Buffer-overflow in Android native code — MobileHackingLab ‘Notekeeper’ Write-up
https://ajmal-moochingal.medium.com/buffer-overflow-in-android-native-code-mobilehackinglab-notekeeper-write-up-4e7764be3c2a
https://ajmal-moochingal.medium.com/buffer-overflow-in-android-native-code-mobilehackinglab-notekeeper-write-up-4e7764be3c2a
Medium
Buffer-overflow in Android native code — MobileHackingLab ‘Notekeeper’ Write-up
Exploiting a Buffer-overflow bug in a native library function in an Android App to gain code execution.
🔥8👍5❤2
How to debug Android/iOS native library using GDB debugger?
https://medium.com/@shubhamsonani/how-to-debug-android-ios-native-library-using-gdb-debugger-d02c0e0341eb
https://medium.com/@shubhamsonani/how-to-debug-android-ios-native-library-using-gdb-debugger-d02c0e0341eb
Medium
How to debug Android/iOS native library using GDB debugger?
Hi Guys, after a long time, I am writing a new blog that will help you guys while performing Android/iOS penetration testing. I am going…
👍13
Exploit released for Android local privilege elevation (root) impacts several OEMs (APEX key reuse vulnerability CVE-2023-45779)
Info: Devices contained at least one preinstalled APEX signed only with AOSP test keys, for which anyone can produce an update
Write-up: https://rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys.html
Exploit: https://github.com/metaredteam/rtx-cve-2023-45779
Info: Devices contained at least one preinstalled APEX signed only with AOSP test keys, for which anyone can produce an update
Write-up: https://rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys.html
Exploit: https://github.com/metaredteam/rtx-cve-2023-45779
Meta Red Team X
Missing signs: how several brands forgot to secure a key piece of Android
We recently discovered that Android devices from multiple major brands sign APEX modules—updatable units of highly-privileged OS code—using private keys from Android’s public source repository. Anyone can forge an APEX update for such a device to gain near…
👍9🔥2❤1
Complete guide on how Bluetooth and BLE works
It also includes source code for a server and client Android apps that demonstrate the communication
https://proandroiddev.com/android-bluetooth-and-ble-the-modern-way-a-complete-guide-4e95138998a0
It also includes source code for a server and client Android apps that demonstrate the communication
https://proandroiddev.com/android-bluetooth-and-ble-the-modern-way-a-complete-guide-4e95138998a0
Medium
Android, Bluetooth and BLE the modern way: a complete guide
Bluetooth is an immensely fun technology to work with. Once you learn how to search for and communicate with devices, you will be surprised…
🔥11👍3
Twelve Android apps containing VajraSpy RAT used by the Patchwork APT group. Six of these apps had previously been available on Google Play; together they reached over 1,400 installs
https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/
https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/
Welivesecurity
VajraSpy: A Patchwork of espionage apps
ESET researchers discovered several Android apps that posed as messaging tools but carried VajraSpy, a RAT used by the Patchwork APT group
👍10❤3
NetHunter Hacker XII: Master Social Engineering using SET
Explained SET attack vectors such as create e-mail template, site clone, credential harvester, mass mailer, Arduino attacks, web jacking attack.
Also how to fix common errors and attack prevention tips
https://www.mobile-hacker.com/2024/02/02/nethunter-hacker-xii-master-social-engineering-using-set/
Explained SET attack vectors such as create e-mail template, site clone, credential harvester, mass mailer, Arduino attacks, web jacking attack.
Also how to fix common errors and attack prevention tips
https://www.mobile-hacker.com/2024/02/02/nethunter-hacker-xii-master-social-engineering-using-set/
Mobile Hacker
NetHunter Hacker XII: Master Social Engineering using SET Mobile Hacker
Social engineering is a technique used by attackers to trick people into disclosing private information or doing activities that affect the security of a system or network. The Social-Engineer Toolkit (SET) is one of the most popular tools used in social…
👍19❤1
Hacking a Smart Home Device
Reverse engineered an ESP32-based smart home device to gain remote control access and integrate it with Home Assistant
https://jmswrnr.com/blog/hacking-a-smart-home-device
Reverse engineered an ESP32-based smart home device to gain remote control access and integrate it with Home Assistant
https://jmswrnr.com/blog/hacking-a-smart-home-device
James Warner
Hacking a Smart Home Device
How I reverse engineered an ESP32-based smart home device to gain remote control access and integrate it with Home Assistant.
