How to decrypt iOS Signal database
https://github.com/Magpol/HowTo-decrypt-Signal.sqlite-for-IOS/blob/master/README.md
https://github.com/Magpol/HowTo-decrypt-Signal.sqlite-for-IOS/blob/master/README.md
GitHub
HowTo-decrypt-Signal.sqlite-for-IOS/README.md at master · Magpol/HowTo-decrypt-Signal.sqlite-for-IOS
Decrypt signal.sqlite IOS. Contribute to Magpol/HowTo-decrypt-Signal.sqlite-for-IOS development by creating an account on GitHub.
TikTok app had virtually all privacy features disabled by default
https://www.billboard.com/articles/business/legal-and-management/8545568/tiktok-class-action-lawsuit-child-privacy
https://www.billboard.com/articles/business/legal-and-management/8545568/tiktok-class-action-lawsuit-child-privacy
Billboard
TikTok Hit With Class-Action Lawsuit Over Child Privacy Violations
TikTok is the subject of a new class-action lawsuit that accuses the video-sharing app of failing to protect children.
Reverse Engineering Resource Collection including Android & iOS
3000+ open source tools, ~600 blog posts.
https://github.com/alphaSeclab/awesome-reverse-engineering/blob/master/Readme_en.md
3000+ open source tools, ~600 blog posts.
https://github.com/alphaSeclab/awesome-reverse-engineering/blob/master/Readme_en.md
GitHub
awesome-reverse-engineering/Readme_en.md at master · alphaSeclab/awesome-reverse-engineering
Reverse Engineering Resources About All Platforms(Windows/Linux/macOS/Android/iOS/IoT) And Every Aspect! (More than 3500 open source tools and 2300 posts&videos) - alphaSeclab/awesome-rever...
Forwarded from The Bug Bounty Hunter
Android Smartphone manufacturer #OnePlus launches an official 'Bug Bounty Program' with rewards up to $7000 for reporting security vulnerabilities.
security.oneplus.com/index.html
Special cases: up to $7,000
Critical: $750 - $1,500
High: $250 - $750
Medium: $100 - $250
Low: $50 - $100
security.oneplus.com/index.html
Special cases: up to $7,000
Critical: $750 - $1,500
High: $250 - $750
Medium: $100 - $250
Low: $50 - $100
Android Root Detection Bypass By Manual Code Manipulation (repacking)
https://medium.com/@sarang6489/root-detection-bypass-by-manual-code-manipulation-5478858f4ad1
https://medium.com/@sarang6489/root-detection-bypass-by-manual-code-manipulation-5478858f4ad1
Medium
Root Detection Bypass By Manual Code Manipulation.
Root Detection Bypass Manually
BFU Extraction: Forensic Analysis of Locked and Disabled iPhones
https://blog.elcomsoft.com/2019/12/bfu-extraction-forensic-analysis-of-locked-and-disabled-iphones/
https://blog.elcomsoft.com/2019/12/bfu-extraction-forensic-analysis-of-locked-and-disabled-iphones/
ElcomSoft blog
BFU Extraction: Forensic Analysis of Locked and Disabled iPhones
We have recently updated Elcomsoft iOS Forensic Toolkit, adding the ability to acquire the file system from a wide range of iOS devices. The supported devices include models ranging from the iPhone 5s through the iPhone X regardless of the iOS version; more…
Forwarded from The Bug Bounty Hunter
Full Account Takeover (Android Application)
https://medium.com/@vbharad/full-account-takeover-android-application-78fa922f78c5
https://medium.com/@vbharad/full-account-takeover-android-application-78fa922f78c5
Medium
Full Account Takeover (Android Application)
Introduction :
Forwarded from The Bug Bounty Hunter
Android Root Detection Bypass Using Objection and Frida Scripts
https://medium.com/@GowthamR1/android-root-detection-bypass-using-objection-and-frida-noscripts-d681d30659a7
https://medium.com/@GowthamR1/android-root-detection-bypass-using-objection-and-frida-noscripts-d681d30659a7
Medium
Android Root Detection Bypass Using Objection and Frida Scripts
This article is a follow up to the previous article. If you guys haven’t checked it out, feel free to visit it.
