SELinux bypasses
This post aims at giving an overview of what SELinux is, how it is implemented, and how to bypass it, from the point of view of Android kernel exploitation
https://klecko.github.io/posts/selinux-bypasses/
This post aims at giving an overview of what SELinux is, how it is implemented, and how to bypass it, from the point of view of Android kernel exploitation
https://klecko.github.io/posts/selinux-bypasses/
Klecko Blog
SELinux bypasses
This post aims at giving an overview of what SELinux is, how it is implemented, and how to bypass it, from the point of view of Android kernel exploitation.
โค29๐ฅ5๐1
Analysis of CVE-2024-26926
A Linux kernel bug in the Binder component primarily affecting Android devices labeled as EoP
https://github.com/MaherAzzouzi/LinuxKernel-nday/blob/main/CVE-2024-26926/CVE_2024_26926_Analysis.pdf
A Linux kernel bug in the Binder component primarily affecting Android devices labeled as EoP
https://github.com/MaherAzzouzi/LinuxKernel-nday/blob/main/CVE-2024-26926/CVE_2024_26926_Analysis.pdf
GitHub
LinuxKernel-nday/CVE-2024-26926/CVE_2024_26926_Analysis.pdf at main ยท MaherAzzouzi/LinuxKernel-nday
Linux Kernel N-day Exploit/Analysis. Contribute to MaherAzzouzi/LinuxKernel-nday development by creating an account on GitHub.
๐16โค4
South Korean Mobile Malware Campaign: A Technical Deep Dive
https://www.linkedin.com/pulse/south-korean-mobile-malware-campaign-technical-deep-dive-rastogi-rma6e
https://www.linkedin.com/pulse/south-korean-mobile-malware-campaign-technical-deep-dive-rastogi-rma6e
๐15
This media is not supported in your browser
VIEW IN TELEGRAM
ShadyShader 2: An Apple bug that could freeze any device or cause crash loops by exploiting how GPUs handle shaders
Similar issue Apple patched last year (CVE-2023-40441)
https://www.imperva.com/blog/shadyshader-crashing-apple-m-series-with-single-click/
Similar issue Apple patched last year (CVE-2023-40441)
https://www.imperva.com/blog/shadyshader-crashing-apple-m-series-with-single-click/
๐ฅ23โค2
I tried to explain how it is possible to locate smartphones using Advertising ID and ad plugins that are part of thousand popular apps without needing any spyware or exploits
https://www.mobile-hacker.com/2024/10/25/locate-smartphones-using-advertising-id-without-spyware-or-exploit/
https://www.mobile-hacker.com/2024/10/25/locate-smartphones-using-advertising-id-without-spyware-or-exploit/
Mobile Hacker
Locate smartphones using Advertising ID without spyware or exploit
I explain how it is possible to locate Google and Apple smartphones legally by misusing device unique Advertising ID and stream of data collected by advertising plugins. These plugins are part of thousands of popular and legitimate apps.
๐25๐คก3๐ค2๐ฑ2
Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives also using Android malware
https://cloud.google.com/blog/topics/threat-intelligence/russian-espionage-influence-ukrainian-military-recruits-anti-mobilization-narratives/
https://cloud.google.com/blog/topics/threat-intelligence/russian-espionage-influence-ukrainian-military-recruits-anti-mobilization-narratives/
Google Cloud Blog
Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narrativesโฆ
A suspected Russian hybrid espionage and influence operation, delivering Windows and Android malware.
โค16๐5๐คฎ3๐2๐1๐ฅ1๐คก1๐1
iOS Forensics Suite: Generates detailed reports from iOS backups (encrypted & unencrypted) with device info, contacts, messages, WiFi, notes, WhatsApp data & more. All done locally.
https://github.com/piotrbania/ios_forensics_suite
https://github.com/piotrbania/ios_forensics_suite
GitHub
GitHub - piotrbania/ios_forensics_suite: A tool for generating detailed, locally-processed reports from iOS backups, supportingโฆ
A tool for generating detailed, locally-processed reports from iOS backups, supporting encrypted and unencrypted data. - piotrbania/ios_forensics_suite
โค13๐ฅ4๐2
Frida Script Runner - Versatile web-based tool designed for Android and iOS penetration testing purposes
https://github.com/z3n70/Frida-Script-Runner
https://github.com/z3n70/Frida-Script-Runner
๐ฅ26๐5โค3
Nine writeup for some Android specific chromium behavior vulnerabilities
1) intent:// restrictions bypassed via firebase dynamic links (Fixed, Awarded $3000)
2) Bypass to issue 40060327 via market:// URL (Fixed, Awarded $2250)
3) Add to home screen spoof (Fixed, Awarded $1125)
4) Iframe sandbox allow-popups-to-escape-sandbox bypass via intent (Asked, Not fixed)
5) Controlling Google assistant (Asked, Not fixed)
6) Controlling Clock (Accepted, Not fixed)
7) URL Spoof via intent (Fixed, Awarded $3133.70)
8) BROWSABLE intent:// bypass (Fixed, Duplicate)
9) BROWSABLE intent:// bypass (Fixed, Awarded $4500.00)
https://ndevtk.github.io/writeups/2024/08/01/awas/
1) intent:// restrictions bypassed via firebase dynamic links (Fixed, Awarded $3000)
2) Bypass to issue 40060327 via market:// URL (Fixed, Awarded $2250)
3) Add to home screen spoof (Fixed, Awarded $1125)
4) Iframe sandbox allow-popups-to-escape-sandbox bypass via intent (Asked, Not fixed)
5) Controlling Google assistant (Asked, Not fixed)
6) Controlling Clock (Accepted, Not fixed)
7) URL Spoof via intent (Fixed, Awarded $3133.70)
8) BROWSABLE intent:// bypass (Fixed, Duplicate)
9) BROWSABLE intent:// bypass (Fixed, Awarded $4500.00)
https://ndevtk.github.io/writeups/2024/08/01/awas/
Writeups
Android web attack surface
The following is a writeup for some Android specific chromium behaviors.
