Awesome Python Security resources
https://github.com/guardrailsio/awesome-python-security
https://github.com/guardrailsio/awesome-python-security
GitHub
GitHub - guardrailsio/awesome-python-security: Awesome Python Security resources 🕶🐍🔐
Awesome Python Security resources 🕶🐍🔐. Contribute to guardrailsio/awesome-python-security development by creating an account on GitHub.
Fake COVID-19 Contact Tracing Apps
https://www.anomali.com/blog/anomali-threat-research-identifies-fake-covid-19-contact-tracing-apps-used-to-monitor-devices-steal-personal-data
https://www.anomali.com/blog/anomali-threat-research-identifies-fake-covid-19-contact-tracing-apps-used-to-monitor-devices-steal-personal-data
Anomali
Anomali Threat Research Identifies Fake COVID-19 Contact Tracing Apps Used to Download Malware that Monitors Devices, Steals Personal…
New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa
https://blog.trendmicro.com/trendlabs-security-intelligence/new-android-spyware-actionspy-revealed-via-phishing-attacks-from-earth-empusa/
https://blog.trendmicro.com/trendlabs-security-intelligence/new-android-spyware-actionspy-revealed-via-phishing-attacks-from-earth-empusa/
Trend Micro
Phishing Attacks from Earth Empusa Reveal ActionSpy
We identified an undocumented Android spyware we have named ActionSpy while tracking Earth Empura, also known as POISON CARP/Evil Eye. The campaign is reportedly targeting Uyghurs by compromising their Android and iOS mobile devices.
Cryptojacking In Mobile Devices
-What Is Cryptojacking
-How Does Mobile Device Cryptojacking Work
-How To Detect Cryptojacking Attacks
-How To Prevent Cryptojacking On Your Mobile Device
https://secureblitz.com/risks-of-cryptojacking-in-mobile-devices
-What Is Cryptojacking
-How Does Mobile Device Cryptojacking Work
-How To Detect Cryptojacking Attacks
-How To Prevent Cryptojacking On Your Mobile Device
https://secureblitz.com/risks-of-cryptojacking-in-mobile-devices
SecureBlitz Cybersecurity
Risks Of Cryptojacking In Mobile Devices
Here, we will address cryptojacking in mobile devices. We’ll dive into what cryptojacking is, how to detect it, and how to prevent it. Crypto mining is one
Jailbreaking Apple TV 4K
https://blog.elcomsoft.com/2020/06/jailbreaking-apple-tv-4k/
https://blog.elcomsoft.com/2020/06/jailbreaking-apple-tv-4k/
ElcomSoft blog
Jailbreaking Apple TV 4K
Is jailbreaking an Apple TV worth it? If you are working in the forensics, it definitely is. When connected to the user's Apple account with full iCloud access, the Apple TV synchronizes a lot of data. That data may contain important evidence, and sometimes…
A survey of recent iOS kernel exploits
https://googleprojectzero.blogspot.com/2020/06/a-survey-of-recent-ios-kernel-exploits.html
https://googleprojectzero.blogspot.com/2020/06/a-survey-of-recent-ios-kernel-exploits.html
Blogspot
A survey of recent iOS kernel exploits
Posted by Brandon Azad, Project Zero I recently found myself wishing for a single online reference providing a brief summary of the high...
Security & Privacy Risks of Mobile Contact Tracing Apps
https://arxiv.org/pdf/2006.05914.pdf
https://arxiv.org/pdf/2006.05914.pdf
Frida Boot - A binary instrumentation workshop, with Frida, for beginners!
https://github.com/leonjza/frida-boot
Workshop video: https://youtu.be/CLpW1tZCblo
Slides: https://docs.google.com/presentation/d/1BK4CsGChSKI8BCVsg9Rlv0lY5AfsrbanhIRWnKaP0TI/edit
https://github.com/leonjza/frida-boot
Workshop video: https://youtu.be/CLpW1tZCblo
Slides: https://docs.google.com/presentation/d/1BK4CsGChSKI8BCVsg9Rlv0lY5AfsrbanhIRWnKaP0TI/edit
GitHub
GitHub - leonjza/frida-boot: Frida Boot 👢- A binary instrumentation workshop, with Frida, for beginners!
