MMS Exploit Part 4: MMS Primer, Completing the ASLR Oracle
https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-4-completing-aslr-oracle.html
https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-4-completing-aslr-oracle.html
Blogspot
MMS Exploit Part 4: MMS Primer, Completing the ASLR Oracle
Posted by Mateusz Jurczyk, Project Zero This post is the fourth of a multi-part series capturing my journey from discovering a vulnerabl...
Exploiting Android Messengers with WebRTC: Part 2
https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-2.html
https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-2.html
Blogspot
Exploiting Android Messengers with WebRTC: Part 2
Posted by Natalie Silvanovich, Project Zero This is a three-part series on exploiting messenger applications using vulnerabilities in WebR...
Reversing the Root
Identifying the Exploited Vulnerability in 0-days Used In-The-Wild
https://github.com/maddiestone/ConPresentations/blob/master/BH2020.ReversingTheRoot.pdf
Identifying the Exploited Vulnerability in 0-days Used In-The-Wild
https://github.com/maddiestone/ConPresentations/blob/master/BH2020.ReversingTheRoot.pdf
NSA tips how to limit location data exposure
https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI_LIMITING_LOCATION_DATA_EXPOSURE_FINAL.PDF
https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI_LIMITING_LOCATION_DATA_EXPOSURE_FINAL.PDF
Exploiting Android Messengers with WebRTC: Part 3
https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-3.html
https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-3.html
Blogspot
Exploiting Android Messengers with WebRTC: Part 3
Posted by Natalie Silvanovich, Project Zero This is a three-part series on exploiting messenger applications using vulnerabilities in WebR...
Android: Access to app protected components
https://blog.oversecured.com/Android-Access-to-app-protected-components/
https://blog.oversecured.com/Android-Access-to-app-protected-components/
News, Techniques & Guides
Android: Access to app protected components
Introduction This vulnerability resembles Open Redirect in web security. Since class Intent is Parcelable, objects belonging to this class can be passed as extra data in another Intent object. Many...
Qualcomm chip vulnerability
400 vulnerable code sections were uncovered on Qualcomm’s Snapdragon digital signal processor (DSP) chip
https://media.defcon.org/DEF%20CON%2028/DEF%20CON%20Safe%20Mode%20presentations/DEF%20CON%20Safe%20Mode%20-%20Slava%20Makkaveev%20-%20Pwn2Own%20Qualcomm%20compute%20DSP%20for%20fun%20and%20profit.pdf
400 vulnerable code sections were uncovered on Qualcomm’s Snapdragon digital signal processor (DSP) chip
https://media.defcon.org/DEF%20CON%2028/DEF%20CON%20Safe%20Mode%20presentations/DEF%20CON%20Safe%20Mode%20-%20Slava%20Makkaveev%20-%20Pwn2Own%20Qualcomm%20compute%20DSP%20for%20fun%20and%20profit.pdf
TiYunZong: An Exploit Chain to Remotely Root Modern Android Devices
https://github.com/secmob/TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices/blob/master/us-20-Gong-TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices.pdf
https://github.com/secmob/TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices/blob/master/us-20-Gong-TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices.pdf
GitHub
TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices/us-20-Gong-TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern…
Contribute to secmob/TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices development by creating an account on GitHub.
Android Bug Foraging
Analysis of vulnerabilities found in:
-Tinder
-Google Camera
-Samsung Find My Mobile
-undisclosed app name
https://youtu.be/qbj-4NXsE-0
Analysis of vulnerabilities found in:
-Tinder
-Google Camera
-Samsung Find My Mobile
-undisclosed app name
https://youtu.be/qbj-4NXsE-0
YouTube
Pedro Umbelino | Joao Morais - Android Bug Foraging - DEF CON 28SM AppSec Village
The speakers are waiting for your questions on the DEF CON Discord server!
Join us (here: https://discord.gg/defcon), and join the channels:
#asv-talks-qa-text
#asv-talks-qa-voice
In this session, we will analyze four real-world examples of different high…
Join us (here: https://discord.gg/defcon), and join the channels:
#asv-talks-qa-text
#asv-talks-qa-voice
In this session, we will analyze four real-world examples of different high…
Forwarded from The Bug Bounty Hunter
Hacking iOS Simulator with simctl and dynamic libraries
https://curvedlayer.com/2020/08/09/ios-simulator-plugin-simctl.html
https://curvedlayer.com/2020/08/09/ios-simulator-plugin-simctl.html
Curvedlayer
Hacking iOS Simulator with simctl and dynamic libraries
Extend the iOS Simulator by building a plugin for it. A dynamic loader and simctl allow injecting custom code into the Simulator. With that, you can modify its behavior.
