Analysis of ToTok iOS application from App Store
-checkra1n
-iProxy
-Frida
https://objective-see.com/blog/blog_0x52.html

Android Malware Scoring System
An Obfuscation-Neglect Android Malware Scoring System
https://github.com/quark-engine/quark-engine

Checkra1n Era - Ep 5 - Automating extraction and processing
https://blog.digital-forensics.it/2019/12/checkra1n-era-ep-5-automating.html

Total mobile surveillance
Your smartphone can broadcast your exact location thousands of times per day, through hundreds of apps, instantaneously to dozens of different companies. Each of those companies has the power to follow individual mobile phones wherever they go, in near-real time.
https://www.nytimes.com/interactive/2019/12/21/opinion/location-data-privacy-rights.html

3 Steps to Protect Your Phone

1. Stop sharing your location with apps
2. Disable your mobile ad ID
3. Prevent Google from storing your location
https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-privacy-tips.html

100 Android AdFraud apps found on Google Play
https://www.whiteops.com/blog/bringing-starchild-down-to-earth-soraka-sdk

A security researcher said he has matched 17 million phone numbers to Twitter user accounts by exploiting a flaw in Twitter’s Android app
https://techcrunch.com/2019/12/24/twitter-android-bug-phone-numbers/

Hunting Credentials and Secrets in iOS Apps #pentest #bugbounty
https://spaceraccoon.dev/low-hanging-apples-hunting-credentials-and-secrets-in-ios-apps

KTRW: The journey to build a debuggable iPhone
https://media.ccc.de/v/36c3-10806-ktrw_the_journey_to_build_a_debuggable_iphone

Reverse Engineering of Looney Tunes: Carrot Crazy game
Part 1 - Passwords #retro #GameBoy
https://www.huderlem.com/blog/posts/carrot-crazy-1/

Twitter for Android could allow a bad actor to see nonpublic account information or to control your account (i.e., send Tweets or Direct Messages)
https://privacy.twitter.com/en/blog

Remotely Compromising an iPhone through iMessage #presentation
https://media.ccc.de/v/36c3-10497-messenger_hacking_remotely_compromising_an_iphone_through_imessage

Unterhering iOS
Running unsigned code at boot on iOS 11. I will demonstrate how you can start out with a daemon config file and end up with kernel code execution
https://media.ccc.de/v/36c3-11034-tales_of_old_untethering_ios_11

Potential risks of secure messaging system
Dive into end-to-end encryption, OTR and deniability, and then the axolotl construction used by Signal #presentation
https://media.ccc.de/v/36c3-10565-what_s_left_for_private_messaging

SIM card technology from A-Z #presentation
https://media.ccc.de/v/36c3-10737-sim_card_technology_from_a-z

Lesser-known Tools for Android Application PenTesting

-Magisk + modules
-DisableFlagSecure
-AdbManager
-ProxyDroid
-pidcat
-resize
https://captmeelo.com/pentest/2019/12/30/lesser-known-tools-for-android-pentest.html

Mobile Securit Framework (MobSF) v3 (released in December 2019)

-OWASP Mobile Top 10 2016 is supported
-iOS & Android Analysis improved
http://mobsf.github.io/Mobile-Security-Framework-MobSF/changelog.html

Android malware threats of December, 2019
Full list - http://skptr.me/malware_timeline_2019.html
Download samples - https://github.com/sk3ptre/AndroidMalware_2019

iOS Application Injection
https://arjunbrar.com/post/ios-application-injection

You no longer have to manually package the Frida Gadget in your target app. As long as the app is debuggable, Frida does that for you
https://www.nowsecure.com/blog/2020/01/02/how-to-conduct-jailed-testing-with-frida/

The recent Android Brazilian Banking Trojan - COYBOT
https://www.buguroo.com/en/blog/banking-malware-in-android-continues-to-grow.-a-look-at-the-recent-brazilian-banking-trojan-basbanke-coybot