Remotely Compromising an iPhone through iMessage #presentation
https://media.ccc.de/v/36c3-10497-messenger_hacking_remotely_compromising_an_iphone_through_imessage
https://media.ccc.de/v/36c3-10497-messenger_hacking_remotely_compromising_an_iphone_through_imessage
media.ccc.de
Messenger Hacking: Remotely Compromising an iPhone through iMessage
So called “0-click” exploits, in which no user interaction is required to compromise a mobile device, have become a highly interesting to...
Unterhering iOS
Running unsigned code at boot on iOS 11. I will demonstrate how you can start out with a daemon config file and end up with kernel code execution
https://media.ccc.de/v/36c3-11034-tales_of_old_untethering_ios_11
Running unsigned code at boot on iOS 11. I will demonstrate how you can start out with a daemon config file and end up with kernel code execution
https://media.ccc.de/v/36c3-11034-tales_of_old_untethering_ios_11
media.ccc.de
Tales of old: untethering iOS 11
This talk is about running unsigned code at boot on iOS 11. I will demonstrate how you can start out with a daemon config file and end up...
Potential risks of secure messaging system
Dive into end-to-end encryption, OTR and deniability, and then the axolotl construction used by Signal #presentation
https://media.ccc.de/v/36c3-10565-what_s_left_for_private_messaging
Dive into end-to-end encryption, OTR and deniability, and then the axolotl construction used by Signal #presentation
https://media.ccc.de/v/36c3-10565-what_s_left_for_private_messaging
media.ccc.de
What's left for private messaging?
It is easier to chat online securely today than it ever has been. Widespread adoption of signal, wire, and the private mode of WhatsApp h...
Lesser-known Tools for Android Application PenTesting
-Magisk + modules
-DisableFlagSecure
-AdbManager
-ProxyDroid
-pidcat
-resize
https://captmeelo.com/pentest/2019/12/30/lesser-known-tools-for-android-pentest.html
-Magisk + modules
-DisableFlagSecure
-AdbManager
-ProxyDroid
-pidcat
-resize
https://captmeelo.com/pentest/2019/12/30/lesser-known-tools-for-android-pentest.html
Mobile Securit Framework (MobSF) v3 (released in December 2019)
-OWASP Mobile Top 10 2016 is supported
-iOS & Android Analysis improved
https://mobsf.github.io/Mobile-Security-Framework-MobSF/changelog.html
-OWASP Mobile Top 10 2016 is supported
-iOS & Android Analysis improved
https://mobsf.github.io/Mobile-Security-Framework-MobSF/changelog.html
Mobile Security Framework (MobSF)
v4.4.2 Changelog
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Android malware threats of December, 2019
Full list - https://skptr.me/malware_timeline_2019.html
Download samples - https://github.com/sk3ptre/AndroidMalware_2019
Full list - https://skptr.me/malware_timeline_2019.html
Download samples - https://github.com/sk3ptre/AndroidMalware_2019
GitHub
GitHub - sk3ptre/AndroidMalware_2019: Popular Android threats in 2019
Popular Android threats in 2019. Contribute to sk3ptre/AndroidMalware_2019 development by creating an account on GitHub.
iOS Application Injection
https://arjunbrar.com/post/ios-application-injection
https://arjunbrar.com/post/ios-application-injection
You no longer have to manually package the Frida Gadget in your target app. As long as the app is debuggable, Frida does that for you
https://www.nowsecure.com/blog/2020/01/02/how-to-conduct-jailed-testing-with-frida/
https://www.nowsecure.com/blog/2020/01/02/how-to-conduct-jailed-testing-with-frida/
Nowsecure
How to Conduct Jailed Testing with Frida - NowSecure
Recent enhancements to the Frida open-source toolkit greatly ease the process of conducting jailed testing. Learn the process of using Frida on a jailed device.
The recent Android Brazilian Banking Trojan - COYBOT
https://www.buguroo.com/en/blog/banking-malware-in-android-continues-to-grow.-a-look-at-the-recent-brazilian-banking-trojan-basbanke-coybot
https://www.buguroo.com/en/blog/banking-malware-in-android-continues-to-grow.-a-look-at-the-recent-brazilian-banking-trojan-basbanke-coybot
CyberTruck Challenge 2019 — Android CTF
https://medium.com/bugbountywriteup/cybertruck-challenge-2019-android-ctf-e39c7f796530
https://medium.com/bugbountywriteup/cybertruck-challenge-2019-android-ctf-e39c7f796530
Medium
CyberTruck Challenge 2019 — Android CTF
CyberTruck Challenge 2019 is a premier event to bring together a community of interest related to heavy vehicle cybersecurity issued and…
AirDoS: Spam all nearby iOS devices with the AirDrop share popup
https://kishanbagaria.com/airdos/
PoC: https://github.com/KishanBagaria/AirDoS
https://kishanbagaria.com/airdos/
PoC: https://github.com/KishanBagaria/AirDoS
Kishan Bagaria
AirDoS: Remotely render any nearby iPhone or iPad unusable
What if you could walk into a room and make every* iPhone or iPad unusable while you're there? Wait, that sounds evil. What if you could get that one annoying person off their iPhone who's always...