👍1
Analysis of ToTok iOS application from App Store
-checkra1n
-iProxy
-Frida
https://objective-see.com/blog/blog_0x52.html
-checkra1n
-iProxy
-Frida
https://objective-see.com/blog/blog_0x52.html
objective-see.org
Mass Surveillance, is an (un)Complicated Business
triaging a massively popular iOS application, with a dark side
Android Malware Scoring System
An Obfuscation-Neglect Android Malware Scoring System
https://github.com/quark-engine/quark-engine
An Obfuscation-Neglect Android Malware Scoring System
https://github.com/quark-engine/quark-engine
GitHub
GitHub - ev-flow/quark-engine: Quark Agent - Your AI-powered Android APK Analyst
Quark Agent - Your AI-powered Android APK Analyst. Contribute to ev-flow/quark-engine development by creating an account on GitHub.
Checkra1n Era - Ep 5 - Automating extraction and processing
https://blog.digital-forensics.it/2019/12/checkra1n-era-ep-5-automating.html
https://blog.digital-forensics.it/2019/12/checkra1n-era-ep-5-automating.html
blog.digital-forensics.it
Checkra1n Era - Ep 5 - Automating extraction and processing (aka "Merry Xmas!")
DFIR research
Total mobile surveillance
Your smartphone can broadcast your exact location thousands of times per day, through hundreds of apps, instantaneously to dozens of different companies. Each of those companies has the power to follow individual mobile phones wherever they go, in near-real time.
https://www.nytimes.com/interactive/2019/12/21/opinion/location-data-privacy-rights.html
Your smartphone can broadcast your exact location thousands of times per day, through hundreds of apps, instantaneously to dozens of different companies. Each of those companies has the power to follow individual mobile phones wherever they go, in near-real time.
https://www.nytimes.com/interactive/2019/12/21/opinion/location-data-privacy-rights.html
Nytimes
Opinion | Total Surveillance Is Not What America Signed Up For (Published 2019)
Congress should take bold action to regulate the location data industry.
3 Steps to Protect Your Phone
1. Stop sharing your location with apps
2. Disable your mobile ad ID
3. Prevent Google from storing your location
https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-privacy-tips.html
1. Stop sharing your location with apps
2. Disable your mobile ad ID
3. Prevent Google from storing your location
https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-privacy-tips.html
Nytimes
Opinion | Freaked Out? 3 Steps to Protect Your Phone (Published 2019)
Tips to prevent your location from being bought and sold.
A security researcher said he has matched 17 million phone numbers to Twitter user accounts by exploiting a flaw in Twitter’s Android app
https://techcrunch.com/2019/12/24/twitter-android-bug-phone-numbers/
https://techcrunch.com/2019/12/24/twitter-android-bug-phone-numbers/
TechCrunch
A Twitter app bug was used to match 17 million phone numbers to user accounts
The researcher matched 17 million phone numbers using the Android app's contact upload feature.
Hunting Credentials and Secrets in iOS Apps #pentest #bugbounty
https://spaceraccoon.dev/low-hanging-apples-hunting-credentials-and-secrets-in-ios-apps
https://spaceraccoon.dev/low-hanging-apples-hunting-credentials-and-secrets-in-ios-apps
spaceraccoon.dev
Low-Hanging Apples: Hunting Credentials and Secrets in iOS Apps
Diving straight into reverse-engineering iOS apps can be daunting and time-consuming. While wading into the binary can pay off greatly in the long run, it’s also useful to start off with the easy wins, especially when you have limited time and resources.…
KTRW: The journey to build a debuggable iPhone
https://media.ccc.de/v/36c3-10806-ktrw_the_journey_to_build_a_debuggable_iphone
https://media.ccc.de/v/36c3-10806-ktrw_the_journey_to_build_a_debuggable_iphone
media.ccc.de
KTRW: The journey to build a debuggable iPhone
Development-fused iPhones with hardware debugging features like JTAG are out of reach for many security researchers. This talk takes you ...
Reverse Engineering of Looney Tunes: Carrot Crazy game
Part 1 - Passwords #retro #GameBoy
https://www.huderlem.com/blog/posts/carrot-crazy-1/
Part 1 - Passwords #retro #GameBoy
https://www.huderlem.com/blog/posts/carrot-crazy-1/