Reverse Engineering Snapchat (Part I): Obfuscation Techniques
https://hot3eed.github.io/snap_part1_obfuscations.html
https://hot3eed.github.io/snap_part1_obfuscations.html
The secret life of GPS trackers
Part 1: https://decoded.avast.io/martinhron/the-secret-life-of-gps-trackers/
Part 2: https://decoded.avast.io/martinhron/the-secret-life-of-gps-trackers-2-2/
Part 1: https://decoded.avast.io/martinhron/the-secret-life-of-gps-trackers/
Part 2: https://decoded.avast.io/martinhron/the-secret-life-of-gps-trackers-2-2/
Avast Threat Labs
The secret life of GPS trackers (1/2) - Avast Threat Labs
Cheap GPS trackers can come handy in every situation, for your car, relatives, kids. But it turns out that many of them share the same flaws. Unsecured communications, default passwords and cloud environment that is far from secure.
Kuwait and Bahrain have published some of the most invasive Covid-19 contact-tracing apps in the world, putting the privacy and security of their users at risk, Amnesty International says
https://www.bbc.com/news/world-middle-east-53052395
https://www.bbc.com/news/world-middle-east-53052395
BBC News
Coronavirus: Alarm over 'invasive' Kuwait and Bahrain contact-tracing apps
Kuwait and Bahrain's apps put users' privacy and security at risk, Amnesty International says.
Analysis of Cerberus banking Trojan distributed over phishing websites (Amazon and NetBank)
https://labs.k7computing.com/?p=20468
https://labs.k7computing.com/?p=20468
K7 Labs
Mal Campaign Targets Android users - K7 Labs
Covid-19 pandemic has changed people’s behaviour significantly. Be it maintaining social distance, washing their hands more frequently, more of online […]
Analysis of Android Medical Malware, by Cryptax
https://youtu.be/n4YPM53igdw
https://youtu.be/n4YPM53igdw
YouTube
(EN) Medical Malware on Android analysis, by Cryptax - SecSea 2020
(Links and docs below) Last but not least, Cryptax introduce us a full analysis of a medical malware on Android, with a step by step retroengineering and examination of an app!
This is the last conference we have for you this year... but do not be sad. We'll…
This is the last conference we have for you this year... but do not be sad. We'll…
BitterAPT Revisited: the Untold Evolution of an Android Espionage Tool
https://www.bitdefender.com/files/News/CaseStudies/study/352/Bitdefender-PR-Whitepaper-BitterAPT-creat4571-en-EN-GenericUse.pdf
https://www.bitdefender.com/files/News/CaseStudies/study/352/Bitdefender-PR-Whitepaper-BitterAPT-creat4571-en-EN-GenericUse.pdf
FridaLoader: Auto-downloads the Frida server based off the architecture of the device/emulator
https://github.com/dineshshetty/FridaLoader
https://github.com/dineshshetty/FridaLoader
GitHub
GitHub - dineshshetty/FridaLoader: A quick and dirty app to download and launch Frida on Genymotion and rooted Physical Android…
A quick and dirty app to download and launch Frida on Genymotion and rooted Physical Android Devices - dineshshetty/FridaLoader
👍1
COVIDSafe-CVE-2020-12856: A silent pairing issue in bluetooth-based contact tracing apps
https://github.com/alwentiu/COVIDSafe-CVE-2020-12856
https://github.com/alwentiu/COVIDSafe-CVE-2020-12856
GitHub
GitHub - alwentiu/COVIDSafe-CVE-2020-12856: A bluetooth-related vulnerability in some contact tracing apps
A bluetooth-related vulnerability in some contact tracing apps - GitHub - alwentiu/COVIDSafe-CVE-2020-12856: A bluetooth-related vulnerability in some contact tracing apps
Forwarded from The Bug Bounty Hunter
Reverse Engineering Snapchat (Part II): Debofuscating the Undeobfuscatable
https://hot3eed.github.io/2020/06/22/snap_p2_deobfuscation.html
https://hot3eed.github.io/2020/06/22/snap_p2_deobfuscation.html
hot3eed.github.io
Reverse Engineering Snapchat (Part II): Deobfuscating the Undeobfuscatable
Reverse Engineering Snapchat (Part II): Deobfuscating the Undeobfuscatable 2020-06-22
Collection of writeups, cheatsheets, videos, related to Android Pentesting
https://github.com/jdonsec/AllThingsAndroid
https://github.com/jdonsec/AllThingsAndroid
GitHub
GitHub - jdonsec/AllThingsAndroid: A Collection of Android Pentest Learning Materials
A Collection of Android Pentest Learning Materials - jdonsec/AllThingsAndroid
Moroccan Journalist Targeted With Network Injection Attacks Using NSO Group’s Tools #iPhone
https://www.amnesty.org/en/latest/research/2020/06/moroccan-journalist-targeted-with-network-injection-attacks-using-nso-groups-tools/
https://www.amnesty.org/en/latest/research/2020/06/moroccan-journalist-targeted-with-network-injection-attacks-using-nso-groups-tools/
Amnesty International
Moroccan Journalist Targeted With Network Injection Attacks Using NSO Group’s Tools
In October 2019 Amnesty International published a first report on the use of spyware produced by Israeli company NSO Group against Moroccan human rights defenders Maati Monjib and Abdessadak El Bouchattaoui. Through our continued investigation, Amnesty International’s…
Let's Reverse Engineer an Android App!