👍17
Analysis of Android settings during a forensic investigation
https://blog.digital-forensics.it/2024/01/analysis-of-android-settings-during.html
https://blog.digital-forensics.it/2024/01/analysis-of-android-settings-during.html
blog.digital-forensics.it
Analysis of Android settings during a forensic investigation
DFIR research
👍14❤3
MobSF Remote code execution (via CVE-2024-21633)
https://github.com/0x33c0unt/CVE-2024-21633
https://github.com/0x33c0unt/CVE-2024-21633
GitHub
GitHub - 0x33c0unt/CVE-2024-21633: MobSF Remote code execution (via CVE-2024-21633)
MobSF Remote code execution (via CVE-2024-21633). Contribute to 0x33c0unt/CVE-2024-21633 development by creating an account on GitHub.
👍16🤯8👻1
Commercial spyware companies are behind most zero-day exploits - discovered by Google
Blog: https://blog.google/threat-analysis-group/commercial-surveillance-vendors-google-tag-report/
PDF: https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Buying_Spying_-_Insights_into_Commercial_Surveillance_Vendors_-_TAG_report.pdf
Blog: https://blog.google/threat-analysis-group/commercial-surveillance-vendors-google-tag-report/
PDF: https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Buying_Spying_-_Insights_into_Commercial_Surveillance_Vendors_-_TAG_report.pdf
Google
Buying Spying: How the commercial surveillance industry works and what can be done about it
The latest report from Threat Analysis Group documents the rise of commercial surveillance vendors and the industry that threatens free speech, the free press and the op…
🔥7❤3👍2👻1
Android Content Providers 101
https://www.pentestpartners.com/security-blog/android-content-providers-101/
https://www.pentestpartners.com/security-blog/android-content-providers-101/
Pentestpartners
Android Content Providers 101 | Pen Test Partners
Introduction Android has a number of different types of components that a program or app can instantiate to interact with the user or other programs. Recently I've been looking at exported as an interesting way to manipulate information that other apps have…
👍9👻1
Operation triangulation - Keychain module analysis
https://shindan.io/posts/keychain_module_analysis/
https://shindan.io/posts/keychain_module_analysis/
shindan.io
Operation triangulation - Keychain module analysis.
Operation Triangulation is the name of an attack that has been targeting Kaspersky employees among others.
Kaspersky has published a lot of really interesting blogposts detailing the exploit chain and how they caught all the samples.
https://securelist.com/trng…
Kaspersky has published a lot of really interesting blogposts detailing the exploit chain and how they caught all the samples.
https://securelist.com/trng…
👍12👻1
Google Play Protect will soon automatically block sideloading Android apps if they request one of these four permissions: RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility
https://security.googleblog.com/2024/02/piloting-new-ways-to-protect-Android-users-from%20financial-fraud.html
https://security.googleblog.com/2024/02/piloting-new-ways-to-protect-Android-users-from%20financial-fraud.html
Google Online Security Blog
Piloting new ways of protecting Android users from financial fraud
Posted by Eugene Liderman, Director of Mobile Security Strategy, Google From its founding , Android has been guided by principles of open...