Frida Boot 👢- A binary instrumentation workshop, with Frida, for beginners! - leonjza/frida-boot
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
https://youtu.be/BQWcUjzxJE0
https://youtu.be/BQWcUjzxJE0
YouTube
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Have you been wondering about how to start in mobile application security, more specifically iOS/Android application security? In this talk, I will try to answer some of the most common questions about getting started in mobile application security testing.…
Vulnerabilities in LTE and 5G networks 2020
https://positive-tech.com/storage/articles/gtp-2020/threat-vector-gtp-2020-eng.pdf
https://positive-tech.com/storage/articles/gtp-2020/threat-vector-gtp-2020-eng.pdf
Positive-Tech
Threat vector: GTP. Vulnerabilities in LTE and 5G networks 2020
With new 5G networks, mobile operators face numerous challenges. One of them is the GTP protocol, used alongside SS7 and Diameter on core networks to transmit user and control traffic. Stay ahead of the curve with knowledge and preparation. Download the «Threat…
GrinningSoul: iOS emulator
Built from the ground up for bug bounty hunters, security researchers, and developers.
Coming Q3 2020
https://www.grinningsoul.com/
Built from the ground up for bug bounty hunters, security researchers, and developers.
Coming Q3 2020
https://www.grinningsoul.com/
How to dump Samsung Galaxy S7 boot ROM using known and fixed security vulnerabilities in Trustzone
https://fredericb.info/2020/06/exynos8890-bootrom-dump-dump-exynos-8890-bootrom-from-samsung-galaxy-s7.html
Source code: https://github.com/frederic/exynos8890-bootrom-dump
https://fredericb.info/2020/06/exynos8890-bootrom-dump-dump-exynos-8890-bootrom-from-samsung-galaxy-s7.html
Source code: https://github.com/frederic/exynos8890-bootrom-dump
fred's notes
exynos8890-bootrom-dump : dump Exynos 8890 bootROM from Samsung Galaxy S7
This post introduces a tool to dump Samsung Galaxy S7 bootROM using known and fixed security vulnerabilities in Trustzone. The source code is available on GitHub. Procedure We use a Galaxy S7 phone, with ADB access and root privileges. BootROM code is at…
FBI announcement: Increased Use of Mobile Banking Apps Could Lead to Exploitation
https://www.ic3.gov/media/2020/200610.aspx
https://www.ic3.gov/media/2020/200610.aspx
Intel agencies red-flag use of 52 mobile apps with links to China: Complete list
https://www.hindustantimes.com/india-news/intel-agencies-red-flag-use-of-52-mobile-apps-with-links-to-china-complete-list/story-B50Slf39aSnVOrCcS92l1N.html
https://www.hindustantimes.com/india-news/intel-agencies-red-flag-use-of-52-mobile-apps-with-links-to-china-complete-list/story-B50Slf39aSnVOrCcS92l1N.html
Hindustan Times
Intelligence agencies red-flag use of 52 mobile apps with links to China
The National Security Council Secretariat has backed the recommendation to block or discourage use of 53 mobile apps
Forwarded from The Bug Bounty Hunter
Intercepting Flutter traffic on iOS
https://blog.nviso.eu/2020/06/12/intercepting-flutter-traffic-on-ios/
https://blog.nviso.eu/2020/06/12/intercepting-flutter-traffic-on-ios/
NVISO Labs
Intercepting Flutter traffic on iOS
My previous blogposts explained how to intercept Flutter traffic on Android ARMv8, with a detailed follow along guide for ARMv7. This blogpost does the same for iOS. ⚠️ Update August 2022 ⚠️An upda…