๐14๐4โค3
Cracking into a Just Eat / Takeaway.com terminal with an NFC card
https://blog.mgdproductions.com/justeat-takeaway-terminal/
https://blog.mgdproductions.com/justeat-takeaway-terminal/
MGD Blog
Cracking into a Just Eat / Takeaway.com terminal with an NFC card
So this is a pretty interesting one, i found this one on a local marketplace for 25 dollars, so i immediately snagged it up.
After it booted up, it showed an activation screen. Looks like the previous owner has logged out.
We can't do much from this screenโฆ
After it booted up, it showed an activation screen. Looks like the previous owner has logged out.
We can't do much from this screenโฆ
๐8๐2๐ฅ1
LightSpy: Implant for iOS
https://www.threatfabric.com/blogs/lightspy-implant-for-ios
https://www.threatfabric.com/blogs/lightspy-implant-for-ios
ThreatFabric
LightSpy: Implant for iOS
ThreatFabricโs latest insights on LightSpy malware, targeting both iOS and macOS. Learn about the evolving tactics, new destructive features, and the importance of keeping devices updated to defend against these advanced cyber threats.
๐15๐ฅ1
Emulating Android native libraries using unidbg
https://bhamza.me/blogpost/2024/09/10/Emulating-Android-native-libraries-using-unidbg.html
https://bhamza.me/blogpost/2024/09/10/Emulating-Android-native-libraries-using-unidbg.html
Hamzaโs blog posts, notes and thoughts.
Emulating Android native libraries using unidbg
Introduction Unidbg is an open-source framework to emulate Android native libraries (and to a certain extent has experimental iOS emulation capabilities). There are a few use cases where emulating Android libraries is beneficial. I will cover a single useโฆ
๐ฅ11โค3๐1
Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware
https://www.zimperium.com/blog/mishing-in-motion-uncovering-the-evolving-functionality-of-fakecall-malware/
https://www.zimperium.com/blog/mishing-in-motion-uncovering-the-evolving-functionality-of-fakecall-malware/
Zimperium
Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware - Zimperium
true
๐12๐ฅ5
Low-Level Development on Retail Android Hardware - Reconnaissance and Prototyping a Bootloader
https://blog.timschumi.net/2024/10/05/lldorah-bootloader-prototype.html
https://blog.timschumi.net/2024/10/05/lldorah-bootloader-prototype.html
timschumiโs low-traffic blog
Low-Level Development on Retail Android Hardware - Reconnaissance and Prototyping a Bootloader
Many months ago, a slightly younger Tim thought that porting mainline Linux to his old Android phone for the purpose of experimentation would be a great way to pass time. (In hindsight it was, but not for the reasons imagined.)
๐ฅ12๐3๐1
Android G700 spyware: The Next Generation of Craxs RAT
https://www.cyfirma.com/research/g700-the-next-generation-of-craxs-rat/
https://www.cyfirma.com/research/g700-the-next-generation-of-craxs-rat/
CYFIRMA
G700 : The Next Generation of Craxs RAT - CYFIRMA
EXECUTIVE SUMMARY At CYFIRMA, we are dedicated to providing timely and relevant insights into emerging threats and tactics used by...
โก14๐4๐3
From Tracing to Patching using Frida
https://ad2001.com/blog/frida-tracing
https://ad2001.com/blog/frida-tracing
Ajin Deepak
From Tracing to Patching using Frida
This article demonstrates the power of Frida tracing in reverse engineering, using Mini Militia Classic as a case study.
๐16๐3โค1
ToxicPanda: a new banking trojan from Asia hit Europe and LATAM
https://www.cleafy.com/cleafy-labs/toxicpanda-a-new-banking-trojan-from-asia-hit-europe-and-latam
https://www.cleafy.com/cleafy-labs/toxicpanda-a-new-banking-trojan-from-asia-hit-europe-and-latam
Cleafy
ToxicPanda: a new banking trojan from Asia hit Europe and LATAM | Cleafy Labs
Discover Cleafy's in-depth analysis of a new Android banking Trojan campaign, ToxicPanda, initially linked to TgToxic. Our findings reveal a sophisticated fraud operation targeting European and LATAM banks, using On-Device Fraud (ODF) tactics to execute accountโฆ
๐13๐2
Apple CarPlay: What's Under the Hood
Slides: https://troopers.de/downloads/troopers24/TR24_Apple_CarPlay-What's_Under_the_Hood_8MCYKG.pdf
Video: https://www.youtube.com/watch?v=cHhxJzavq5I
Slides: https://troopers.de/downloads/troopers24/TR24_Apple_CarPlay-What's_Under_the_Hood_8MCYKG.pdf
Video: https://www.youtube.com/watch?v=cHhxJzavq5I
โค16๐3๐1