apkingo - get detailed information about apk files
I retrieves: package name, target SDK, permissions, metadata, certificate serial and issuer, info from Google Play Store and detect if it is malicious using Koodous
https://github.com/andpalmier/apkingo
I retrieves: package name, target SDK, permissions, metadata, certificate serial and issuer, info from Google Play Store and detect if it is malicious using Koodous
https://github.com/andpalmier/apkingo
GitHub
GitHub - andpalmier/apkingo: extract info from apk files
extract info from apk files. Contribute to andpalmier/apkingo development by creating an account on GitHub.
👍19🔥8❤2👏1
How to Bypass Jailbreak Detection On iOS Apps & Games (iOS 11 - iOS 14)
https://idevicecentral.com/jailbreak-guide/how-to-bypass-jailbreak-detection-on-ios-applications-and-games-ios-11-ios-14/
https://idevicecentral.com/jailbreak-guide/how-to-bypass-jailbreak-detection-on-ios-applications-and-games-ios-11-ios-14/
iDevice Central - iOS Jailbreak News, Tutorials and Tools!
How to Bypass Jailbreak Detection On iOS Applications and Games (iOS 11 – iOS 14) - iDevice Central
Jailbreaking allows users to do more with their devices, to get past Apple's unnecessary walled garden approach. Sideloading, theming, tweaks to customize UI elements or to add functionality that is simply not there on stock iOS, all of these are done through…
👍12👏1
WiFi Zero Click RCE Trigger PoC CVE-2021-1965
https://github.com/parsdefense/CVE-2021-1965
https://github.com/parsdefense/CVE-2021-1965
🔥14👍5
Collection of Android (Samsung) Security Related Resources https://github.com/NetKingJ/android-security-awesome
GitHub
GitHub - NetKingJ/awesome-android-security: A Collection of Android (Samsung) Security Research References
A Collection of Android (Samsung) Security Research References - NetKingJ/awesome-android-security
👍17❤2🔥1
SMS PVA Services' Use of Infected Android Phones Reveals Flaws in SMS Verification
https://www.trendmicro.com/en_us/research/22/b/sms-pva-services-use-of-infected-android-phones-reveals-flaws-in-sms-verification.html
https://www.trendmicro.com/en_us/research/22/b/sms-pva-services-use-of-infected-android-phones-reveals-flaws-in-sms-verification.html
Trend Micro
SMS PVA Services' Use of Infected Android Phones Reveals Flaws in SMS Verification
👍8
Mobile malware evolution 2021 by Kaspersky
https://securelist.com/mobile-malware-evolution-2021/105876/
https://securelist.com/mobile-malware-evolution-2021/105876/
Securelist
Mobile malware evolution 2021
In 2021, cybercriminal activity gradually decreased, and attempts to exploit the pandemic topic became less common. However, mobile malware became more advanced, and attacks more complex.
👍10🥰2👏2
Xenomorph - new Android Banker - here is a quick video how smoothly it creates malicious overlay once targeted app (PayPal, Binance, Coinbase etc.) are launched by victim
https://youtu.be/7-yT65lVBf8
https://youtu.be/7-yT65lVBf8
👍15
Writeup for an iOS 15 exploit that can achieve kernel
Impact: A malicious application may be able to execute arbitrary code with kernel privileges (CVE-2021-30955)
https://www.cyberkl.com/cvelist/cvedetail/24
Impact: A malicious application may be able to execute arbitrary code with kernel privileges (CVE-2021-30955)
https://www.cyberkl.com/cvelist/cvedetail/24
Cyberkl
昆仑实验室
👍7🤔5🤩1
Directory traversal vulnerability discovered in Android Slack lead to disclosure of auth tokens https://hackerone.com/reports/1378889
HackerOne
Slack disclosed on HackerOne: [Android] Directory traversal leading...
Files uploaded to and opened in Slack with specially-crafted names could cause the Android operating system to overwrite configuration files on customer devices, potentially exposing Slack data to...
👍13🥰2
Intercepting Android Emulator SSL traffic with burp using magisk
https://infosecwriteups.com/intercepting-android-emulator-ssl-traffic-with-burp-using-magisk-bc948dca68f9
https://infosecwriteups.com/intercepting-android-emulator-ssl-traffic-with-burp-using-magisk-bc948dca68f9
Medium
Intercepting Android Emulator SSL traffic with burp using magisk
In an android security testing intercepting SSL traffic from the apk is one of the basic requirement. Their are many ways in which it can…
👍20🤩5
How to execute running Java code directly on Android (without creating an APK)
Part 1: https://raccoon.onyxbits.de/blog/run-java-app-android/
Part 2: https://raccoon.onyxbits.de/blog/programmatically-talking-to-the-android-system-adb-shell/
Part 1: https://raccoon.onyxbits.de/blog/run-java-app-android/
Part 2: https://raccoon.onyxbits.de/blog/programmatically-talking-to-the-android-system-adb-shell/
raccoon.onyxbits.de
How to run Java programs directly on Android (without creating an APK)
A step by step instruction for compiling a Java program into an Android executable and using ADB to run it.
