Bug chaining in Android MX Player to achieve code execution
1) receive shared data file from other device
2) data file will exploit path traversal vulnerability
3) RCE of received data file
PoC: https://github.com/tenable/poc/tree/master/MXPlayer
https://medium.com/tenable-techblog/android-mx-player-path-traversal-to-code-execution-9134b623eb34
1) receive shared data file from other device
2) data file will exploit path traversal vulnerability
3) RCE of received data file
PoC: https://github.com/tenable/poc/tree/master/MXPlayer
https://medium.com/tenable-techblog/android-mx-player-path-traversal-to-code-execution-9134b623eb34
GitHub
poc/MXPlayer at master · tenable/poc
Proof of Concepts. Contribute to tenable/poc development by creating an account on GitHub.
Hacking smart devices to convince dementia sufferers to overdose
https://www.pentestpartners.com/security-blog/hacking-smart-devices-to-convince-dementia-sufferers-to-overdose/?=wednesday-8-july-2020
https://www.pentestpartners.com/security-blog/hacking-smart-devices-to-convince-dementia-sufferers-to-overdose/?=wednesday-8-july-2020
Pentestpartners
Hacking smart devices to convince dementia sufferers to overdose | Pen Test Partners
We've looked at numerous smart tracker watches over recent years. All had some disastrous security flaws. However, we found one recently that was a little different: it was aimed at the elderly, particularly those with dementia or other cognitive impairments.…
Global Grant URI in Android 8.0-9.0 [DUP]
Any third party application was able to grant R/W access to any exported/non exported, secured by permissions content providers which were installed in system
https://www.vulnano.com/2020/07/global-grant-uri-in-android-80-90-2018.html
Any third party application was able to grant R/W access to any exported/non exported, secured by permissions content providers which were installed in system
https://www.vulnano.com/2020/07/global-grant-uri-in-android-80-90-2018.html
Vulnano
Global grant uri in Android 8.0-9.0 (2018 year)
Vulnano: mobile security research.
How to unc0ver a 0-day in 4 hours or less
https://googleprojectzero.blogspot.com/2020/07/how-to-unc0ver-0-day-in-4-hours-or-less.html
https://googleprojectzero.blogspot.com/2020/07/how-to-unc0ver-0-day-in-4-hours-or-less.html
projectzero.google
How to unc0ver a 0-day in 4 hours or less - Project Zero
By Brandon Azad, Project ZeroAt 3 PM PDT on May 23, 2020, the unc0ver jailbreak was released for iOS 13.5 (the latest signed version at the time of release) ...
Critical Security Vulnerabilities fixed in Firefox for Android 68.10.1
A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins.
https://www.mozilla.org/en-US/security/advisories/mfsa2020-27/
A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins.
https://www.mozilla.org/en-US/security/advisories/mfsa2020-27/
Mozilla
Security Vulnerabilities fixed in Firefox for Android 68.10.1
Reversing DexGuard, Part 3 – Code Virtualization
https://www.pnfsoftware.com/blog/reversing-dexguard-virtualization/
https://www.pnfsoftware.com/blog/reversing-dexguard-virtualization/
Accelerating Android Updates
https://android-developers.googleblog.com/2020/07/accelerating-android-updates.html
https://android-developers.googleblog.com/2020/07/accelerating-android-updates.html
Android Developers Blog
Accelerating Android Updates
Posted by Eddie Hsu (Technical Program Manager), Brent VerWeyst (Product Manager), Maya Ben Ari (Product Manager), Amith Dsouza (Technica...
Reverse Engineering Nike Run Club Android App Using Frida
https://yasoob.me/posts/reverse-engineering-nike-run-club-using-frida-android/
https://yasoob.me/posts/reverse-engineering-nike-run-club-using-frida-android/
yasoob.me
Reverse Engineering Nike Run Club Android App Using Frida - Yasoob Khalid
Hi everyone! 👋 If you have been following my blog then you might have already read the article on reverse engineering an Android app by writing custom smali code. I am still very much a reverse engineering beginner so after that article, I got to learn about…
Russian Android Stalkerware
-after launch it gathers device logs
-downloads additional app via HTTP
-logs credentials....
Here is demo of this #Stalkware being installed and hooked by Frida
https://youtu.be/IcVRwyJpmMw
-after launch it gathers device logs
-downloads additional app via HTTP
-logs credentials....
Here is demo of this #Stalkware being installed and hooked by Frida
https://youtu.be/IcVRwyJpmMw
YouTube
Android Stalkerware logs gathering | downloading additional app | Monitoring app
Demonstration of how Android Stalkerware app logs and gathers device details, downloads additional app via HTTP to by installed, stores temporarily login credentials in clear text etc.
To identify this behavior during installation process I used Frida noscript…
To identify this behavior during installation process I used Frida noscript…
How To Intercept Android Application HTTPS traffic in Android 10 (Q) with Burp Suite and Magisk
https://www.theburpsuite.com/2020/05/intercepting-android-application-https.html
https://www.theburpsuite.com/2020/05/intercepting-android-application-https.html
Theburpsuite
Intercepting Android Application HTTPS traffic in Burp Suite - Android 10 (Q) with Magisk
Unofficial Burp Suite blog for Pentesting with the burp suite tutorials.
AMDH - Android Mobile Device Hardening tool
This forensics tool helps you list installed apps on device and dump them all
Tool: https://github.com/SecTheTech/AMDH
Test of the tool: https://www.instagram.com/p/CCgipObAGBQ/
This forensics tool helps you list installed apps on device and dump them all
Tool: https://github.com/SecTheTech/AMDH
Test of the tool: https://www.instagram.com/p/CCgipObAGBQ/
GitHub
GitHub - A-YATTA/AMDH: Android Mobile Device Hardening
Android Mobile Device Hardening. Contribute to A-YATTA/AMDH development by creating an account on GitHub.
