SVE-2019-15230: A bug collision https://allsoftwaresucks.blogspot.com/2020/08/sve-2019-15230-bug-collision.html #android #dukeBarman
Blogspot
SVE-2019-15230: A bug collision
Researchers from Team T5 recently published their write-up on exploiting a bug in S-Boot and obtaining code execution in the Samsung Secure ...
Exploiting Android Messengers with WebRTC: Part 2 https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-2.html #exploit #android #dukeBarman
Blogspot
Exploiting Android Messengers with WebRTC: Part 2
Posted by Natalie Silvanovich, Project Zero This is a three-part series on exploiting messenger applications using vulnerabilities in WebR...
Fast search and dump dex on memory https://github.com/hluwa/FRIDA-DEXDump #android #reverse #dukeBarman
GitHub
GitHub - hluwa/frida-dexdump: A frida tool to dump dex in memory to support security engineers analyzing malware.
A frida tool to dump dex in memory to support security engineers analyzing malware. - hluwa/frida-dexdump
Android Reverse Engineering WorkBench for VS Code https://github.com/Surendrajat/APKLab #reverse #android #dukeBarman
GitHub
GitHub - APKLab/APKLab: Android Reverse-Engineering Workbench for VS Code
Android Reverse-Engineering Workbench for VS Code. Contribute to APKLab/APKLab development by creating an account on GitHub.
Project Zero: An iOS hacker tries Android https://googleprojectzero.blogspot.com/2020/12/an-ios-hacker-tries-android.html #android #exploitation #dukeBarman
Blogspot
An iOS hacker tries Android
Written by Brandon Azad, when working at Project Zero One of the amazing aspects of working at Project Zero is having the flexibility to dir...
How to use Ghidra to Reverse Engineer Mobile Application https://medium.com/bugbountywriteup/how-to-use-ghidra-to-reverse-engineer-mobile-application-c2c89dc5b9aa #reverse #android #ghidra #newbie #dukeBarman
Medium
How to use Ghidra to Reverse Engineer Mobile Application
Unveil the
In-the-Wild Series: October 2020 0-day discovery
https://googleprojectzero.blogspot.com/2021/03/in-wild-series-october-2020-0-day.html
In October 2020, Google Project Zero discovered seven 0-day exploits being actively used in-the-wild. These exploits were delivered via "watering hole" attacks in a handful of websites pointing to two exploit servers that hosted exploit chains for Android, Windows, and iOS devices. These attacks appear to be the next iteration of the campaign discovered in February 2020 and documented in below blog posts:
Part1: Introducing the In-the-Wild Series
https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html
Part2: Chrome Infinity Bug
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-infinity-bug.html
Part3: Chrome Exploits
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-exploits.html
Part4: Android Exploits
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-exploits.html
Part5: Android Post-Exploitation
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-post-exploitation.html
Part6: Windows Exploits
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-windows-exploits.html
#reverse #expdev #rce #lpe #sandbox #escape #android #ios #windows #chrome #browser #darw1n
https://googleprojectzero.blogspot.com/2021/03/in-wild-series-october-2020-0-day.html
In October 2020, Google Project Zero discovered seven 0-day exploits being actively used in-the-wild. These exploits were delivered via "watering hole" attacks in a handful of websites pointing to two exploit servers that hosted exploit chains for Android, Windows, and iOS devices. These attacks appear to be the next iteration of the campaign discovered in February 2020 and documented in below blog posts:
Part1: Introducing the In-the-Wild Series
https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html
Part2: Chrome Infinity Bug
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-infinity-bug.html
Part3: Chrome Exploits
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-exploits.html
Part4: Android Exploits
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-exploits.html
Part5: Android Post-Exploitation
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-post-exploitation.html
Part6: Windows Exploits
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-windows-exploits.html
#reverse #expdev #rce #lpe #sandbox #escape #android #ios #windows #chrome #browser #darw1n
Blogspot
In-the-Wild Series: October 2020 0-day discovery
Posted by Maddie Stone, Project Zero In October 2020, Google Project Zero discovered seven 0-day exploits being actively used in-the-w...
A foray into Linux kernel exploitation on Android https://mcyoloswagham.github.io/linux/ #exploitation #android #linux #dukeBarman
mcyoloswagham.github.io
A foray into Linux kernel exploitation on Android
In November of 2020, I decided to dive into the world of Android, more specifically the linux kernel. I did this because earlier in the year, around February, I broke my old phone during a skiing trip and hastily bought a cheap android phone, the Alcatelβ¦
Exploiting memory corruption vulnerabilities on Android https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/ #android #exploitation #dukeBarman
News, Techniques & Guides
Exploiting memory corruption vulnerabilities on Android
In today's blog, we'll discuss memory corruption vulnerabilities in Android apps and how they can be exploited. At the end of the article, we'll show how we found such a vulnerability in PayPal apps and what the result could be.
