Sandbox. Contribute to Areizen/Android-Malware-Sandbox development by creating an account on GitHub.
Joker found on Google Play had victims in UAE
Android users in the UAE reported charges of more than AED 1000 per year from unwanted subnoscriptions
http://www.dubaichronicle.com/2019/12/14/uae-android-users-alert-scams-associated-with-mobile-apps/
Android users in the UAE reported charges of more than AED 1000 per year from unwanted subnoscriptions
http://www.dubaichronicle.com/2019/12/14/uae-android-users-alert-scams-associated-with-mobile-apps/
Dubaichronicle
UAE Android Users Alert: Scams Associated With Mobile Apps
Android users in the UAE on the increase in the number of mobile scams and unwanted subnoscriptions on mobile phones.
Adware on Google Play in apps with more than 16,100,000 installs in total
https://twitter.com/sh1shk0va/status/1205510874250825728?s=19
https://twitter.com/sh1shk0va/status/1205510874250825728?s=19
Twitter
Tatyana Shishkova
#Adware on Google Play in apps with more than 16,100,000 installs in total. Thanks to Igor Golovin https://t.co/cK4uX6oRAj 10,000,000+ installs https://t.co/AssfFxA37Z 5,000,000+ installs https://t.co/pH0qLC0p25 1,000,000+ installs https://t.co/GrjBPpwaMg…
iOS Imgur app - A Realm database example
https://abrignoni.blogspot.com/2019/12/ios-imgur-app-realm-database-example.html
https://abrignoni.blogspot.com/2019/12/ios-imgur-app-realm-database-example.html
Blogspot
Initialization Vectors
Learning DFIR.
Android banking trojan has been spreading in Brazil 🇧🇷 as Google System apps
[1] https://twitter.com/ThreatFabric/status/1205817445564526592?s=19
[2] https://twitter.com/DbgShell/status/1205949571924398080?s=19
[1] https://twitter.com/ThreatFabric/status/1205817445564526592?s=19
[2] https://twitter.com/DbgShell/status/1205949571924398080?s=19
Twitter
ThreatFabric
After 1 year of silence, it looks likethe #CoyBot (alias #BasBanke) banking #Trojan is back on the menu! Targeting 9 different banking apps in Brazil.
How to setup iOS for App Pentesting on iOS 13
https://spaceraccoon.dev/from-checkra1n-to-frida-ios-app-pentesting-quickstart-on-ios-13
https://spaceraccoon.dev/from-checkra1n-to-frida-ios-app-pentesting-quickstart-on-ios-13
spaceraccoon.dev
From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13
I wanted to get into mobile app pentesting. While it’s relatively easy to get started on Android, it’s harder to do so with iOS. For example, while Android has Android Virtual Device and a host of other third-party emulators, iOS only has a Xcode’s iOS Simulator…
Andriller is now open-source
Andriller is software utility with a collection of forensic tools for smartphones.
- Lockscreen cracking for Pattern, PIN code, or Password
- custom decoders for Apps data from Android (some Apple iOS & Windows) databases for decoding communications
https://github.com/den4uk/andriller
Andriller is software utility with a collection of forensic tools for smartphones.
- Lockscreen cracking for Pattern, PIN code, or Password
- custom decoders for Apps data from Android (some Apple iOS & Windows) databases for decoding communications
https://github.com/den4uk/andriller
GitHub
GitHub - den4uk/andriller: 📱 Andriller - is software utility with a collection of forensic tools for smartphones. It performs read…
📱 Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. - den4uk/andriller
Android beta version of Shodan.io app
You can download APK from here: https://github.com/PaulSec/Shodan.io-mobile-app
You can download APK from here: https://github.com/PaulSec/Shodan.io-mobile-app
GitHub
GitHub - PaulSec/Shodan.io-mobile-app: Official repository for the Shodan.io mobile Application
Official repository for the Shodan.io mobile Application - PaulSec/Shodan.io-mobile-app
Forwarded from fs0c131y - Official Channel (Elliot Alderson)
Evolution of Android Binary Hardening https://cyber-itl.org/2019/12/16/android-evolution.html
Cyber Independent Testing Lab
Evolution of Android Binary Hardening
How has Google’s Android platform evolved with regards to build safey?
