This media is not supported in your browser
VIEW IN TELEGRAM
ShadyShader 2: An Apple bug that could freeze any device or cause crash loops by exploiting how GPUs handle shaders
Similar issue Apple patched last year (CVE-2023-40441)
https://www.imperva.com/blog/shadyshader-crashing-apple-m-series-with-single-click/
Similar issue Apple patched last year (CVE-2023-40441)
https://www.imperva.com/blog/shadyshader-crashing-apple-m-series-with-single-click/
๐ฅ23โค2
I tried to explain how it is possible to locate smartphones using Advertising ID and ad plugins that are part of thousand popular apps without needing any spyware or exploits
https://www.mobile-hacker.com/2024/10/25/locate-smartphones-using-advertising-id-without-spyware-or-exploit/
https://www.mobile-hacker.com/2024/10/25/locate-smartphones-using-advertising-id-without-spyware-or-exploit/
Mobile Hacker
Locate smartphones using Advertising ID without spyware or exploit
I explain how it is possible to locate Google and Apple smartphones legally by misusing device unique Advertising ID and stream of data collected by advertising plugins. These plugins are part of thousands of popular and legitimate apps.
๐25๐คก3๐ค2๐ฑ2
Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives also using Android malware
https://cloud.google.com/blog/topics/threat-intelligence/russian-espionage-influence-ukrainian-military-recruits-anti-mobilization-narratives/
https://cloud.google.com/blog/topics/threat-intelligence/russian-espionage-influence-ukrainian-military-recruits-anti-mobilization-narratives/
Google Cloud Blog
Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narrativesโฆ
A suspected Russian hybrid espionage and influence operation, delivering Windows and Android malware.
โค16๐5๐คฎ3๐2๐1๐ฅ1๐คก1๐1
iOS Forensics Suite: Generates detailed reports from iOS backups (encrypted & unencrypted) with device info, contacts, messages, WiFi, notes, WhatsApp data & more. All done locally.
https://github.com/piotrbania/ios_forensics_suite
https://github.com/piotrbania/ios_forensics_suite
GitHub
GitHub - piotrbania/ios_forensics_suite: A tool for generating detailed, locally-processed reports from iOS backups, supportingโฆ
A tool for generating detailed, locally-processed reports from iOS backups, supporting encrypted and unencrypted data. - piotrbania/ios_forensics_suite
โค13๐ฅ4๐2
Frida Script Runner - Versatile web-based tool designed for Android and iOS penetration testing purposes
https://github.com/z3n70/Frida-Script-Runner
https://github.com/z3n70/Frida-Script-Runner
๐ฅ26๐5โค3
Nine writeup for some Android specific chromium behavior vulnerabilities
1) intent:// restrictions bypassed via firebase dynamic links (Fixed, Awarded $3000)
2) Bypass to issue 40060327 via market:// URL (Fixed, Awarded $2250)
3) Add to home screen spoof (Fixed, Awarded $1125)
4) Iframe sandbox allow-popups-to-escape-sandbox bypass via intent (Asked, Not fixed)
5) Controlling Google assistant (Asked, Not fixed)
6) Controlling Clock (Accepted, Not fixed)
7) URL Spoof via intent (Fixed, Awarded $3133.70)
8) BROWSABLE intent:// bypass (Fixed, Duplicate)
9) BROWSABLE intent:// bypass (Fixed, Awarded $4500.00)
https://ndevtk.github.io/writeups/2024/08/01/awas/
1) intent:// restrictions bypassed via firebase dynamic links (Fixed, Awarded $3000)
2) Bypass to issue 40060327 via market:// URL (Fixed, Awarded $2250)
3) Add to home screen spoof (Fixed, Awarded $1125)
4) Iframe sandbox allow-popups-to-escape-sandbox bypass via intent (Asked, Not fixed)
5) Controlling Google assistant (Asked, Not fixed)
6) Controlling Clock (Accepted, Not fixed)
7) URL Spoof via intent (Fixed, Awarded $3133.70)
8) BROWSABLE intent:// bypass (Fixed, Duplicate)
9) BROWSABLE intent:// bypass (Fixed, Awarded $4500.00)
https://ndevtk.github.io/writeups/2024/08/01/awas/
Writeups
Android web attack surface
The following is a writeup for some Android specific chromium behaviors.
๐14๐4โค3
Cracking into a Just Eat / Takeaway.com terminal with an NFC card
https://blog.mgdproductions.com/justeat-takeaway-terminal/
https://blog.mgdproductions.com/justeat-takeaway-terminal/
MGD Blog
Cracking into a Just Eat / Takeaway.com terminal with an NFC card
So this is a pretty interesting one, i found this one on a local marketplace for 25 dollars, so i immediately snagged it up.
After it booted up, it showed an activation screen. Looks like the previous owner has logged out.
We can't do much from this screenโฆ
After it booted up, it showed an activation screen. Looks like the previous owner has logged out.
We can't do much from this screenโฆ
๐8๐2๐ฅ1
LightSpy: Implant for iOS
https://www.threatfabric.com/blogs/lightspy-implant-for-ios
https://www.threatfabric.com/blogs/lightspy-implant-for-ios
ThreatFabric
LightSpy: Implant for iOS
ThreatFabricโs latest insights on LightSpy malware, targeting both iOS and macOS. Learn about the evolving tactics, new destructive features, and the importance of keeping devices updated to defend against these advanced cyber threats.