Security probe of Qualcomm MSM data services https://research.checkpoint.com/2021/security-probe-of-qualcomm-msm/ #exploitation #android #hardware #dukeBarman
Check Point Research
Security probe of Qualcomm MSM data services - Check Point Research
Research By: Slava Makkaveev Introduction Mobile Station Modem (MSM) is an ongoing series of a 2G/3G/4G/5G-capable system on chips (SoC) designed by Qualcomm starting in the early 1990s. MSM has always been and will be a popular target for security researchβ¦
Android ADB plugin for Total Commander:
Original: https://4pda.to/forum/index.php?showtopic=374826
Mirror: https://totalcmd.net/plugring/android_adb.html
#tools #mobile #android #adb #darw1n
Original: https://4pda.to/forum/index.php?showtopic=374826
Mirror: https://totalcmd.net/plugring/android_adb.html
#tools #mobile #android #adb #darw1n
4pda.to
Android ADB - 4PDA
Android ADB, ΠΏΠ»Π°Π³ΠΈΠ½ Π΄Π»Ρ Total Commander
GDA, a new Dalvik bytecode decompiler, is implemented in C++
https://forum.reverse4you.org/t/gda-gjoy-dex-analyzer/16985 #reverse #tools #mobile #android #decompiler #apk #dex #dalvik #darw1n
https://forum.reverse4you.org/t/gda-gjoy-dex-analyzer/16985 #reverse #tools #mobile #android #decompiler #apk #dex #dalvik #darw1n
R0 CREW
GDA (GJoy Dex Analyzer)
GDA, a new Dalvik bytecode decompiler, is implemented in C++, which has the advantages of faster analysis and lower memory&disk consumption and an stronger ability to decompiling the APK, DEX, ODEX, OAT files(supports JAR, CLASS and AAR files since 3.79).β¦
π1
Android security checklist: WebView
https://blog.oversecured.com/Android-security-checklist-webview/
#mobile #android #webview #checklist #security #darw1n
https://blog.oversecured.com/Android-security-checklist-webview/
#mobile #android #webview #checklist #security #darw1n
News, Techniques & Guides
Android security checklist: WebView
WebView is a web browser that can be built into an app, and represents the most widely used component of the Android ecosystem; it is also subject to the largest number of potential errors.
FirmWire is a full-system baseband firmware emulation platform for fuzzing, debugging, and root-cause analysis of smartphone baseband firmwares
https://github.com/FirmWire/FirmWire
#fuzzing #mobile #firmware #android #Temporary17
https://github.com/FirmWire/FirmWire
#fuzzing #mobile #firmware #android #Temporary17
GitHub
GitHub - FirmWire/FirmWire: FirmWire is a full-system baseband firmware emulation platform for fuzzing, debugging, and root-causeβ¦
FirmWire is a full-system baseband firmware emulation platform for fuzzing, debugging, and root-cause analysis of smartphone baseband firmwares - FirmWire/FirmWire
π₯16π5π1
Analyzing a Modern In-the-wild Android Exploit
https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html
#expdev #android #linux
https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html
#expdev #android #linux
projectzero.google
Analyzing a Modern In-the-wild Android Exploit - Project Zero
By Seth Jenkins, Project ZeroIntroductionIn December 2022, Googleβs Threat Analysis Group (TAG) discovered an in-the-wild exploit chain targeting Samsu...
π₯5
Advanced Root Detection & Bypass Techniques
In this blog, we will explore techniques related to root detection on Android devices and methods to bypass it. Our main focus will be on the strategies employed by app developers to protect their applications and prevent them from running on compromised devices.
https://8ksec.io/advanced-root-detection-bypass-techniques/
#mobile #android #reverse #frida #root #detection #bypass
In this blog, we will explore techniques related to root detection on Android devices and methods to bypass it. Our main focus will be on the strategies employed by app developers to protect their applications and prevent them from running on compromised devices.
https://8ksec.io/advanced-root-detection-bypass-techniques/
#mobile #android #reverse #frida #root #detection #bypass
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
Advanced Frida Usage Part 5 β Advanced Root Detection & Bypass Techniques
Explore techniques related to root detection on Android devices and methods to bypass it.
π5β€4π1
DJI - The ART of obfuscation
https://blog.quarkslab.com/dji-the-art-of-obfuscation.html
#reverse #mobile #android #obfuscation
https://blog.quarkslab.com/dji-the-art-of-obfuscation.html
#reverse #mobile #android #obfuscation
Quarkslab
DJI - The ART of obfuscation - Quarkslab's blog
Study of an Android runtime (ART) hijacking mechanism for bytecode injection through a step-by-step analysis of the packer used to protect the DJI Pilot Android application.
π₯9β€5π2π΄2