GPUAF - Two ways of Rooting All Qualcomm based Android phones
https://powerofcommunity.net/poc2024/Pan%20Zhenpeng%20&%20Jheng%20Bing%20Jhong,%20GPUAF%20-%20Two%20ways%20of%20rooting%20All%20Qualcomm%20based%20Android%20phones.pdf
https://powerofcommunity.net/poc2024/Pan%20Zhenpeng%20&%20Jheng%20Bing%20Jhong,%20GPUAF%20-%20Two%20ways%20of%20rooting%20All%20Qualcomm%20based%20Android%20phones.pdf
π€―20π₯5π4π1
Reverse Engineering iOS 18 Inactivity Reboot
https://naehrdine.blogspot.com/2024/11/reverse-engineering-ios-18-inactivity.html
https://naehrdine.blogspot.com/2024/11/reverse-engineering-ios-18-inactivity.html
Blogspot
Reverse Engineering iOS 18 Inactivity Reboot
Wireless and firmware hacking, PhD life, Technology
π₯19β€1π1
Disclosure of 7 Android and Google Pixel Vulnerabilities
https://blog.oversecured.com/Disclosure-of-7-Android-and-Google-Pixel-Vulnerabilities/
https://blog.oversecured.com/Disclosure-of-7-Android-and-Google-Pixel-Vulnerabilities/
News, Techniques & Guides
Disclosure of 7 Android and Google Pixel Vulnerabilities
β€23
Rooting an Android POS "Smart Terminal" to steal credit card information
Paper: https://www.nohat.it/slides/2024/jannone.pdf
Presentation: https://www.youtube.com/watch?v=a9BFGlxP71Y
Paper: https://www.nohat.it/slides/2024/jannone.pdf
Presentation: https://www.youtube.com/watch?v=a9BFGlxP71Y
YouTube
No Hat 2024 - Jacopo Jannone - Exploring and Exploiting an Android βSmart POSβ Payment Terminal
EXPLORING AND EXPLOITING AN ANDROID "SMART POS" PAYMENT TERMINAL
Today, credit card terminals are undergoing a drastic evolution, moving from specialized hardware and custom-built operating systems to Android devices similar to ordinary smartphones. Whileβ¦
Today, credit card terminals are undergoing a drastic evolution, moving from specialized hardware and custom-built operating systems to Android devices similar to ordinary smartphones. Whileβ¦
π20π₯7
SMS blaster - gang that drove around Bangkok sending thousands of phishing messages by impersonating cellular base station
https://techcrunch.com/2024/11/25/authorities-catch-sms-blaster-gang-that-drove-around-bangkok-sending-thousands-of-phishing-messages/
https://techcrunch.com/2024/11/25/authorities-catch-sms-blaster-gang-that-drove-around-bangkok-sending-thousands-of-phishing-messages/
TechCrunch
Authorities catch 'SMS blaster' gang that drove around Bangkok sending thousands of phishing messages | TechCrunch
Thai authorities said the crime gang sent around a million malicious SMS text messages to nearby residents over a three-day period in November.
π14β€3β‘2
SpyLoan: A Global Threat Exploiting Social Engineering
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/spyloan-a-global-threat-exploiting-social-engineering/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/spyloan-a-global-threat-exploiting-social-engineering/
McAfee Blog
SpyLoan: A Global Threat Exploiting Social Engineering | McAfee Blog
Authored by: Fernando Ruiz The McAfee mobile research team recently identified a significant global increase of SpyLoan, also known as predatory
π₯13π5π₯±2π©1π΄1π€·1
Mobile scareware now mimics cracked smartphone screen as a result of a fake virus infection
https://www.mobile-hacker.com/2024/11/27/smartphone-scareware-cracked-screen-as-a-result-of-virus/
https://www.mobile-hacker.com/2024/11/27/smartphone-scareware-cracked-screen-as-a-result-of-virus/
Mobile Hacker
Smartphone scareware: cracked screen as a result of virus
This new technique mimics a cracked screen that is a result of a fake virus infection as visible in the video below
π12π8β€2π2
Analyzing the Integration of Effective Defenses against One-Day Exploits in Android Kernels
https://www.usenix.org/system/files/usenixsecurity24-maar-defects.pdf
https://www.usenix.org/system/files/usenixsecurity24-maar-defects.pdf
π₯11β€3
Police in India warns about 'wedding card scam' Android malware being distributed via WhatsApp
[Does anyone here has this malware sample to share? If so, please post a comment or send me a message. Thanks!]
https://www.msn.com/en-in/money/news/police-of-the-four-biggest-states-in-india-warn-about-this-wedding-card-scam-on-whatsapp-that-people-have-lost-lakhs-to/ar-AA1uLCma
[Does anyone here has this malware sample to share? If so, please post a comment or send me a message. Thanks!]
https://www.msn.com/en-in/money/news/police-of-the-four-biggest-states-in-india-warn-about-this-wedding-card-scam-on-whatsapp-that-people-have-lost-lakhs-to/ar-AA1uLCma
π13β€1π©1
Introduction to Fuzzing Android Native Components using tools like AFL++ and QEMU
https://blog.convisoappsec.com/en/introduction-to-fuzzing-android-native-components/
https://blog.convisoappsec.com/en/introduction-to-fuzzing-android-native-components/
Conviso AppSec
Introduction to Fuzzing Android Native Components
Discover how fuzzing can identify critical vulnerabilities in native Android components, strengthening device security.
