AndroidProjectCreator: v1.4-stable has been released
You can now install precompiled versions of all dependencies, shortening the installation to mere seconds! The full patch notes are given here:
https://maxkersten.nl/2020/07/28/androidprojectcreator-1-4-stable-release/
You can now install precompiled versions of all dependencies, shortening the installation to mere seconds! The full patch notes are given here:
https://maxkersten.nl/2020/07/28/androidprojectcreator-1-4-stable-release/
Medusa - new framework for dynamic analysis of Android apps
It offers different categories and modules to active during the dynamic analysis. It generates Frida noscripts based on the picked modules
https://github.com/Ch0pin/medusa
It offers different categories and modules to active during the dynamic analysis. It generates Frida noscripts based on the picked modules
https://github.com/Ch0pin/medusa
GitHub
GitHub - Ch0pin/medusa: Mobile Edge-Dynamic Unified Security Analysis
Mobile Edge-Dynamic Unified Security Analysis. Contribute to Ch0pin/medusa development by creating an account on GitHub.
Review of Medusa Framework
Tool for dynamic analysis of Android apps
In review is hooked database module in Instagram app #BugBounty #Pentest #MalwareAnalysis
https://www.facebook.com/AndroidInfoSec/posts/3285627958127349
Tool for dynamic analysis of Android apps
In review is hooked database module in Instagram app #BugBounty #Pentest #MalwareAnalysis
https://www.facebook.com/AndroidInfoSec/posts/3285627958127349
MMS Exploit Part 3: Constructing the Memory Corruption Primitives
https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-3-constructing-primitives.html
https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-3-constructing-primitives.html
Blogspot
MMS Exploit Part 3: Constructing the Memory Corruption Primitives
Posted by Mateusz Jurczyk, Project Zero This post is the third of a multi-part series capturing my journey from discovering a vulnerable...
Android Worm Malware spreads via SMS in India as TikTok Pro [malware demo]
https://youtu.be/mzkDxBjshI4
https://youtu.be/mzkDxBjshI4
YouTube
Android worm malware spreads via SMS in India as TikTok Pro | Android Malware | Fake TikTok Pro
TikTok app was recently banned in India
Malware developers have promptly misused the situation to distribute Android SMS worm disguised as Tiktok Pro.
Once user installs the app, it send SMS to all the contacts with a link to the malicious app.
After the…
Malware developers have promptly misused the situation to distribute Android SMS worm disguised as Tiktok Pro.
Once user installs the app, it send SMS to all the contacts with a link to the malicious app.
After the…
Google has removed 29 apps from the Play Store which were found filled with adware. These Android apps had over 3.5 million downloads on the Play Store.
https://www.whiteops.com/blog/bringing-blur-apps-into-focus
https://www.whiteops.com/blog/bringing-blur-apps-into-focus
HUMAN
Bringing Blur Apps Into Focus
The White Ops Threat Intelligence and Research Team uncovered an operation dubbed 'ChartreuseBlur', a collection of blur apps committing ad fraud.
AppSec: How to NOT create a job Android app [analysis]
https://medium.com/@fs0c131y/appsec-how-to-not-create-a-job-app-5b2776d16464
https://medium.com/@fs0c131y/appsec-how-to-not-create-a-job-app-5b2776d16464
Medium
AppSec: How to NOT create a job app
Few days ago, I received this private message on Twitter.
Android InsecureBankv2 Walkthrough
Part 1: https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-1-9e0788ba5552
Part 2: https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-2-429b4ab4a60f
Part 3: https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-3-2b3e5843fe91
Part 1: https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-1-9e0788ba5552
Part 2: https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-2-429b4ab4a60f
Part 3: https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-3-2b3e5843fe91
Medium
Android InsecureBankv2 Walkthrough: Part 1
In this article, I will be taking a look at the InsecureBankv2 Android application created by the GitHub user dineshshetty. According to…
Exploiting Android Messengers with WebRTC: Part 1
https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-1.html
https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-1.html
Blogspot
Exploiting Android Messengers with WebRTC: Part 1
Posted by Natalie Silvanovich, Project Zero This is a three-part series on exploiting messenger applications using vulnerabilities in We...
MMS Exploit Part 4: MMS Primer, Completing the ASLR Oracle
https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-4-completing-aslr-oracle.html
https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-4-completing-aslr-oracle.html
Blogspot
MMS Exploit Part 4: MMS Primer, Completing the ASLR Oracle
Posted by Mateusz Jurczyk, Project Zero This post is the fourth of a multi-part series capturing my journey from discovering a vulnerabl...