Beginners guide
https://yasoob.me/posts/reverse-engineering-android-apps-apktool/
Beginners guide
https://yasoob.me/posts/reverse-engineering-android-apps-apktool/
yasoob.me
Let's Reverse Engineer an Android App! - Yasoob Khalid
I had always wanted to learn how to reverse engineer Android apps. There were people out there who knew how to navigate and modify the internals of an APK file and I wasn’t one of them. This had to be changed but it took a long time for that to happen. In…
HiddenAds up to no good again and spreading via Android gaming apps
https://decoded.avast.io/jakubvavra/hiddenads-up-to-no-good-again-and-spreading-via-android-gaming-apps/
https://decoded.avast.io/jakubvavra/hiddenads-up-to-no-good-again-and-spreading-via-android-gaming-apps/
Avast Threat Labs
HiddenAds up to no good again and spreading via Android gaming apps - Avast Threat Labs
I recently discovered a large campaign of HiddenAds on the Google Play Store, spreading via gaming apps. The initial discovery was made through an apklab.io automated detection that was based on similar features of a previous HiddenAds campaign that was present…
Forwarded from The Bug Bounty Hunter
The Top 5 Most Common Mobile App Security Flaws
https://www.allysonomalley.com/2020/06/23/the-top-5-most-common-mobile-app-security-flaws/
https://www.allysonomalley.com/2020/06/23/the-top-5-most-common-mobile-app-security-flaws/
allysonomalley.com
The Top 5 Most Common Mobile App Security Flaws
Whether you’re a pentester looking to gain some experience in mobile hacking or a developer aiming to build secure apps, familiarizing yourself with some of the common security mistakes developers …
New Android ransomware family identified + decryption tool created (because of the security issue in the code) #CryCryptor
https://www.welivesecurity.com/2020/06/24/new-ransomware-uses-covid19-tracing-guise-target-canada-eset-decryptor/
https://www.welivesecurity.com/2020/06/24/new-ransomware-uses-covid19-tracing-guise-target-canada-eset-decryptor/
WeLiveSecurity
New ransomware posing as COVID‑19 tracing app targets Canada; ESET offers decryptor
ESET researchers dissect an Android app that masquerades as an official COVID-19 contact-tracing app and encrypts files on the victim's device.
France’s COVID-19 tracing app has been downloaded and activated 1.8M times on Android and iOS since launch on 2 June... but then uninstalled 460,000 times.
Src: https://twitter.com/gcluley/status/1275720504092102656
Src: https://twitter.com/gcluley/status/1275720504092102656
Twitter
Graham Cluley
France’s COVID-19 tracing app has been downloaded and activated 1.8m times on Android and iOS since launch on 2 June... but then uninstalled 460,000 times.
The #RoamingMantis group targets Android and iOS devices (phishing Apple ID) in Europe #FakeCop
https://medium.com/csis-techblog/the-roamingmantis-groups-expansion-to-european-apple-accounts-and-android-devices-e6381723c681
https://medium.com/csis-techblog/the-roamingmantis-groups-expansion-to-european-apple-accounts-and-android-devices-e6381723c681
Medium
The RoamingMantis Group’s Expansion to European Apple Accounts and Android Devices
Background
iOS/MacOS wifi proximity kernel double free in AWDL BSS Steering
https://bugs.chromium.org/p/project-zero/issues/detail?id=2012
https://bugs.chromium.org/p/project-zero/issues/detail?id=2012
TikTok Secretly Spying On Clipboard of Millions iPhone Users
https://www.forbes.com/sites/zakdoffman/2020/06/26/warning-apple-suddenly-catches-tiktok-secretly-spying-on-millions-of-iphone-users/amp/
https://www.forbes.com/sites/zakdoffman/2020/06/26/warning-apple-suddenly-catches-tiktok-secretly-spying-on-millions-of-iphone-users/amp/
Forbes
Warning—Apple Suddenly Catches TikTok Secretly Spying On Millions Of iPhone Users
If you are a TikTok user, you should be worried—here's what you need to know.
Android malware detection based on image-based features and machine learning techniques
https://link.springer.com/article/10.1007/s42452-020-3132-2
https://link.springer.com/article/10.1007/s42452-020-3132-2
SpringerLink
Android malware detection based on image-based features and machine learning techniques
SN Applied Sciences - In this paper, a malware classification model has been proposed for detecting malware samples in the Android environment. The proposed model is based on converting some files...