👍13😢7🤬5❤1👻1
Reverse engineering of Android Phoenix RAT
Analysis: https://cryptax.medium.com/reverse-engineering-of-android-phoenix-b59693c03bd3
Phoenix overview: https://cryptax.medium.com/android-phoenix-authors-claims-sample-identification-and-trends-f199cbc9901d
Analysis: https://cryptax.medium.com/reverse-engineering-of-android-phoenix-b59693c03bd3
Phoenix overview: https://cryptax.medium.com/android-phoenix-authors-claims-sample-identification-and-trends-f199cbc9901d
Medium
Reverse engineering of Android/Phoenix
Android/Phoenix is a malicious Remote Access Tool. Its main goal is to extensively spy on the victim’s phone (grab all screenshots, steal…
👍9❤2👻2
Analysis of an Info Stealer — Chapter 2: The iOS App
https://medium.com/@icebre4ker/analysis-of-an-info-stealer-chapter-2-the-ios-app-0529e7b45405
https://medium.com/@icebre4ker/analysis-of-an-info-stealer-chapter-2-the-ios-app-0529e7b45405
Medium
Analysis of an Info Stealer — Chapter 2: The iOS App
Introduction
❤7👍3🤔3👻1
Analysis of an Info Stealer — Chapter 3: The Android App
https://medium.com/@icebre4ker/analysis-of-an-info-stealer-chapter-3-the-android-app-54ba3068b537
https://medium.com/@icebre4ker/analysis-of-an-info-stealer-chapter-3-the-android-app-54ba3068b537
Medium
Analysis of an Info Stealer — Chapter 3: The Android App
Introduction & Preface
🔥8💊4❤2👍1
MoqHao evolution: New variants start automatically right after installation
MoqHao aka XLoader is an Android malware operated by a financially motivated threat actor named Roaming Mantis.
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/moqhao-evolution-new-variants-start-automatically-right-after-installation/
MoqHao aka XLoader is an Android malware operated by a financially motivated threat actor named Roaming Mantis.
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/moqhao-evolution-new-variants-start-automatically-right-after-installation/
McAfee Blog
MoqHao evolution: New variants start automatically right after installation | McAfee Blog
Authored by Dexter Shin MoqHao is a well-known Android malware family associated with the Roaming Mantis threat actor group first discovered in 2015.
👍10❤3🎉1👻1
NetHunter Hacker XIII: Overall guide to MITM framework
New blog covers methods that attackers may employ to intercept network communication like in a video that demonstrates using SSLStrip+ and DNS change to intercept HTTPS and bypass HSTS via MITMf
https://www.mobile-hacker.com/2024/02/13/nethunter-hacker-xiii-overall-guide-to-mitm-framework/
New blog covers methods that attackers may employ to intercept network communication like in a video that demonstrates using SSLStrip+ and DNS change to intercept HTTPS and bypass HSTS via MITMf
https://www.mobile-hacker.com/2024/02/13/nethunter-hacker-xiii-overall-guide-to-mitm-framework/
Mobile Hacker
NetHunter Hacker XIII: Overall guide to MITM framework Mobile Hacker
I will cover the several methods that attackers may employ to intercept network communication to execute ARP poisoning, HTTP and HTTPS traffic interception, and DNS spoofing. In the video below is a demonstration of using SSLstrip and DNS change to intercept…
👍13⚡2❤1
SIM Hijacking
https://sensepost.com/blog/2022/sim-hijacking/
https://sensepost.com/blog/2022/sim-hijacking/
👍15⚡1
Mobile Threat Landscape Report for 2023
Report includes review of Android and iOS vulnerabilities and malware in 2023
https://www.lookout.com/threat-intelligence/report/mobile-landscape-threat-report
Report includes review of Android and iOS vulnerabilities and malware in 2023
https://www.lookout.com/threat-intelligence/report/mobile-landscape-threat-report
Lookout
Mobile Landscape Threat Report
Based on an analysis of Lookout’s security dataset of more than 300 million mobile apps, 220 million mobile devices, and billions of web items, Lookout has authored the Mobile Threat Landscape Report.
👍10❤2
iOS and Android Trojan harvesting facial recognition data used for unauthorized access to bank accounts
https://www.group-ib.com/blog/goldfactory-ios-trojan/
https://www.group-ib.com/blog/goldfactory-ios-trojan/
Group-IB
Face Off: Group-IB identifies first iOS trojan stealing facial recognition data
Group-IB uncovers the first iOS Trojan harvesting facial recognition data used for unauthorized access to bank accounts. The GoldDigger family grows
👍13🔥7