MMS Exploit Part 5: Defeating Android ASLR, Getting RCE
https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-5-defeating-aslr-getting-rce.html
https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-5-defeating-aslr-getting-rce.html
Blogspot
MMS Exploit Part 5: Defeating Android ASLR, Getting RCE
Posted by Mateusz Jurczyk, Project Zero This post is the fifth and final of a multi-part series capturing my journey from discovering a ...
ReVoLTE attack can decrypt 4G (LTE) calls to eavesdrop on conversations
https://www.zdnet.com/article/re-vol-te-attack-can-decrypt-4g-lte-calls-to-eavesdrop-on-conversations/
https://www.zdnet.com/article/re-vol-te-attack-can-decrypt-4g-lte-calls-to-eavesdrop-on-conversations/
ZDNET
ReVoLTE attack can decrypt 4G (LTE) calls to eavesdrop on conversations
Academics detail a new attack on 4G encrypted calls. Attack works only when the attacker is on the same base station (mobile tower) as the victim.
Hacker101 CTF: Android Challenge Writeups
https://medium.com/bugbountywriteup/hacker101-ctf-android-challenge-writeups-f830a382c3ce
https://medium.com/bugbountywriteup/hacker101-ctf-android-challenge-writeups-f830a382c3ce
Medium
Hacker101 CTF: Android Challenge Writeups
In this article, I will be demonstrating how to solve the Hacker101 CTF (Capture The Flag) challenges for the Android category. Hacker101…
Forwarded from The Bug Bounty Hunter
Android Pentesting Lab
Step by Step guide for beginners!
https://medium.com/@imparable/android-pentesting-lab-4a6fe1a1d2e0
Step by Step guide for beginners!
https://medium.com/@imparable/android-pentesting-lab-4a6fe1a1d2e0
Medium
Android Pentesting Lab
Step by Step guide for beginners!
Qualcomm QCACLD WiFi monitor mode for Android
https://github.com/kimocoder/qualcomm_android_monitor_mode
https://github.com/kimocoder/qualcomm_android_monitor_mode
GitHub
GitHub - kimocoder/qualcomm_android_monitor_mode: Qualcomm QCACLD WiFi monitor mode for Android
Qualcomm QCACLD WiFi monitor mode for Android. Contribute to kimocoder/qualcomm_android_monitor_mode development by creating an account on GitHub.
CnC communication of a fake Aarogya Setu COVID-19 app
https://medium.com/@cryptax/cnc-communication-of-a-fake-aarogya-setu-covid-19-app-810817a36257
https://medium.com/@cryptax/cnc-communication-of-a-fake-aarogya-setu-covid-19-app-810817a36257
Medium
CnC communication of a fake Aarogya Setu COVID-19 app
Aarogya Setu is the Indian open source COVID-19 contact tracing app. Like many other COVID-19 tracing apps, it has many malicious…
Setup macOS for iOS Research
https://www.mac4n6.com/blog/2020/8/13/step-by-step-macos-setup-for-ios-research-via-bizzybarney
https://www.mac4n6.com/blog/2020/8/13/step-by-step-macos-setup-for-ios-research-via-bizzybarney
mac4n6.com
Part 1: Step-by-step macOS Setup for iOS Research (via @bizzybarney) — mac4n6.com
CLI…WTF Command line interface (CLI) isn’t for everyone. Trust me; I get it. @iamevltwin forced me out of my comfort zone a few years ago and opened my eyes to the power of Terminal (command prompt on Mac). Now it is pinned to the Dock on every Mac…
👍1
Google Firebase messaging vulnerability allowed attackers to send push notifications to app users
https://abss.me/posts/fcm-takeover/
https://abss.me/posts/fcm-takeover/
abss.me
Firebase Cloud Messaging Service Takeover: A small research that led to 30k$+ in bounties
TL;DR A malicous attacker could control the content of push notifications to any application that runs the FCM SDK and has it’s FCM server key exposed & at the same time send these notifications to every single user of the vulnerable application!
Write-up for Samsung SCTF’s Android Reverse Engineering Challenge https://link.medium.com/sZIupscha9
Medium
Vault 101 : Samsung CTF Android Reverse Engineering Challenge Write-up
Write-up for SCTF’s Android Reverse Engineering Challenge: Vault 101 using pure static analysis based reverse engineering and custom…
Samsung 'Find My Mobile' vulnerability report
https://char49.com/articles/malicious-apps-could-take-over-samsung-devices
Detailed report: http://char49.com/tech-reports/fmmx1-report.pdf
https://char49.com/articles/malicious-apps-could-take-over-samsung-devices
Detailed report: http://char49.com/tech-reports/fmmx1-report.pdf