Writing an iOS Kernel Exploit from Scratch
https://secfault-security.com/blog/chain3.html
https://secfault-security.com/blog/chain3.html
How to identify if someone spies on your WhatsApp messages
https://youtu.be/qjoApedppbw
https://youtu.be/qjoApedppbw
MMS Exploit Part 2: Effective Fuzzing of the Qmage Codec
https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-2-effective-fuzzing-qmage.html
https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-2-effective-fuzzing-qmage.html
Blogspot
MMS Exploit Part 2: Effective Fuzzing of the Qmage Codec
Posted by Mateusz Jurczyk, Project Zero This post is the second of a multi-part series capturing my journey from discovering a vulnerabl...
DJI GO 4 Android application security analysis (app to control drones)
https://www.synacktiv.com/en/publications/dji-android-go-4-application-security-analysis.html
https://www.synacktiv.com/en/publications/dji-android-go-4-application-security-analysis.html
Synacktiv
DJI Android GO 4 application security analysis
Source code of Cerberus (Android Malware) is for sale - $100,000
https://www.bleepingcomputer.com/news/security/cerberus-android-malware-source-code-offered-for-sale-for-100-000/
https://www.bleepingcomputer.com/news/security/cerberus-android-malware-source-code-offered-for-sale-for-100-000/
BleepingComputer
Cerberus Android malware source code offered for sale for $100,000
The maintainer of Cerberus banking trojan for Android is auctioning the entire project for a price starting at $50,000 or close the deal for double the money.
AndroidProjectCreator: v1.4-stable has been released
You can now install precompiled versions of all dependencies, shortening the installation to mere seconds! The full patch notes are given here:
https://maxkersten.nl/2020/07/28/androidprojectcreator-1-4-stable-release/
You can now install precompiled versions of all dependencies, shortening the installation to mere seconds! The full patch notes are given here:
https://maxkersten.nl/2020/07/28/androidprojectcreator-1-4-stable-release/
Medusa - new framework for dynamic analysis of Android apps
It offers different categories and modules to active during the dynamic analysis. It generates Frida noscripts based on the picked modules
https://github.com/Ch0pin/medusa
It offers different categories and modules to active during the dynamic analysis. It generates Frida noscripts based on the picked modules
https://github.com/Ch0pin/medusa
GitHub
GitHub - Ch0pin/medusa: Mobile Edge-Dynamic Unified Security Analysis
Mobile Edge-Dynamic Unified Security Analysis. Contribute to Ch0pin/medusa development by creating an account on GitHub.
Review of Medusa Framework
Tool for dynamic analysis of Android apps
In review is hooked database module in Instagram app #BugBounty #Pentest #MalwareAnalysis
https://www.facebook.com/AndroidInfoSec/posts/3285627958127349
Tool for dynamic analysis of Android apps
In review is hooked database module in Instagram app #BugBounty #Pentest #MalwareAnalysis
https://www.facebook.com/AndroidInfoSec/posts/3285627958127349
MMS Exploit Part 3: Constructing the Memory Corruption Primitives
https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-3-constructing-primitives.html
https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-3-constructing-primitives.html
Blogspot
MMS Exploit Part 3: Constructing the Memory Corruption Primitives
Posted by Mateusz Jurczyk, Project Zero This post is the third of a multi-part series capturing my journey from discovering a vulnerable...
Android Worm Malware spreads via SMS in India as TikTok Pro [malware demo]
https://youtu.be/mzkDxBjshI4
https://youtu.be/mzkDxBjshI4
YouTube
Android worm malware spreads via SMS in India as TikTok Pro | Android Malware | Fake TikTok Pro
TikTok app was recently banned in India
Malware developers have promptly misused the situation to distribute Android SMS worm disguised as Tiktok Pro.
Once user installs the app, it send SMS to all the contacts with a link to the malicious app.
After the…
Malware developers have promptly misused the situation to distribute Android SMS worm disguised as Tiktok Pro.
Once user installs the app, it send SMS to all the contacts with a link to the malicious app.
After the…
Google has removed 29 apps from the Play Store which were found filled with adware. These Android apps had over 3.5 million downloads on the Play Store.
https://www.whiteops.com/blog/bringing-blur-apps-into-focus
https://www.whiteops.com/blog/bringing-blur-apps-into-focus
HUMAN
Bringing Blur Apps Into Focus
The White Ops Threat Intelligence and Research Team uncovered an operation dubbed 'ChartreuseBlur', a collection of blur apps committing ad fraud.
AppSec: How to NOT create a job Android app [analysis]
https://medium.com/@fs0c131y/appsec-how-to-not-create-a-job-app-5b2776d16464
https://medium.com/@fs0c131y/appsec-how-to-not-create-a-job-app-5b2776d16464
Medium
AppSec: How to NOT create a job app
Few days ago, I received this private message on Twitter.
Android InsecureBankv2 Walkthrough
Part 1: https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-1-9e0788ba5552
Part 2: https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-2-429b4ab4a60f
Part 3: https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-3-2b3e5843fe91
Part 1: https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-1-9e0788ba5552
Part 2: https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-2-429b4ab4a60f
Part 3: https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-3-2b3e5843fe91
Medium
Android InsecureBankv2 Walkthrough: Part 1
In this article, I will be taking a look at the InsecureBankv2 Android application created by the GitHub user dineshshetty. According to…
Exploiting Android Messengers with WebRTC: Part 1
https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-1.html
https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-1.html
Blogspot
Exploiting Android Messengers with WebRTC: Part 1
Posted by Natalie Silvanovich, Project Zero This is a three-part series on exploiting messenger applications using vulnerabilities in We...
MMS Exploit Part 4: MMS Primer, Completing the ASLR Oracle
https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-4-completing-aslr-oracle.html
https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-4-completing-aslr-oracle.html
Blogspot
MMS Exploit Part 4: MMS Primer, Completing the ASLR Oracle
Posted by Mateusz Jurczyk, Project Zero This post is the fourth of a multi-part series capturing my journey from discovering a vulnerabl...
Exploiting Android Messengers with WebRTC: Part 2
https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-2.html
https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-2.html
Blogspot
Exploiting Android Messengers with WebRTC: Part 2
Posted by Natalie Silvanovich, Project Zero This is a three-part series on exploiting messenger applications using vulnerabilities in WebR...
Reversing the Root
Identifying the Exploited Vulnerability in 0-days Used In-The-Wild
https://github.com/maddiestone/ConPresentations/blob/master/BH2020.ReversingTheRoot.pdf
Identifying the Exploited Vulnerability in 0-days Used In-The-Wild
https://github.com/maddiestone/ConPresentations/blob/master/BH2020.ReversingTheRoot.pdf
NSA tips how to limit location data exposure
https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI_LIMITING_LOCATION_DATA_EXPOSURE_FINAL.PDF
https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI_LIMITING_LOCATION_DATA_EXPOSURE_FINAL.PDF
Exploiting Android Messengers with WebRTC: Part 3
https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-3.html
https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-3.html
Blogspot
Exploiting Android Messengers with WebRTC: Part 3
Posted by Natalie Silvanovich, Project Zero This is a three-part series on exploiting messenger applications using vulnerabilities in WebR...