Frida script to bypass common methods of sslpining Android
https://gist.github.com/incogbyte/1e0e2f38b5602e72b1380f21ba04b15e
https://gist.github.com/incogbyte/1e0e2f38b5602e72b1380f21ba04b15e
Gist
Frida script to bypass common methods of sslpining Android
Frida script to bypass common methods of sslpining Android - mixunpin.js
π19π¨2
How to setup and scan wi-fi networks using Hijacker app
https://www.instagram.com/p/CmB6ufaDFf3/
https://www.instagram.com/p/CmB6ufaDFf3/
π26π₯5π₯°2π1
Forwarded from The Bug Bounty Hunter
apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK.
https://github.com/ax/apk.sh
https://github.com/ax/apk.sh
GitHub
GitHub - ax/apk.sh: Makes reverse engineering Android apps easier, automating repetitive tasks like pulling, decoding, rebuildingβ¦
Makes reverse engineering Android apps easier, automating repetitive tasks like pulling, decoding, rebuilding and patching an APK. - ax/apk.sh
π39π₯2
BrasDex: A new Brazilian ATS Android Banker with ties to Desktop malware
https://www.threatfabric.com/blogs/brasdex-a-new-brazilian-ats-malware.html
https://www.threatfabric.com/blogs/brasdex-a-new-brazilian-ats-malware.html
ThreatFabric
BrasDex: A new Brazilian ATS Android Banker with ties to Desktop malware
ThreatFabricβs analysts discovered a multi-platform banking malware campaign targeting Brazil, reaching thousands of victims.
π16π₯°5
Do you have hacking experience in mobiles and would like to earn much more bounty rewards than now?
Fill out the form below and we will provide free unlimited access to Oversecured Android/iOS vulnerability scanners
https://docs.google.com/document/u/0/d/1dwDtx9S3CSXtjThv-f9t9VbD1cw6c-KOVr506LxU3dg/mobilebasic
Apply here: https://docs.google.com/forms/d/e/1FAIpQLSde-rGWyGF7ug3MIhf3OGE3uJg78tQgcIlsf0MOBApnBVqqVw/viewform
Fill out the form below and we will provide free unlimited access to Oversecured Android/iOS vulnerability scanners
https://docs.google.com/document/u/0/d/1dwDtx9S3CSXtjThv-f9t9VbD1cw6c-KOVr506LxU3dg/mobilebasic
Apply here: https://docs.google.com/forms/d/e/1FAIpQLSde-rGWyGF7ug3MIhf3OGE3uJg78tQgcIlsf0MOBApnBVqqVw/viewform
π15π12π₯2π2
MoneyMonger: Predatory Loan Scam Campaigns Move to Flutter
https://www.zimperium.com/blog/moneymonger-predatory-loan-scam-campaigns-move-to-flutter/
https://www.zimperium.com/blog/moneymonger-predatory-loan-scam-campaigns-move-to-flutter/
Zimperium
MoneyMonger: Predatory Loan Scam Campaigns Move to Flutter - Zimperium
The Zimperium zLabs team recently discovered a Flutter application with malicious code. The Flutter-obfuscated malware campaign, MoneyMonger, is solely distributed through third-party app stores and sideloaded onto the victimβs Android device. Read more toβ¦
π18
How to install firmware for external Wi-Fi adapters in NetHunter using Magisk
https://www.youtube.com/shorts/BjAKy97B1d4
https://www.youtube.com/shorts/BjAKy97B1d4
π30π₯2
GodFather Android Malware Returns Targeting Banking Users
https://blog.cyble.com/2022/12/20/godfather-malware-returns-targeting-banking-users/
https://blog.cyble.com/2022/12/20/godfather-malware-returns-targeting-banking-users/
Cyble
Godfather Malware Returns: Targeting Banking Users And Online Security
The Godfather malware is back, specifically targeting banking users. Learn how this threat works and what steps you can take to protect your online banking security.
π19
Two ways how to enable HID interface on Android to execute Rubber Ducky scripts and avoid "Kernel not supported" error in Rucky app
https://www.instagram.com/p/CmeMnWdvcRX/
https://www.instagram.com/p/CmeMnWdvcRX/
π11
Forwarded from The Bug Bounty Hunter
Turning Google smart speakers into wiretaps for $100k
https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
Matt's internet home
Turning Google smart speakers into wiretaps for $100k
I was recently rewarded a total of $107,500 by Google for responsibly disclosing security issues in the Google Home smart speaker that allowed an attacker within wireless proximity to install a "backdoor" account on the device, enabling them to send commandsβ¦
π₯13π5β€4π1
How to run desktop Wireshark on Android running NetHunter
https://youtu.be/WfMAeomnU_Y
https://youtu.be/WfMAeomnU_Y
YouTube
How to setup and run desktop Wireshark on Android running NetHunter
Quick tutorial how to run Wireshark on rooted Android with help of Kali NetHunter.