WhatsApp bug
Sending custom message WhatsApp application will crash in every phone that is a member of this group.
The bug will crash the app and it will continue to crash even after we reopen WhatsApp, resulting in a crash loop.
https://research.checkpoint.com/2019/breakingapp-whatsapp-crash-data-loss-bug/
Video demo: https://youtu.be/u-sGONBNrwg
WhatsApp Manipulation Tool: https://github.com/romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint
Sending custom message WhatsApp application will crash in every phone that is a member of this group.
The bug will crash the app and it will continue to crash even after we reopen WhatsApp, resulting in a crash loop.
https://research.checkpoint.com/2019/breakingapp-whatsapp-crash-data-loss-bug/
Video demo: https://youtu.be/u-sGONBNrwg
WhatsApp Manipulation Tool: https://github.com/romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint
Check Point Research
BreakingApp – WhatsApp Crash & Data Loss Bug - Check Point Research
The bug will crash the app and it will continue to crash even after we reopen WhatsApp, resulting in a crash loop. Moreover, the user will not be able to return to thegroup and all the data that was written and shared in the group is now gone for good. The…
A Deep Dive Into Samsung's TrustZone (Part 2)
Various tools presented and developed that helped reverse engineere and exploit Trusted Applications as well as Secure Drivers
https://blog.quarkslab.com/a-deep-dive-into-samsungs-trustzone-part-2.html
Various tools presented and developed that helped reverse engineere and exploit Trusted Applications as well as Secure Drivers
https://blog.quarkslab.com/a-deep-dive-into-samsungs-trustzone-part-2.html
Quarkslab
A Deep Dive Into Samsung's TrustZone (Part 2) - Quarkslab's blog
In this second blog post of our series on Samsung's TrustZone, we present the various tools that we have developed during our research to help us reverse engineer and exploit Trusted Applications as well as Secure Drivers.
Jailbreaking – Checkra1n Configuration #iOS
https://aboutdfir.com/jailbreaking-checkra1n-configuration/
https://aboutdfir.com/jailbreaking-checkra1n-configuration/
AboutDFIR - The Definitive Compendium Project
Jailbreaking - Checkra1n Configuration - AboutDFIR - The Definitive Compendium Project
In this installment, I felt that I should discuss how to use Checkra1n, and how to actually get into the device via 2 methods: localhost (tethered) and WiFi (untethered). This is not a blog to discuss how Checkra1n is doing, what it is doing, or what Checkm8…
Tested Ring’s Cameras Security
It making it much easier for hackers to reach cameras in peoples' homes
- no checks from unknown IP
- no captcha for bruteforcing
- doesn't show who is logged in, so hacker can sit silently via @josephfcox
https://www.vice.com/amp/en_us/article/epg4xm/amazon-ring-camera-security
It making it much easier for hackers to reach cameras in peoples' homes
- no checks from unknown IP
- no captcha for bruteforcing
- doesn't show who is logged in, so hacker can sit silently via @josephfcox
https://www.vice.com/amp/en_us/article/epg4xm/amazon-ring-camera-security
Vice
We Tested Ring’s Security. It’s Awful
Ring lacks basic security features, making it easy for hackers to turn the company's cameras against its customers.
How to decrypt iOS Signal database
https://github.com/Magpol/HowTo-decrypt-Signal.sqlite-for-IOS/blob/master/README.md
https://github.com/Magpol/HowTo-decrypt-Signal.sqlite-for-IOS/blob/master/README.md
GitHub
HowTo-decrypt-Signal.sqlite-for-IOS/README.md at master · Magpol/HowTo-decrypt-Signal.sqlite-for-IOS
Decrypt signal.sqlite IOS. Contribute to Magpol/HowTo-decrypt-Signal.sqlite-for-IOS development by creating an account on GitHub.
TikTok app had virtually all privacy features disabled by default
https://www.billboard.com/articles/business/legal-and-management/8545568/tiktok-class-action-lawsuit-child-privacy
https://www.billboard.com/articles/business/legal-and-management/8545568/tiktok-class-action-lawsuit-child-privacy
Billboard
TikTok Hit With Class-Action Lawsuit Over Child Privacy Violations
TikTok is the subject of a new class-action lawsuit that accuses the video-sharing app of failing to protect children.