Forwarded from fs0c131y - Official Channel (Elliot Alderson)
Frida API Fuzzer to fuzz APIs of Android apps https://github.com/andreafioraldi/frida-fuzzer
GitHub
GitHub - andreafioraldi/frida-fuzzer: This experimetal fuzzer is meant to be used for API in-memory fuzzing.
This experimetal fuzzer is meant to be used for API in-memory fuzzing. - andreafioraldi/frida-fuzzer
Android Malware Sandbox
Modulable sandbox for quickly sandbox known or unknown families of Android Malware
https://github.com/Areizen/Android-Malware-Sandbox
Modulable sandbox for quickly sandbox known or unknown families of Android Malware
https://github.com/Areizen/Android-Malware-Sandbox
GitHub
GitHub - Areizen/Android-Malware-Sandbox: Android Malware Sandbox
Android Malware Sandbox. Contribute to Areizen/Android-Malware-Sandbox development by creating an account on GitHub.
Joker found on Google Play had victims in UAE
Android users in the UAE reported charges of more than AED 1000 per year from unwanted subnoscriptions
http://www.dubaichronicle.com/2019/12/14/uae-android-users-alert-scams-associated-with-mobile-apps/
Android users in the UAE reported charges of more than AED 1000 per year from unwanted subnoscriptions
http://www.dubaichronicle.com/2019/12/14/uae-android-users-alert-scams-associated-with-mobile-apps/
Dubaichronicle
UAE Android Users Alert: Scams Associated With Mobile Apps
Android users in the UAE on the increase in the number of mobile scams and unwanted subnoscriptions on mobile phones.
Adware on Google Play in apps with more than 16,100,000 installs in total
https://twitter.com/sh1shk0va/status/1205510874250825728?s=19
https://twitter.com/sh1shk0va/status/1205510874250825728?s=19
Twitter
Tatyana Shishkova
#Adware on Google Play in apps with more than 16,100,000 installs in total. Thanks to Igor Golovin https://t.co/cK4uX6oRAj 10,000,000+ installs https://t.co/AssfFxA37Z 5,000,000+ installs https://t.co/pH0qLC0p25 1,000,000+ installs https://t.co/GrjBPpwaMg…
iOS Imgur app - A Realm database example
https://abrignoni.blogspot.com/2019/12/ios-imgur-app-realm-database-example.html
https://abrignoni.blogspot.com/2019/12/ios-imgur-app-realm-database-example.html
Blogspot
Initialization Vectors
Learning DFIR.
Android banking trojan has been spreading in Brazil 🇧🇷 as Google System apps
[1] https://twitter.com/ThreatFabric/status/1205817445564526592?s=19
[2] https://twitter.com/DbgShell/status/1205949571924398080?s=19
[1] https://twitter.com/ThreatFabric/status/1205817445564526592?s=19
[2] https://twitter.com/DbgShell/status/1205949571924398080?s=19
Twitter
ThreatFabric
After 1 year of silence, it looks likethe #CoyBot (alias #BasBanke) banking #Trojan is back on the menu! Targeting 9 different banking apps in Brazil.
How to setup iOS for App Pentesting on iOS 13
https://spaceraccoon.dev/from-checkra1n-to-frida-ios-app-pentesting-quickstart-on-ios-13
https://spaceraccoon.dev/from-checkra1n-to-frida-ios-app-pentesting-quickstart-on-ios-13
spaceraccoon.dev
From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13
I wanted to get into mobile app pentesting. While it’s relatively easy to get started on Android, it’s harder to do so with iOS. For example, while Android has Android Virtual Device and a host of other third-party emulators, iOS only has a Xcode’s iOS Simulator…
Andriller is now open-source
Andriller is software utility with a collection of forensic tools for smartphones.
- Lockscreen cracking for Pattern, PIN code, or Password
- custom decoders for Apps data from Android (some Apple iOS & Windows) databases for decoding communications
https://github.com/den4uk/andriller
Andriller is software utility with a collection of forensic tools for smartphones.
- Lockscreen cracking for Pattern, PIN code, or Password
- custom decoders for Apps data from Android (some Apple iOS & Windows) databases for decoding communications
https://github.com/den4uk/andriller
GitHub
GitHub - den4uk/andriller: 📱 Andriller - is software utility with a collection of forensic tools for smartphones. It performs read…
📱 Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. - den4uk/andriller
Android beta version of Shodan.io app
You can download APK from here: https://github.com/PaulSec/Shodan.io-mobile-app
You can download APK from here: https://github.com/PaulSec/Shodan.io-mobile-app
GitHub
GitHub - PaulSec/Shodan.io-mobile-app: Official repository for the Shodan.io mobile Application
Official repository for the Shodan.io mobile Application - PaulSec/Shodan.io-mobile-app
Forwarded from fs0c131y - Official Channel (Elliot Alderson)
Evolution of Android Binary Hardening https://cyber-itl.org/2019/12/16/android-evolution.html
Cyber Independent Testing Lab
Evolution of Android Binary Hardening
How has Google’s Android platform evolved with regards to build safey?
WhatsApp bug
Sending custom message WhatsApp application will crash in every phone that is a member of this group.
