Fugu - is the first open source jailbreak tool based on the checkm8 exploit #iOS
https://github.com/LinusHenze/Fugu
https://github.com/LinusHenze/Fugu
GitHub
GitHub - LinusHenze/Fugu: Fugu is the first open source jailbreak based on the checkm8 exploit
Fugu is the first open source jailbreak based on the checkm8 exploit - LinusHenze/Fugu
Exploiting Insecure Firebase Database in Android apps
https://blog.securitybreached.org/2020/02/04/exploiting-insecure-firebase-database-bugbounty/
https://blog.securitybreached.org/2020/02/04/exploiting-insecure-firebase-database-bugbounty/
In the case you prefer Android InfoSec news rather on Facebook, we are there.
It is better for posting visuals and videos.
Feel free to like us https://facebook.com/AndroidInfoSec/
It is better for posting visuals and videos.
Feel free to like us https://facebook.com/AndroidInfoSec/
Android Banking Malware #slides
https://maxkersten.nl/wp-content/uploads/2020/02/SecureID_AndroidBankingMalware_ENG.pdf
https://maxkersten.nl/wp-content/uploads/2020/02/SecureID_AndroidBankingMalware_ENG.pdf
Analyzing iOS WhatsApp Calls
Analysis of the network traffic + binary files + runtime behavior
https://link.medium.com/yi4uD2Q1P3
Analysis of the network traffic + binary files + runtime behavior
https://link.medium.com/yi4uD2Q1P3
Medium
Analyzing WhatsApp Calls
How I revealed parts of the VoIP protocol with Wireshark, radare2 and Frida.
Overview of mobile malware detected in December 2019 by Doctor Web
https://news.drweb.com/show/review/?i=13641&lng=en
https://news.drweb.com/show/review/?i=13641&lng=en
Dr.Web
Dr.Web — Doctor Web’s overview of malware detected on mobile devices in December 2019
Find out on Doctor Web’s site about the latest virus threats and information security issues.
MadDroid: Detecting Devious Ad Contents for Android Apps
https://arxiv.org/pdf/2002.01656.pdf
https://arxiv.org/pdf/2002.01656.pdf
Android Apps on Google Play Communicate with Trojans that Install Malware, Perform Mobile Ad Fraud
https://blog.trendmicro.com/trendlabs-security-intelligence/malicious-apps-on-google-play-communicate-with-trojans-install-malware-perform-mobile-ad-fraud/
https://blog.trendmicro.com/trendlabs-security-intelligence/malicious-apps-on-google-play-communicate-with-trojans-install-malware-perform-mobile-ad-fraud/
Trend Micro
Fake Android Apps Communicate For Malware, Ad Fraud
We found several malicious optimizer, booster, and utility apps capable of accessing remote ad configuration servers that can be used for malicious purposes, perform mobile ad fraud, and download as many as 3,000 malware variants or payloads.
Anubis Banking Trojan still spreads via email as fake invoice
https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/
https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/
Cofense
Anubis Targets 250 Android Apps with Ransomware | Cofense
Infostealer keylogger/ransomware, OneAnubis, targets 250 Android applications - Stay informed about Android app vulnerabilities and OneAnubis malware.
Bluetooth Vulnerability in Android (CVE-2020-0022)
Bug allows an attacker to execute arbitrary code with the privileges of the Bluetooth daemon
https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/
Bug allows an attacker to execute arbitrary code with the privileges of the Bluetooth daemon
https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/
Forwarded from The Bug Bounty Hunter
Android: How to Bypass Root Check and Certificate Pinning
https://medium.com/@cintainfinita/android-how-to-bypass-root-check-and-certificate-pinning-36f74842d3be
https://medium.com/@cintainfinita/android-how-to-bypass-root-check-and-certificate-pinning-36f74842d3be
Medium
Android: How to Bypass Root Check and Certificate Pinning
Recently I needed to pentest an Android application. When I installed the app in my virtual device (Android Emulator), a pop up…
👍1
iOS exploit development series:
Part 1: Heap Exploit Development:
https://azeria-labs.com/heap-exploit-development-part-1/
Part 2: Heap Overflows and the iOS Kernel Heap
https://azeria-labs.com/heap-overflows-and-the-ios-kernel-heap/
Part 3: Grooming the iOS Kernel Heap
https://azeria-labs.com/grooming-the-ios-kernel-heap/
Part 1: Heap Exploit Development:
https://azeria-labs.com/heap-exploit-development-part-1/
Part 2: Heap Overflows and the iOS Kernel Heap
https://azeria-labs.com/heap-overflows-and-the-ios-kernel-heap/
Part 3: Grooming the iOS Kernel Heap
https://azeria-labs.com/grooming-the-ios-kernel-heap/
Azeria-Labs
Heap Exploit Development
Elector app leaked personal information – ID, full name, address, and phone – of almost 6.5 million Israelis with voting rights
https://securityaffairs.co/wordpress/97603/data-breach/elector-app-israel-data-leak.html
https://securityaffairs.co/wordpress/97603/data-breach/elector-app-israel-data-leak.html
Security Affairs
Netanyahu's party Elector app exposes data on over 6.5M Israelis
A misconfiguration in an election day app developed by Likud, the Netanyahu's party might have exposed data on over 6.5 million Israelis.
rvi_capture
A utility to create packet capture dumps from iOS devices (for debugging network activity via Wireshark)
https://github.com/gh2o/rvi_capture
A utility to create packet capture dumps from iOS devices (for debugging network activity via Wireshark)
https://github.com/gh2o/rvi_capture
GitHub
GitHub - gh2o/rvi_capture: rvictl for Linux and Windows: capture packets sent/received by iOS devices
rvictl for Linux and Windows: capture packets sent/received by iOS devices - gh2o/rvi_capture
Overview of mobile malware detected in January 2020 by Doctor Web
https://news.drweb.com/show/?i=13669&lng=en
https://news.drweb.com/show/?i=13669&lng=en
Android security research, with focus on Arm TrustZone
Understanding Trusted Execution Environments and the Arm TrustZone Technology
https://azeria-labs.com/trusted-execution-environments-tee-and-trustzone/
Understanding Trusted Execution Environments and the Arm TrustZone Technology
https://azeria-labs.com/trusted-execution-environments-tee-and-trustzone/
Azeria-Labs
Trusted Execution Environments and Arm TrustZone