π₯14π2π1π©1
Forwarded from The Bug Bounty Hunter
( Ν‘ββ―_ Ν‘β)π
Android's CVE-2020-0238 (AccountTypePreferenceLoader)
Note: This is part of my @vr_progress journal. Also, subscribe to my new @SideQuest_256 channel and I might post videos about the Android journey too :D This is a story about how I wasted my weekend over a bug that was categorized as a High/EoP but then couldnβtβ¦
π12π2β€1
The Ultimate Handheld Hacking Device - My Experience with NetHunter
https://andy.codes/blog/security_articles/2024-11-27-the-ultimate-handheld-hacking-device.html
https://andy.codes/blog/security_articles/2024-11-27-the-ultimate-handheld-hacking-device.html
andy.codes
2024-11-27 - The Ultimate Handheld Hacking Device - My Experience with NetHunter - Andy's Cave
This page is a collection of my security research, and other infosec-related activities.
π8β€4π2
This media is not supported in your browser
VIEW IN TELEGRAM
How to build portable hacking lab and control it with a smartphone
https://www.mobile-hacker.com/2024/10/04/portable-hacking-lab-control-the-smallest-kali-linux-with-a-smartphone/
https://www.mobile-hacker.com/2024/10/04/portable-hacking-lab-control-the-smallest-kali-linux-with-a-smartphone/
π18β€5
Cybercriminals Use NFC Relay to Turn Stolen Credit Cards into Cash without a PIN
https://www.mobile-hacker.com/2024/12/02/cybercriminals-use-nfc-relay-to-turn-stolen-credit-cards-into-cash-without-a-pin/
https://www.mobile-hacker.com/2024/12/02/cybercriminals-use-nfc-relay-to-turn-stolen-credit-cards-into-cash-without-a-pin/
Mobile Hacker
Cybercriminals Use NFC Relay to Turn Stolen Credit Cards into Cash without a PIN Mobile Hacker
ThreatFabric has identified a new cash-out tactic that wasnβt seen before called βGhost Tapβ, which cybercriminals use to exploit stolen credit card details linked to mobile payment services like Google Pay and Apple Pay. This method involves relaying NFCβ¦
π14π₯2β€1
Android Flutter malware analysis by Axelle Apvrille (Fortinet)
Presentation: https://youtu.be/K9Ekxo-K_QY?si=W-QhYvcVEYxTCKwz
Slides: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/slides/Slides-Android-Flutter-malware.pdf
Paper: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/papers/Android-Flutter-malware.pdf
Presentation: https://youtu.be/K9Ekxo-K_QY?si=W-QhYvcVEYxTCKwz
Slides: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/slides/Slides-Android-Flutter-malware.pdf
Paper: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/papers/Android-Flutter-malware.pdf
YouTube
Android Flutter malware - Axelle Apvrille (Fortinet)
Presented at the VB2024 conference in Dublin, 2 - 4 October 2024.
β Slides: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/slides/Slides-Android-Flutter-malware.pdf
β Paper: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/papers/Androidβ¦
β Slides: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/slides/Slides-Android-Flutter-malware.pdf
β Paper: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/papers/Androidβ¦
π17β2π₯1
DroidBot: Insights from a new Turkish MaaS fraud operation
https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation?s=03
https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation?s=03
Cleafy
DroidBot: Insights from a new Turkish MaaS fraud operation | Cleafy Labs
Cleafy Labs reveals DroidBot, a new Android Remote Access Trojan targeting banks, crypto exchanges, and national organisations in Europe and beyond. Learn how it operates with dual-channel communication and evolving tactics. Read here the full report.
π13β€3
Automatically decode Android apps and searche for secrets
https://trufflesecurity.com/blog/cracking-open-apk-files-at-scale
https://trufflesecurity.com/blog/cracking-open-apk-files-at-scale
Trufflesecurity
Cracking Open APK Files at Scale β Truffle Security Co.
TruffleHog now automatically decodes Android Package Kit (APK) files and searches them for secrets. It runs ~9x faster than using an external decompiler before calling TruffleHog.
π19β€7π₯3
Trying to exploit my old Android using CVE-2020-0401 (PackageManagerService)
https://pwner.gg/blog/Android's-CVE-2020-0401
https://pwner.gg/blog/Android's-CVE-2020-0401
( Ν‘ββ―_ Ν‘β)π
Android's CVE-2020-0401 (PackageManagerService)
Note This is another attempt in my Android Side Quest (the previous one was Androidβs CVE-2020-0238). Intro While digging around through my old gadgets, I found my ancient OnePlus phone that had been gathering dust in a drawer.
π20
Malimite: iOS decompiler designed to analyze and decode IPA files
Built on top of Ghidra to offer direct support for Swift, Objective-C, and iOS resources
https://github.com/LaurieWired/Malimite
Built on top of Ghidra to offer direct support for Swift, Objective-C, and iOS resources
https://github.com/LaurieWired/Malimite
GitHub
GitHub - LaurieWired/Malimite: iOS and macOS Decompiler
iOS and macOS Decompiler. Contribute to LaurieWired/Malimite development by creating an account on GitHub.
π₯22π₯°4β€3
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaurβs Multi-Platform Attacks
https://www.trendmicro.com/en_us/research/24/l/earth-minotaur.html
https://www.trendmicro.com/en_us/research/24/l/earth-minotaur.html
Trend Micro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaurβs Multi-Platform Attacks
π14