Android Worm Malware spreads via SMS in India as TikTok Pro [malware demo]
https://youtu.be/mzkDxBjshI4
https://youtu.be/mzkDxBjshI4
YouTube
Android worm malware spreads via SMS in India as TikTok Pro | Android Malware | Fake TikTok Pro
TikTok app was recently banned in India
Malware developers have promptly misused the situation to distribute Android SMS worm disguised as Tiktok Pro.
Once user installs the app, it send SMS to all the contacts with a link to the malicious app.
After the…
Malware developers have promptly misused the situation to distribute Android SMS worm disguised as Tiktok Pro.
Once user installs the app, it send SMS to all the contacts with a link to the malicious app.
After the…
Google has removed 29 apps from the Play Store which were found filled with adware. These Android apps had over 3.5 million downloads on the Play Store.
https://www.whiteops.com/blog/bringing-blur-apps-into-focus
https://www.whiteops.com/blog/bringing-blur-apps-into-focus
HUMAN
Bringing Blur Apps Into Focus
The White Ops Threat Intelligence and Research Team uncovered an operation dubbed 'ChartreuseBlur', a collection of blur apps committing ad fraud.
AppSec: How to NOT create a job Android app [analysis]
https://medium.com/@fs0c131y/appsec-how-to-not-create-a-job-app-5b2776d16464
https://medium.com/@fs0c131y/appsec-how-to-not-create-a-job-app-5b2776d16464
Medium
AppSec: How to NOT create a job app
Few days ago, I received this private message on Twitter.
Android InsecureBankv2 Walkthrough
Part 1: https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-1-9e0788ba5552
Part 2: https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-2-429b4ab4a60f
Part 3: https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-3-2b3e5843fe91
Part 1: https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-1-9e0788ba5552
Part 2: https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-2-429b4ab4a60f
Part 3: https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-3-2b3e5843fe91
Medium
Android InsecureBankv2 Walkthrough: Part 1
In this article, I will be taking a look at the InsecureBankv2 Android application created by the GitHub user dineshshetty. According to…
Exploiting Android Messengers with WebRTC: Part 1
https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-1.html
https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-1.html
Blogspot
Exploiting Android Messengers with WebRTC: Part 1
Posted by Natalie Silvanovich, Project Zero This is a three-part series on exploiting messenger applications using vulnerabilities in We...
MMS Exploit Part 4: MMS Primer, Completing the ASLR Oracle
https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-4-completing-aslr-oracle.html
https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-4-completing-aslr-oracle.html
Blogspot
MMS Exploit Part 4: MMS Primer, Completing the ASLR Oracle
Posted by Mateusz Jurczyk, Project Zero This post is the fourth of a multi-part series capturing my journey from discovering a vulnerabl...
Exploiting Android Messengers with WebRTC: Part 2
https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-2.html
https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-2.html
Blogspot
Exploiting Android Messengers with WebRTC: Part 2
Posted by Natalie Silvanovich, Project Zero This is a three-part series on exploiting messenger applications using vulnerabilities in WebR...
Reversing the Root
Identifying the Exploited Vulnerability in 0-days Used In-The-Wild
https://github.com/maddiestone/ConPresentations/blob/master/BH2020.ReversingTheRoot.pdf
Identifying the Exploited Vulnerability in 0-days Used In-The-Wild
https://github.com/maddiestone/ConPresentations/blob/master/BH2020.ReversingTheRoot.pdf
NSA tips how to limit location data exposure
https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI_LIMITING_LOCATION_DATA_EXPOSURE_FINAL.PDF
https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI_LIMITING_LOCATION_DATA_EXPOSURE_FINAL.PDF
Exploiting Android Messengers with WebRTC: Part 3
https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-3.html
https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-3.html
Blogspot
Exploiting Android Messengers with WebRTC: Part 3
Posted by Natalie Silvanovich, Project Zero This is a three-part series on exploiting messenger applications using vulnerabilities in WebR...
Android: Access to app protected components
https://blog.oversecured.com/Android-Access-to-app-protected-components/
https://blog.oversecured.com/Android-Access-to-app-protected-components/
News, Techniques & Guides
Android: Access to app protected components
Introduction This vulnerability resembles Open Redirect in web security. Since class Intent is Parcelable, objects belonging to this class can be passed as extra data in another Intent object. Many...
