Android banking trojan has been spreading in Brazil 🇧🇷 as Google System apps
[1] https://twitter.com/ThreatFabric/status/1205817445564526592?s=19
[2] https://twitter.com/DbgShell/status/1205949571924398080?s=19
[1] https://twitter.com/ThreatFabric/status/1205817445564526592?s=19
[2] https://twitter.com/DbgShell/status/1205949571924398080?s=19
Twitter
ThreatFabric
After 1 year of silence, it looks likethe #CoyBot (alias #BasBanke) banking #Trojan is back on the menu! Targeting 9 different banking apps in Brazil.
How to setup iOS for App Pentesting on iOS 13
https://spaceraccoon.dev/from-checkra1n-to-frida-ios-app-pentesting-quickstart-on-ios-13
https://spaceraccoon.dev/from-checkra1n-to-frida-ios-app-pentesting-quickstart-on-ios-13
spaceraccoon.dev
From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13
I wanted to get into mobile app pentesting. While it’s relatively easy to get started on Android, it’s harder to do so with iOS. For example, while Android has Android Virtual Device and a host of other third-party emulators, iOS only has a Xcode’s iOS Simulator…
Andriller is now open-source
Andriller is software utility with a collection of forensic tools for smartphones.
- Lockscreen cracking for Pattern, PIN code, or Password
- custom decoders for Apps data from Android (some Apple iOS & Windows) databases for decoding communications
https://github.com/den4uk/andriller
Andriller is software utility with a collection of forensic tools for smartphones.
- Lockscreen cracking for Pattern, PIN code, or Password
- custom decoders for Apps data from Android (some Apple iOS & Windows) databases for decoding communications
https://github.com/den4uk/andriller
GitHub
GitHub - den4uk/andriller: 📱 Andriller - is software utility with a collection of forensic tools for smartphones. It performs read…
📱 Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. - den4uk/andriller
Android beta version of Shodan.io app
You can download APK from here: https://github.com/PaulSec/Shodan.io-mobile-app
You can download APK from here: https://github.com/PaulSec/Shodan.io-mobile-app
GitHub
GitHub - PaulSec/Shodan.io-mobile-app: Official repository for the Shodan.io mobile Application
Official repository for the Shodan.io mobile Application - PaulSec/Shodan.io-mobile-app
Forwarded from fs0c131y - Official Channel (Elliot Alderson)
Evolution of Android Binary Hardening https://cyber-itl.org/2019/12/16/android-evolution.html
Cyber Independent Testing Lab
Evolution of Android Binary Hardening
How has Google’s Android platform evolved with regards to build safey?
WhatsApp bug
Sending custom message WhatsApp application will crash in every phone that is a member of this group.
The bug will crash the app and it will continue to crash even after we reopen WhatsApp, resulting in a crash loop.
https://research.checkpoint.com/2019/breakingapp-whatsapp-crash-data-loss-bug/
Video demo: https://youtu.be/u-sGONBNrwg
WhatsApp Manipulation Tool: https://github.com/romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint
Sending custom message WhatsApp application will crash in every phone that is a member of this group.
The bug will crash the app and it will continue to crash even after we reopen WhatsApp, resulting in a crash loop.
https://research.checkpoint.com/2019/breakingapp-whatsapp-crash-data-loss-bug/
Video demo: https://youtu.be/u-sGONBNrwg
WhatsApp Manipulation Tool: https://github.com/romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint
Check Point Research
BreakingApp – WhatsApp Crash & Data Loss Bug - Check Point Research
The bug will crash the app and it will continue to crash even after we reopen WhatsApp, resulting in a crash loop. Moreover, the user will not be able to return to thegroup and all the data that was written and shared in the group is now gone for good. The…
A Deep Dive Into Samsung's TrustZone (Part 2)
Various tools presented and developed that helped reverse engineere and exploit Trusted Applications as well as Secure Drivers
https://blog.quarkslab.com/a-deep-dive-into-samsungs-trustzone-part-2.html
Various tools presented and developed that helped reverse engineere and exploit Trusted Applications as well as Secure Drivers
https://blog.quarkslab.com/a-deep-dive-into-samsungs-trustzone-part-2.html
Quarkslab
A Deep Dive Into Samsung's TrustZone (Part 2) - Quarkslab's blog
In this second blog post of our series on Samsung's TrustZone, we present the various tools that we have developed during our research to help us reverse engineer and exploit Trusted Applications as well as Secure Drivers.