Trump 2020 Campaign Exposed to Attack via App
https://www.websiteplanet.com/blog/trump-app-vulnerability-report/
https://www.websiteplanet.com/blog/trump-app-vulnerability-report/
Website Planet
Trump 2020 Campaign Exposed to Attack via App
Led by renowned cybersecurity analysts Noam Rotem and Ran Locar, our security research team recently discovered a security vulnerability in US
Bugbounty Cheatsheet for the infosec community
It covers Recon workflow, Webapp bugs, Mobile app bugs, API bugs, checklist, tools used, etc. Via Adam Swartz
https://docs.google.com/spreadsheets/d/1TxNrvaIMRS_dmupcwjwJmXtaFk_lPGE1LzgxPu_7KqA/edit?fbclid=IwAR3dktvcemzjYc7OvA-vu6MQMiI9_EpIS4Ei3C7TGKFgMWUG3eWPx2sUr3E#gid=1308919623
It covers Recon workflow, Webapp bugs, Mobile app bugs, API bugs, checklist, tools used, etc. Via Adam Swartz
https://docs.google.com/spreadsheets/d/1TxNrvaIMRS_dmupcwjwJmXtaFk_lPGE1LzgxPu_7KqA/edit?fbclid=IwAR3dktvcemzjYc7OvA-vu6MQMiI9_EpIS4Ei3C7TGKFgMWUG3eWPx2sUr3E#gid=1308919623
Google Docs
Bugbounty cheatsheet - Mohammed Adam(twitter.com/iam_amdadam)
Recon
Recon workflow
Horizontal & vertical Correlations
<a href="https://mxtoolbox.com/asn.aspx">https://mxtoolbox.com/asn.aspx</a>
<a href="https://viewdns.info/reversewhois">https://viewdns.info/reversewhois</a>
<a href="https://domaineye.com/">https:…
Recon workflow
Horizontal & vertical Correlations
<a href="https://mxtoolbox.com/asn.aspx">https://mxtoolbox.com/asn.aspx</a>
<a href="https://viewdns.info/reversewhois">https://viewdns.info/reversewhois</a>
<a href="https://domaineye.com/">https:…
Ginp banking Trojan on the rise
https://securityintelligence.com/posts/ginp-malware-operations-rising-expansions-turkey/
https://securityintelligence.com/posts/ginp-malware-operations-rising-expansions-turkey/
Security Intelligence
Ginp Malware Operations are on the Rise with Expansions in Turkey
The Ginp mobile banking malware, which emerged in late 2019, is one of the top Android banking malware families today. Read on to learn more about how Ginp is impacting Android malware in the past 90 days.
Purposefully Insecure and Vulnerable Android Application (PIVAA)
Part 1: https://medium.com/@timmccann222/purposefully-insecure-and-vulnerable-android-application-pivaa-part-1-6af8941b54d3
Part 2: https://medium.com/@timmccann222/purposefully-insecure-and-vulnerable-android-application-pivaa-part-2-34c838bd4a0b?source=linkShare-1764222123d3-1592496527&_branch_match_id=602531711872894297
Part 3: https://medium.com/@timmccann222/purposefully-insecure-and-vulnerable-android-application-pivaa-part-3-e5d0f58ad05
PIVAA: https://github.com/htbridge/pivaa
Part 1: https://medium.com/@timmccann222/purposefully-insecure-and-vulnerable-android-application-pivaa-part-1-6af8941b54d3
Part 2: https://medium.com/@timmccann222/purposefully-insecure-and-vulnerable-android-application-pivaa-part-2-34c838bd4a0b?source=linkShare-1764222123d3-1592496527&_branch_match_id=602531711872894297
Part 3: https://medium.com/@timmccann222/purposefully-insecure-and-vulnerable-android-application-pivaa-part-3-e5d0f58ad05
PIVAA: https://github.com/htbridge/pivaa
Medium
Purposefully Insecure and Vulnerable Android Application (PIVAA): Part 1
This article is the first part in a series that will cover some of the different vulnerabilities present in the “Purposefully Insecure and…