Slicer - A tool to automate the recon process on an APK file
https://github.com/mzfr/slicer
https://github.com/mzfr/slicer
GitHub
GitHub - mzfr/slicer: A tool to automate the boring process of APK recon
A tool to automate the boring process of APK recon - mzfr/slicer
How to hack and prevent getting hacked by Android on the same WiFi
Video explains three types of attack:
1) Spy on other user web browsing
2) Redirect visited websites to attacker web
3) Steal Facebook login credentials
https://youtu.be/MHxbv6oA3CA
Video explains three types of attack:
1) Spy on other user web browsing
2) Redirect visited websites to attacker web
3) Steal Facebook login credentials
https://youtu.be/MHxbv6oA3CA
Android cyber-espionage campaign discovered in the Middle East as Welcome Chat app
This operation appears to be linked to the Gaza Hacker threat group.
The uncovered malicious operation both spies on victims and leaks their data (MITM, open server database without authorization)
https://www.welivesecurity.com/2020/07/14/welcome-chat-secure-messaging-app-nothing-further-truth/
This operation appears to be linked to the Gaza Hacker threat group.
The uncovered malicious operation both spies on victims and leaks their data (MITM, open server database without authorization)
https://www.welivesecurity.com/2020/07/14/welcome-chat-secure-messaging-app-nothing-further-truth/
WeLiveSecurity
Welcome Chat as a secure messaging app? Nothing could be further from the truth
ESET research uncovers a malicious operation that spies on Android users via Welcome Chat, an app posing as a secure chat service available in Google Play.
Code analysis of CryCryptor Android ransomware and its discovered vulnerability.
By exploiting this vulnerability was successfully created a decryption tool - CryDecryptor
https://youtu.be/deyBbSKKGk8
By exploiting this vulnerability was successfully created a decryption tool - CryDecryptor
https://youtu.be/deyBbSKKGk8
YouTube
Analysis of CryCryptor Android Ransomware and how I created decryptor | fake COVID-19 tracing app
Code and vulnerability analysis of CryCryptor Android Ransomware that was distributed via malicious websites as COVID-19 Tracing app in Canada.
More information: https://www.welivesecurity.com/2020/06/24/new-ransomware-uses-covid19-tracing-guise-target-canada…
More information: https://www.welivesecurity.com/2020/06/24/new-ransomware-uses-covid19-tracing-guise-target-canada…
Android: arbitrary code execution via third-party package context
https://blog.oversecured.com/Android-arbitrary-code-execution-via-third-party-package-contexts/
https://blog.oversecured.com/Android-arbitrary-code-execution-via-third-party-package-contexts/
News, Techniques & Guides
Android: arbitrary code execution via third-party package contexts
Introduction There are apps for Android that have the ability to add extra functionality by using external modules. Some load native libraries or third-party dex or app files, but in this article we...
BlackRock - new Android banking Trojan
https://www.threatfabric.com/blogs/blackrock_the_trojan_that_wanted_to_get_them_all.html
https://www.threatfabric.com/blogs/blackrock_the_trojan_that_wanted_to_get_them_all.html
Android Hacking with NMAP
-Exploit open ports and vulnerabilities in Android apps
-Search for unpatched ES File Explorer app and exploit it (CVE-2019-6447)
https://youtu.be/HXTl_V8UwYs
-Exploit open ports and vulnerabilities in Android apps
-Search for unpatched ES File Explorer app and exploit it (CVE-2019-6447)
https://youtu.be/HXTl_V8UwYs
0-click RCE via MMS exploit for Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0) #Fuzzing CVE-2020-8899
https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-1-introduction-to-qmage.html
Demo: https://youtu.be/ZQnb8kRMkHg
https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-1-introduction-to-qmage.html
Demo: https://youtu.be/ZQnb8kRMkHg
Blogspot
MMS Exploit Part 1: Introduction to the Samsung Qmage Codec and Remote Attack Surface
Posted by Mateusz Jurczyk, Project Zero This post is the first of a multi-part series capturing my journey from discovering a vulnerable...
Demo of bug in Firefox for Android that allows camera and microphone to stream if device is locked
▪️ it will be fixed in October 2020
▪️ it might be misused as Stalkerware
▪️ tips how to prevent being spied on until October 2020
https://youtu.be/FlthUOKdoKw
▪️ it will be fixed in October 2020
▪️ it might be misused as Stalkerware
▪️ tips how to prevent being spied on until October 2020
https://youtu.be/FlthUOKdoKw
YouTube
Bug in Firefox for Android allows camera and microphone live stream if device is locked
I demonstrated a bug in Firefox for Android reported in 2019 that lets device camera and microphone active even though the app is not used (in the background) or device is locked.
In my test, when I killed running Firefox, the stream was disconnected after…
In my test, when I killed running Firefox, the stream was disconnected after…
ADMA v2.0 - Android Mobile Device Hardening tool
Now includes malwares detection based on permissions (more than 500 malwares analysis) with some new updates!
https://github.com/SecTheTech/AMDH
Now includes malwares detection based on permissions (more than 500 malwares analysis) with some new updates!
https://github.com/SecTheTech/AMDH
GitHub
GitHub - A-YATTA/AMDH: Android Mobile Device Hardening
Android Mobile Device Hardening. Contribute to A-YATTA/AMDH development by creating an account on GitHub.