Exploiting Android Messengers with WebRTC: Part 2
https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-2.html
https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-2.html
Blogspot
Exploiting Android Messengers with WebRTC: Part 2
Posted by Natalie Silvanovich, Project Zero This is a three-part series on exploiting messenger applications using vulnerabilities in WebR...
Reversing the Root
Identifying the Exploited Vulnerability in 0-days Used In-The-Wild
https://github.com/maddiestone/ConPresentations/blob/master/BH2020.ReversingTheRoot.pdf
Identifying the Exploited Vulnerability in 0-days Used In-The-Wild
https://github.com/maddiestone/ConPresentations/blob/master/BH2020.ReversingTheRoot.pdf
NSA tips how to limit location data exposure
https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI_LIMITING_LOCATION_DATA_EXPOSURE_FINAL.PDF
https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI_LIMITING_LOCATION_DATA_EXPOSURE_FINAL.PDF
Exploiting Android Messengers with WebRTC: Part 3
https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-3.html
https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-3.html
Blogspot
Exploiting Android Messengers with WebRTC: Part 3
Posted by Natalie Silvanovich, Project Zero This is a three-part series on exploiting messenger applications using vulnerabilities in WebR...
Android: Access to app protected components
https://blog.oversecured.com/Android-Access-to-app-protected-components/
https://blog.oversecured.com/Android-Access-to-app-protected-components/
News, Techniques & Guides
Android: Access to app protected components
Introduction This vulnerability resembles Open Redirect in web security. Since class Intent is Parcelable, objects belonging to this class can be passed as extra data in another Intent object. Many...
Qualcomm chip vulnerability
400 vulnerable code sections were uncovered on Qualcomm’s Snapdragon digital signal processor (DSP) chip
https://media.defcon.org/DEF%20CON%2028/DEF%20CON%20Safe%20Mode%20presentations/DEF%20CON%20Safe%20Mode%20-%20Slava%20Makkaveev%20-%20Pwn2Own%20Qualcomm%20compute%20DSP%20for%20fun%20and%20profit.pdf
400 vulnerable code sections were uncovered on Qualcomm’s Snapdragon digital signal processor (DSP) chip
https://media.defcon.org/DEF%20CON%2028/DEF%20CON%20Safe%20Mode%20presentations/DEF%20CON%20Safe%20Mode%20-%20Slava%20Makkaveev%20-%20Pwn2Own%20Qualcomm%20compute%20DSP%20for%20fun%20and%20profit.pdf
TiYunZong: An Exploit Chain to Remotely Root Modern Android Devices
https://github.com/secmob/TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices/blob/master/us-20-Gong-TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices.pdf
https://github.com/secmob/TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices/blob/master/us-20-Gong-TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices.pdf
GitHub
TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices/us-20-Gong-TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern…
Contribute to secmob/TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices development by creating an account on GitHub.
Android Bug Foraging
Analysis of vulnerabilities found in:
-Tinder
-Google Camera
-Samsung Find My Mobile
-undisclosed app name
https://youtu.be/qbj-4NXsE-0
Analysis of vulnerabilities found in:
-Tinder
-Google Camera
-Samsung Find My Mobile
-undisclosed app name
https://youtu.be/qbj-4NXsE-0
YouTube
Pedro Umbelino | Joao Morais - Android Bug Foraging - DEF CON 28SM AppSec Village
The speakers are waiting for your questions on the DEF CON Discord server!
Join us (here: https://discord.gg/defcon), and join the channels:
#asv-talks-qa-text
#asv-talks-qa-voice
In this session, we will analyze four real-world examples of different high…
Join us (here: https://discord.gg/defcon), and join the channels:
#asv-talks-qa-text
#asv-talks-qa-voice
In this session, we will analyze four real-world examples of different high…
Forwarded from The Bug Bounty Hunter
Hacking iOS Simulator with simctl and dynamic libraries
https://curvedlayer.com/2020/08/09/ios-simulator-plugin-simctl.html
https://curvedlayer.com/2020/08/09/ios-simulator-plugin-simctl.html
Curvedlayer
Hacking iOS Simulator with simctl and dynamic libraries
Extend the iOS Simulator by building a plugin for it. A dynamic loader and simctl allow injecting custom code into the Simulator. With that, you can modify its behavior.