๐15๐ฅ1
Emulating Android native libraries using unidbg
https://bhamza.me/blogpost/2024/09/10/Emulating-Android-native-libraries-using-unidbg.html
https://bhamza.me/blogpost/2024/09/10/Emulating-Android-native-libraries-using-unidbg.html
Hamzaโs blog posts, notes and thoughts.
Emulating Android native libraries using unidbg
Introduction Unidbg is an open-source framework to emulate Android native libraries (and to a certain extent has experimental iOS emulation capabilities). There are a few use cases where emulating Android libraries is beneficial. I will cover a single useโฆ
๐ฅ11โค3๐1
Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware
https://www.zimperium.com/blog/mishing-in-motion-uncovering-the-evolving-functionality-of-fakecall-malware/
https://www.zimperium.com/blog/mishing-in-motion-uncovering-the-evolving-functionality-of-fakecall-malware/
Zimperium
Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware - Zimperium
true
๐12๐ฅ5
Low-Level Development on Retail Android Hardware - Reconnaissance and Prototyping a Bootloader
https://blog.timschumi.net/2024/10/05/lldorah-bootloader-prototype.html
https://blog.timschumi.net/2024/10/05/lldorah-bootloader-prototype.html
timschumiโs low-traffic blog
Low-Level Development on Retail Android Hardware - Reconnaissance and Prototyping a Bootloader
Many months ago, a slightly younger Tim thought that porting mainline Linux to his old Android phone for the purpose of experimentation would be a great way to pass time. (In hindsight it was, but not for the reasons imagined.)
๐ฅ12๐3๐1
Android G700 spyware: The Next Generation of Craxs RAT
https://www.cyfirma.com/research/g700-the-next-generation-of-craxs-rat/
https://www.cyfirma.com/research/g700-the-next-generation-of-craxs-rat/
CYFIRMA
G700 : The Next Generation of Craxs RAT - CYFIRMA
EXECUTIVE SUMMARY At CYFIRMA, we are dedicated to providing timely and relevant insights into emerging threats and tactics used by...
โก14๐4๐3
From Tracing to Patching using Frida
https://ad2001.com/blog/frida-tracing
https://ad2001.com/blog/frida-tracing
Ajin Deepak
From Tracing to Patching using Frida
This article demonstrates the power of Frida tracing in reverse engineering, using Mini Militia Classic as a case study.
๐16๐3โค1
ToxicPanda: a new banking trojan from Asia hit Europe and LATAM
https://www.cleafy.com/cleafy-labs/toxicpanda-a-new-banking-trojan-from-asia-hit-europe-and-latam
https://www.cleafy.com/cleafy-labs/toxicpanda-a-new-banking-trojan-from-asia-hit-europe-and-latam
Cleafy
ToxicPanda: a new banking trojan from Asia hit Europe and LATAM | Cleafy Labs
Discover Cleafy's in-depth analysis of a new Android banking Trojan campaign, ToxicPanda, initially linked to TgToxic. Our findings reveal a sophisticated fraud operation targeting European and LATAM banks, using On-Device Fraud (ODF) tactics to execute accountโฆ
๐13๐2
Apple CarPlay: What's Under the Hood
Slides: https://troopers.de/downloads/troopers24/TR24_Apple_CarPlay-What's_Under_the_Hood_8MCYKG.pdf
Video: https://www.youtube.com/watch?v=cHhxJzavq5I
Slides: https://troopers.de/downloads/troopers24/TR24_Apple_CarPlay-What's_Under_the_Hood_8MCYKG.pdf
Video: https://www.youtube.com/watch?v=cHhxJzavq5I
โค16๐3๐1
Fake physical letters were sent to potential victims at their address to download "Severe Weather Warning App" via QR code. Coper AKA Octo2 malware is downloaded instead.
https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2024/2024-meteosuisse.html
https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2024/2024-meteosuisse.html
www.ncsc.admin.ch
Caution: Fake letters on behalf of MeteoSwiss โ Instead of a โSevere Weather Warning Appโ, malware is downloaded
14.11.2024 - Physical letters with MeteoSwiss as the sender are currently being sent out. The letters ask the recipients to download a new โSevere Weather Warning Appโ via a QR code. However, malware is downloaded to the smartphone instead. This looks similarโฆ
๐18๐7๐ฅ4โค1๐1
GPUAF - Two ways of Rooting All Qualcomm based Android phones
https://powerofcommunity.net/poc2024/Pan%20Zhenpeng%20&%20Jheng%20Bing%20Jhong,%20GPUAF%20-%20Two%20ways%20of%20rooting%20All%20Qualcomm%20based%20Android%20phones.pdf
https://powerofcommunity.net/poc2024/Pan%20Zhenpeng%20&%20Jheng%20Bing%20Jhong,%20GPUAF%20-%20Two%20ways%20of%20rooting%20All%20Qualcomm%20based%20Android%20phones.pdf
๐คฏ20๐ฅ5๐4๐1
Reverse Engineering iOS 18 Inactivity Reboot
https://naehrdine.blogspot.com/2024/11/reverse-engineering-ios-18-inactivity.html
https://naehrdine.blogspot.com/2024/11/reverse-engineering-ios-18-inactivity.html
Blogspot
Reverse Engineering iOS 18 Inactivity Reboot
Wireless and firmware hacking, PhD life, Technology
๐ฅ19โค1๐1