First Attack Exploiting CVE-2019-2215 (use-after-free vulnerability) Found on Google Play #SideWinder
https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/
https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/
Trend Micro
First Binder Exploit Linked to SideWinder APT Group
We found malicious apps that work together to compromise devices and collect user data. One of the apps, called Camero, exploits CVE-2019-2215, a flaw that exists in Binder. This is the first instance in the wild that exploits said UAF vulnerability.
What a interesting vulnerability in HockeyApp platform #Android #iOS #BugBounty
Leaked API key allowed:
-fetch internal employee contacts
-distribute #malware directly to devices of organization employees as internal app update
+PoC Metasploit scenario
https://www.allysonomalley.com/2020/01/06/saying-goodbye-to-my-favorite-5-minute-p1/
Leaked API key allowed:
-fetch internal employee contacts
-distribute #malware directly to devices of organization employees as internal app update
+PoC Metasploit scenario
https://www.allysonomalley.com/2020/01/06/saying-goodbye-to-my-favorite-5-minute-p1/
allysonomalley.com
Saying Goodbye to my Favorite 5 Minute P1
In this post, I’m going to reveal the fastest, easiest P1 that I’ve ever reported – multiple times! It’s the sort of oversight that seems so simple to avoid, but surprisingl…
CSRF + XSS + SMS spoofing + Android deep link URL redirection
Great example of chaining low impact vulnerabilities in #TikTok to remotely manipulate account content
-delete user video
-upload user video
-make "private" videos "public"
https://research.checkpoint.com/2020/tik-or-tok-is-tiktok-secure-enough/
Great example of chaining low impact vulnerabilities in #TikTok to remotely manipulate account content
-delete user video
-upload user video
-make "private" videos "public"
https://research.checkpoint.com/2020/tik-or-tok-is-tiktok-secure-enough/
AdFraud malware found on Google Play with 100K installs
https://www.evina.fr/a-malware-rises-to-the-top-applications-in-google-play-store/
https://www.evina.fr/a-malware-rises-to-the-top-applications-in-google-play-store/
www.evina.fr
A MALWARE RISES TO THE TOP APPLICATIONS IN GOOGLE PLAY STORE – Evina
Android smartphone - UMX U686CL - comes with preinstalled and unremovable malware.
Selling of this phone is funded by US government for lower income people.
https://blog.malwarebytes.com/android/2020/01/united-states-government-funded-phones-come-pre-installed-with-unremovable-malware/
Selling of this phone is funded by US government for lower income people.
https://blog.malwarebytes.com/android/2020/01/united-states-government-funded-phones-come-pre-installed-with-unremovable-malware/
Malwarebytes
United States government-funded phones come pre-installed with unremovable malware
A US-funded government assistance program is selling budget-friendly mobile phones that come pre-installed with unremovable malicious apps.
Forwarded from The Bug Bounty Hunter
Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641
https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-1.html
https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-1.html
projectzero.google
Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641
Posted by Samuel Groß, Project ZeroIntroductionThis is the first blog post in a three-part series...
Forwarded from The Bug Bounty Hunter
Remote iPhone Exploitation Part 2: Bringing Light into the Darkness -- a Remote ASLR Bypass https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-2.html
Blogspot
Remote iPhone Exploitation Part 2: Bringing Light into the Darkness -- a Remote ASLR Bypass
Posted by Samuel Groß, Project Zero This post is the second in a series about a remote, interactionless iPhone exploit over iMessage.The f...
Forwarded from The Bug Bounty Hunter
Remote iPhone Exploitation Part 3: From Memory Corruption to JavaScript and Back -- Gaining Code Execution https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-3.html
Blogspot
Remote iPhone Exploitation Part 3: From Memory Corruption to JavaScript and Back -- Gaining Code Execution
Posted by Samuel Groß, Project Zero This is the third and last post in a series about a remote, interactionless iPhone exploit over iMessa...