👍12
FireFox extension for generating Frida snippet scripts from official Android developer documentation
Right click on function names (public methods section) or fields and it will automatically copy generated Frida snippet
https://github.com/eybisi/android-developer-frida (no overload support for now)
Right click on function names (public methods section) or fields and it will automatically copy generated Frida snippet
https://github.com/eybisi/android-developer-frida (no overload support for now)
GitHub
GitHub - eybisi/android-developer-frida: frida snippet generator firefox extension for developer.android.com
frida snippet generator firefox extension for developer.android.com - eybisi/android-developer-frida
👍11
PoC for CVE-2021-30955 has been publicly released affecting iOS 15.2
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
https://gist.github.com/jakeajames/37f72c58c775bfbdda3aa9575149a8aa
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
https://gist.github.com/jakeajames/37f72c58c775bfbdda3aa9575149a8aa
Gist
CVE-2021-30955 PoC
CVE-2021-30955 PoC. GitHub Gist: instantly share code, notes, and snippets.
👍11
Bug found in Zenly - Social-Media App with 50M+ installs - Allowed Account Takeover
https://checkmarx.com/blog/zenly-fixes-user-data-exposure-and-account-takeover-risks/
https://checkmarx.com/blog/zenly-fixes-user-data-exposure-and-account-takeover-risks/
Checkmarx.com
Zenly Fixes User Data Exposure and Account Takeover Risks
The Checkmarx Security Research Team responsibly notified Zenly, providing detailed information of our research findings, instructions to reproduce the issues, and recommendations. Zenly has now fixed the issues we discovered.
👍11❤1
Smali2Frida - generate Frida Hooks from .smali files
https://github.com/apkunpacker/Smali2Frida
https://github.com/apkunpacker/Smali2Frida
GitHub
GitHub - apkunpacker/Smali2Frida
Contribute to apkunpacker/Smali2Frida development by creating an account on GitHub.
👍7🥰3
Another iOS 15.1 kernel exploit PoC for CVE-2021-30955
https://github.com/b1n4r1b01/desc_race
https://github.com/b1n4r1b01/desc_race
GitHub
GitHub - b1n4r1b01/desc_race: iOS 15.1 kernel exploit POC for CVE-2021-30955
iOS 15.1 kernel exploit POC for CVE-2021-30955. Contribute to b1n4r1b01/desc_race development by creating an account on GitHub.
👍1
Android TeaBot banking malware with 10K+ installs is still available on Google Play Store
QR Code downloads main.apk that drops payload and targets over 400 apps
https://www.cleafy.com/cleafy-labs/teabot-is-now-spreading-across-the-globe
QR Code downloads main.apk that drops payload and targets over 400 apps
https://www.cleafy.com/cleafy-labs/teabot-is-now-spreading-across-the-globe
Cleafy
TeaBot is now spreading across the globe | Cleafy Labs
Since TeaBot first discovery in 2021, Cleafy's Threat Intelligence Team has been following this banking trojan's trails to understand how it acts against banks. To know more, read here our latest report.
👍3
Android banking malware TeaBot with 10,000+ installs is still available on Google Play Store
Double check which QR code app you are about to install or are using already
https://youtube.com/shorts/FvuqEhI9LjQ
Double check which QR code app you are about to install or are using already
https://youtube.com/shorts/FvuqEhI9LjQ
👍7🔥3
SMS PVA: Underground Service for Cybercriminals
Part 1: https://www.trendmicro.com/en_us/research/22/b/sms-pva-cybercriminals-part-1.html
Part 2: https://www.trendmicro.com/en_us/research/22/b/sms-pva-cybercriminals-part-2.html
Part 1: https://www.trendmicro.com/en_us/research/22/b/sms-pva-cybercriminals-part-1.html
Part 2: https://www.trendmicro.com/en_us/research/22/b/sms-pva-cybercriminals-part-2.html
Trend Micro
SMS PVA Part 1: Underground Service for Cybercriminals
This is a 3-part blog entry about SMS PVA, a service that lets cybercriminals compromise smartphone cybersecurity.
👍15🤯5
SharkBot - Two Android bankers discovered on Google Play ironically impersonate Antivirus apps
https://blog.fox-it.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/
https://blog.fox-it.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/
Fox-IT International blog
SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
Authors: Alberto Segura, Malware analystRolf Govers, Malware analyst & Forensic IT Expert NCC Group, as well as many other researchers noticed a rise in Android malware last year, especillay An…
👍3