Qualcomm chip vulnerability
400 vulnerable code sections were uncovered on Qualcomm’s Snapdragon digital signal processor (DSP) chip
https://media.defcon.org/DEF%20CON%2028/DEF%20CON%20Safe%20Mode%20presentations/DEF%20CON%20Safe%20Mode%20-%20Slava%20Makkaveev%20-%20Pwn2Own%20Qualcomm%20compute%20DSP%20for%20fun%20and%20profit.pdf
400 vulnerable code sections were uncovered on Qualcomm’s Snapdragon digital signal processor (DSP) chip
https://media.defcon.org/DEF%20CON%2028/DEF%20CON%20Safe%20Mode%20presentations/DEF%20CON%20Safe%20Mode%20-%20Slava%20Makkaveev%20-%20Pwn2Own%20Qualcomm%20compute%20DSP%20for%20fun%20and%20profit.pdf
TiYunZong: An Exploit Chain to Remotely Root Modern Android Devices
https://github.com/secmob/TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices/blob/master/us-20-Gong-TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices.pdf
https://github.com/secmob/TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices/blob/master/us-20-Gong-TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices.pdf
GitHub
TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices/us-20-Gong-TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern…
Contribute to secmob/TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices development by creating an account on GitHub.
Android Bug Foraging
Analysis of vulnerabilities found in:
-Tinder
-Google Camera
-Samsung Find My Mobile
-undisclosed app name
https://youtu.be/qbj-4NXsE-0
Analysis of vulnerabilities found in:
-Tinder
-Google Camera
-Samsung Find My Mobile
-undisclosed app name
https://youtu.be/qbj-4NXsE-0
YouTube
Pedro Umbelino | Joao Morais - Android Bug Foraging - DEF CON 28SM AppSec Village
The speakers are waiting for your questions on the DEF CON Discord server!
Join us (here: https://discord.gg/defcon), and join the channels:
#asv-talks-qa-text
#asv-talks-qa-voice
In this session, we will analyze four real-world examples of different high…
Join us (here: https://discord.gg/defcon), and join the channels:
#asv-talks-qa-text
#asv-talks-qa-voice
In this session, we will analyze four real-world examples of different high…
Forwarded from The Bug Bounty Hunter
Hacking iOS Simulator with simctl and dynamic libraries
https://curvedlayer.com/2020/08/09/ios-simulator-plugin-simctl.html
https://curvedlayer.com/2020/08/09/ios-simulator-plugin-simctl.html
Curvedlayer
Hacking iOS Simulator with simctl and dynamic libraries
Extend the iOS Simulator by building a plugin for it. A dynamic loader and simctl allow injecting custom code into the Simulator. With that, you can modify its behavior.
MMS Exploit Part 5: Defeating Android ASLR, Getting RCE
https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-5-defeating-aslr-getting-rce.html
https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-5-defeating-aslr-getting-rce.html
Blogspot
MMS Exploit Part 5: Defeating Android ASLR, Getting RCE
Posted by Mateusz Jurczyk, Project Zero This post is the fifth and final of a multi-part series capturing my journey from discovering a ...
ReVoLTE attack can decrypt 4G (LTE) calls to eavesdrop on conversations
https://www.zdnet.com/article/re-vol-te-attack-can-decrypt-4g-lte-calls-to-eavesdrop-on-conversations/
https://www.zdnet.com/article/re-vol-te-attack-can-decrypt-4g-lte-calls-to-eavesdrop-on-conversations/
ZDNET
ReVoLTE attack can decrypt 4G (LTE) calls to eavesdrop on conversations
Academics detail a new attack on 4G encrypted calls. Attack works only when the attacker is on the same base station (mobile tower) as the victim.
Hacker101 CTF: Android Challenge Writeups
https://medium.com/bugbountywriteup/hacker101-ctf-android-challenge-writeups-f830a382c3ce
https://medium.com/bugbountywriteup/hacker101-ctf-android-challenge-writeups-f830a382c3ce
Medium
Hacker101 CTF: Android Challenge Writeups
In this article, I will be demonstrating how to solve the Hacker101 CTF (Capture The Flag) challenges for the Android category. Hacker101…
Forwarded from The Bug Bounty Hunter
Android Pentesting Lab
Step by Step guide for beginners!
https://medium.com/@imparable/android-pentesting-lab-4a6fe1a1d2e0
Step by Step guide for beginners!
https://medium.com/@imparable/android-pentesting-lab-4a6fe1a1d2e0
Medium
Android Pentesting Lab
Step by Step guide for beginners!