Jailbreaking – Checkra1n Configuration #iOS
https://aboutdfir.com/jailbreaking-checkra1n-configuration/
https://aboutdfir.com/jailbreaking-checkra1n-configuration/
AboutDFIR - The Definitive Compendium Project
Jailbreaking - Checkra1n Configuration - AboutDFIR - The Definitive Compendium Project
In this installment, I felt that I should discuss how to use Checkra1n, and how to actually get into the device via 2 methods: localhost (tethered) and WiFi (untethered). This is not a blog to discuss how Checkra1n is doing, what it is doing, or what Checkm8…
Tested Ring’s Cameras Security
It making it much easier for hackers to reach cameras in peoples' homes
- no checks from unknown IP
- no captcha for bruteforcing
- doesn't show who is logged in, so hacker can sit silently via @josephfcox
https://www.vice.com/amp/en_us/article/epg4xm/amazon-ring-camera-security
It making it much easier for hackers to reach cameras in peoples' homes
- no checks from unknown IP
- no captcha for bruteforcing
- doesn't show who is logged in, so hacker can sit silently via @josephfcox
https://www.vice.com/amp/en_us/article/epg4xm/amazon-ring-camera-security
Vice
We Tested Ring’s Security. It’s Awful
Ring lacks basic security features, making it easy for hackers to turn the company's cameras against its customers.
How to decrypt iOS Signal database
https://github.com/Magpol/HowTo-decrypt-Signal.sqlite-for-IOS/blob/master/README.md
https://github.com/Magpol/HowTo-decrypt-Signal.sqlite-for-IOS/blob/master/README.md
GitHub
HowTo-decrypt-Signal.sqlite-for-IOS/README.md at master · Magpol/HowTo-decrypt-Signal.sqlite-for-IOS
Decrypt signal.sqlite IOS. Contribute to Magpol/HowTo-decrypt-Signal.sqlite-for-IOS development by creating an account on GitHub.
TikTok app had virtually all privacy features disabled by default
https://www.billboard.com/articles/business/legal-and-management/8545568/tiktok-class-action-lawsuit-child-privacy
https://www.billboard.com/articles/business/legal-and-management/8545568/tiktok-class-action-lawsuit-child-privacy
Billboard
TikTok Hit With Class-Action Lawsuit Over Child Privacy Violations
TikTok is the subject of a new class-action lawsuit that accuses the video-sharing app of failing to protect children.
Reverse Engineering Resource Collection including Android & iOS
3000+ open source tools, ~600 blog posts.
https://github.com/alphaSeclab/awesome-reverse-engineering/blob/master/Readme_en.md
3000+ open source tools, ~600 blog posts.
https://github.com/alphaSeclab/awesome-reverse-engineering/blob/master/Readme_en.md
GitHub
awesome-reverse-engineering/Readme_en.md at master · alphaSeclab/awesome-reverse-engineering
Reverse Engineering Resources About All Platforms(Windows/Linux/macOS/Android/iOS/IoT) And Every Aspect! (More than 3500 open source tools and 2300 posts&videos) - alphaSeclab/awesome-rever...
Forwarded from The Bug Bounty Hunter
Android Smartphone manufacturer #OnePlus launches an official 'Bug Bounty Program' with rewards up to $7000 for reporting security vulnerabilities.
security.oneplus.com/index.html
Special cases: up to $7,000
Critical: $750 - $1,500
High: $250 - $750
Medium: $100 - $250
Low: $50 - $100
security.oneplus.com/index.html
Special cases: up to $7,000
Critical: $750 - $1,500
High: $250 - $750
Medium: $100 - $250
Low: $50 - $100
Android Root Detection Bypass By Manual Code Manipulation (repacking)
https://medium.com/@sarang6489/root-detection-bypass-by-manual-code-manipulation-5478858f4ad1
https://medium.com/@sarang6489/root-detection-bypass-by-manual-code-manipulation-5478858f4ad1
Medium
Root Detection Bypass By Manual Code Manipulation.
Root Detection Bypass Manually
BFU Extraction: Forensic Analysis of Locked and Disabled iPhones
https://blog.elcomsoft.com/2019/12/bfu-extraction-forensic-analysis-of-locked-and-disabled-iphones/
https://blog.elcomsoft.com/2019/12/bfu-extraction-forensic-analysis-of-locked-and-disabled-iphones/
ElcomSoft blog
BFU Extraction: Forensic Analysis of Locked and Disabled iPhones
We have recently updated Elcomsoft iOS Forensic Toolkit, adding the ability to acquire the file system from a wide range of iOS devices. The supported devices include models ranging from the iPhone 5s through the iPhone X regardless of the iOS version; more…
Forwarded from The Bug Bounty Hunter
Full Account Takeover (Android Application)
https://medium.com/@vbharad/full-account-takeover-android-application-78fa922f78c5
https://medium.com/@vbharad/full-account-takeover-android-application-78fa922f78c5
Medium
Full Account Takeover (Android Application)
Introduction :