The bug will crash the app and it will continue to crash even after we reopen WhatsApp, resulting in a crash loop.
https://research.checkpoint.com/2019/breakingapp-whatsapp-crash-data-loss-bug/
Video demo: https://youtu.be/u-sGONBNrwg
WhatsApp Manipulation Tool: https://github.com/romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint
Sending custom message WhatsApp application will crash in every phone that is a member of this group.
The bug will crash the app and it will continue to crash even after we reopen WhatsApp, resulting in a crash loop.
https://research.checkpoint.com/2019/breakingapp-whatsapp-crash-data-loss-bug/
Video demo: https://youtu.be/u-sGONBNrwg
WhatsApp Manipulation Tool: https://github.com/romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint
Check Point Research
BreakingApp – WhatsApp Crash & Data Loss Bug - Check Point Research
The bug will crash the app and it will continue to crash even after we reopen WhatsApp, resulting in a crash loop. Moreover, the user will not be able to return to thegroup and all the data that was written and shared in the group is now gone for good. The…
A Deep Dive Into Samsung's TrustZone (Part 2)
Various tools presented and developed that helped reverse engineere and exploit Trusted Applications as well as Secure Drivers
https://blog.quarkslab.com/a-deep-dive-into-samsungs-trustzone-part-2.html
Various tools presented and developed that helped reverse engineere and exploit Trusted Applications as well as Secure Drivers
https://blog.quarkslab.com/a-deep-dive-into-samsungs-trustzone-part-2.html
Quarkslab
A Deep Dive Into Samsung's TrustZone (Part 2) - Quarkslab's blog
In this second blog post of our series on Samsung's TrustZone, we present the various tools that we have developed during our research to help us reverse engineer and exploit Trusted Applications as well as Secure Drivers.
Jailbreaking – Checkra1n Configuration #iOS
https://aboutdfir.com/jailbreaking-checkra1n-configuration/
https://aboutdfir.com/jailbreaking-checkra1n-configuration/
AboutDFIR - The Definitive Compendium Project
Jailbreaking - Checkra1n Configuration - AboutDFIR - The Definitive Compendium Project
In this installment, I felt that I should discuss how to use Checkra1n, and how to actually get into the device via 2 methods: localhost (tethered) and WiFi (untethered). This is not a blog to discuss how Checkra1n is doing, what it is doing, or what Checkm8…
Tested Ring’s Cameras Security
It making it much easier for hackers to reach cameras in peoples' homes
- no checks from unknown IP
- no captcha for bruteforcing
- doesn't show who is logged in, so hacker can sit silently via @josephfcox
https://www.vice.com/amp/en_us/article/epg4xm/amazon-ring-camera-security
It making it much easier for hackers to reach cameras in peoples' homes
- no checks from unknown IP
- no captcha for bruteforcing
- doesn't show who is logged in, so hacker can sit silently via @josephfcox
https://www.vice.com/amp/en_us/article/epg4xm/amazon-ring-camera-security
Vice
We Tested Ring’s Security. It’s Awful
Ring lacks basic security features, making it easy for hackers to turn the company's cameras against its customers.
How to decrypt iOS Signal database
https://github.com/Magpol/HowTo-decrypt-Signal.sqlite-for-IOS/blob/master/README.md
https://github.com/Magpol/HowTo-decrypt-Signal.sqlite-for-IOS/blob/master/README.md
GitHub
HowTo-decrypt-Signal.sqlite-for-IOS/README.md at master · Magpol/HowTo-decrypt-Signal.sqlite-for-IOS
Decrypt signal.sqlite IOS. Contribute to Magpol/HowTo-decrypt-Signal.sqlite-for-IOS development by creating an account on GitHub.
TikTok app had virtually all privacy features disabled by default
https://www.billboard.com/articles/business/legal-and-management/8545568/tiktok-class-action-lawsuit-child-privacy
https://www.billboard.com/articles/business/legal-and-management/8545568/tiktok-class-action-lawsuit-child-privacy
Billboard
TikTok Hit With Class-Action Lawsuit Over Child Privacy Violations
TikTok is the subject of a new class-action lawsuit that accuses the video-sharing app of failing to protect children.
Reverse Engineering Resource Collection including Android & iOS
3000+ open source tools, ~600 blog posts.
https://github.com/alphaSeclab/awesome-reverse-engineering/blob/master/Readme_en.md
3000+ open source tools, ~600 blog posts.
https://github.com/alphaSeclab/awesome-reverse-engineering/blob/master/Readme_en.md
GitHub
awesome-reverse-engineering/Readme_en.md at master · alphaSeclab/awesome-reverse-engineering
Reverse Engineering Resources About All Platforms(Windows/Linux/macOS/Android/iOS/IoT) And Every Aspect! (More than 3500 open source tools and 2300 posts&videos) - alphaSeclab/awesome-rever...
Forwarded from The Bug Bounty Hunter
Android Smartphone manufacturer #OnePlus launches an official 'Bug Bounty Program' with rewards up to $7000 for reporting security vulnerabilities.
security.oneplus.com/index.html
Special cases: up to $7,000
Critical: $750 - $1,500
High: $250 - $750
Medium: $100 - $250
Low: $50 - $100
security.oneplus.com/index.html
Special cases: up to $7,000
Critical: $750 - $1,500
High: $250 - $750
Medium: $100 - $250
Low: $50 - $100