π27π2
Forwarded from The Bug Bounty Hunter
Using an Android emulator for API hacking
https://zerodayhacker.com/using-an-android-emulator-for-api-hacking
https://zerodayhacker.com/using-an-android-emulator-for-api-hacking
Zero Day Hacker - Teaching myself ethical hacking. Here's what I've learned, from day zero onward.
Using an Android emulator for API hacking - Zero Day Hacker
This article explains how to install Android Studio and set up the Android emulator to proxy its traffic through Burp Suite. This lets you monitor traffic from Android apps.
π12β€4π1π1
Instagram vulnerability : Turn off all type of message requests using deeplink (Android)
https://servicenger.com/mobile/instagram-vulnerability-turn-off-message-requests-deeplink/
https://servicenger.com/mobile/instagram-vulnerability-turn-off-message-requests-deeplink/
π11
City-Wide IMSI-Catcher Detection
https://seaglass.cs.washington.edu/
https://seaglass.cs.washington.edu/
SeaGlass
City-Wide IMSI-Catcher Detection - SeaGlass
SeaGlass is a system designed by security researchers at the University of Washington to measure IMSI-catcher use across a city. Cellular sensors are built from off-the-shelf parts and installed into volunteersβ vehicles Sensor data is continuously uploadedβ¦
π4π1π©1
RedZei - Chinese-speaking scammers targeting Chinese students in the UK
https://blog.bushidotoken.net/2022/12/redzei-chinese-speaking-scammers.html
https://blog.bushidotoken.net/2022/12/redzei-chinese-speaking-scammers.html
blog.bushidotoken.net
Tracking Adversaries: RedZei, Chinese-speaking scammers targeting Chinese students in the UK
CTI, threat intelligence, OSINT, malware, APT, threat hunting, threat analysis, CTF, cybersecurity, security
π12
SpyNote: Spyware with RAT capabilities targeting Financial Institutions
https://www.threatfabric.com/blogs/spynote-rat-targeting-financial-institutions.html
https://www.threatfabric.com/blogs/spynote-rat-targeting-financial-institutions.html
Threatfabric
SpyNote: Spyware with RAT capabilities targeting Financial Institutions
SpyNote, also known as SpyMax and CypherRat, is a unique and effective Spyware which developed unique interest in banking users
π13
StrongPity espionage campaign targeting Android users
https://www.welivesecurity.com/2023/01/10/strongpity-espionage-campaign-targeting-android-users/
https://www.welivesecurity.com/2023/01/10/strongpity-espionage-campaign-targeting-android-users/
WeLiveSecurity
StrongPity espionage campaign targeting Android users
ESET researchers uncover an active StrongPity campaign that spreads a trojanized version of the Android Telegram app posing as the Shagle video chat app.
π6
Bypassing Frida detection in Android
https://www.youtube.com/watch?v=M0ETKs6DZn8
https://www.youtube.com/watch?v=M0ETKs6DZn8
YouTube
Bypassing Frida detection in Android
#frida #rootdetection #fridadetection #android #pentest #r2pay
Hello everyone, in this video we are going to learn some new techniques which are used in android app for detecting frida based on some frida artifacts in the memory and filesystem.
For learningβ¦
Hello everyone, in this video we are going to learn some new techniques which are used in android app for detecting frida based on some frida artifacts in the memory and filesystem.
For learningβ¦
π₯8π6β€1
Bypass of two-factor authentication in TikTok Android app
https://hackerone.com/reports/1747978
https://hackerone.com/reports/1747978
HackerOne
TikTok disclosed on HackerOne: bypass two-factor authentication in...
A vulnerability was found where a random timeout issue on a Two-Step Verification endpoint could have resulted in a potential bypass of authentication if multiple incorrect attempts were entered in...
π8π€2
Exploit for CVE-2022-20452, privilege escalation on Android from installed app to system app
https://github.com/michalbednarski/LeakValue
https://github.com/michalbednarski/LeakValue
GitHub
GitHub - michalbednarski/LeakValue: Exploit for CVE-2022-20452, privilege escalation on Android from installed app to system appβ¦
Exploit for CVE-2022-20452, privilege escalation on Android from installed app to system app (or another app) via LazyValue using Parcel after recycle() - michalbednarski/LeakValue
π11π€2π€―2
Dissecting an Android stalkerware
https://andpalmier.com/posts/stalkerware-analysis/
https://andpalmier.com/posts/stalkerware-analysis/
Andpalmier
Dissecting an Android stalkerware
Analysis of an Italian stalkerware for Android
π4π₯2π€©2