Building userDebug Android images for a Google Pixel (sailfish) https://www.linkedin.com/pulse/building-userdebug-android-images-google-pixel-sailfish-basanta
Linkedin
Building userDebug Android images for a Google Pixel (sailfish).
Beforehand, i'm sorry for my english writing. I'm in practice for improve it.
RCE in Adobe Acrobat Reader for android(CVE-2021-40724) https://hulkvision.github.io/blog/post1/
hulkvision.github.io
RCE in Adobe Acrobat Reader for android(CVE-2021-40724)
# Summary
While testing Adobe Acrobat reader app , the app has a feature which allows user to open pdfs directly from http/https url. This feature was vulnerable to path traversal vulnerability.
Abode reader was also using Google play core library for dynamic…
While testing Adobe Acrobat reader app , the app has a feature which allows user to open pdfs directly from http/https url. This feature was vulnerable to path traversal vulnerability.
Abode reader was also using Google play core library for dynamic…
Multidex trick to unpack Android/BianLian https://cryptax.medium.com/multidex-trick-to-unpack-android-bianlian-ed52eb791e56
Medium
Multidex trick to unpack Android/BianLian
This article explains how to unpack sample sha256 5b9049c392eaf83b12b98419f14ece1b00042592b003a17e4e6f0fb466281368 which was served from…
RSA, DH, and DSA in the Wild https://eprint.iacr.org/2022/048
An extremely casual code review of MetaMask’s crypto https://blog.cryptographyengineering.com/2022/01/14/an-extremely-casual-code-review-of-metamasks-crypto/
A Few Thoughts on Cryptographic Engineering
An extremely casual code review of MetaMask’s crypto
NB: This post describes a very casual code review of a few cryptography functions used by MetaMask. It does not describe any vulnerabilities. If you’re the kind of person who likes a meanderi…
Yet another technique for unpacking latest #Flubot malware samples by @Farenain with Frida, nice! Waiting for a more detailed post :) https://twitter.com/Farenain/status/1492164831616671749?s=20&t=p5q-247waThM0_W4AA12fQ
Twitter
Farenain
I've read the post cryptax.medium.com/multidex-trick… by @cryptax and it's true that is a little bit tricky to dump the file. It looks like some hooks are not working, for the last sample of #Flubot I could extract the file because the malware tries to delete…
Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure https://blog.talosintelligence.com/2022/01/nanocore-netwire-and-asyncrat-spreading.html
Cisco Talos Blog
Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure
* Cisco Talos discovered a malicious campaign in October 2021 delivering variants of Nanocore, Netwire and AsyncRATs targeting user's information.
* According to Cisco Secure product telemetry, the victims of this campaign are primarily distributed across…
* According to Cisco Secure product telemetry, the victims of this campaign are primarily distributed across…
APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit https://research.checkpoint.com/2022/apt35-exploits-log4j-vulnerability-to-distribute-new-modular-powershell-toolkit/
Check Point Research
APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit - Check Point Research
Introduction With the emergence of the Log4j security vulnerability, we’ve already seen multiple threat actors, mostly financially motivated, immediately add it to their exploitation arsenal. It comes as no surprise that some nation-sponsored actors also…
Forensics Analysis of the NSO Group’s Pegasus Spyware https://lifars.com/2022/01/forensics-analysis-of-the-nso-groups-pegasus-spyware/
LIFARS, a SecurityScorecard company
Forensics Analysis of the NSO Group’s Pegasus Spyware
NSO’s Group Pegasus spyware was mentioned multiple times during 2021 in the media. It has been heavily analyzed by organizations such as Amnesty Forensics Analysis of the NSO Group’s Pegasus Spyware
North Korean hackers stole nearly $400M in cryptocurrency in 2021 https://therecord.media/north-korean-hackers-stole-nearly-400m-in-cryptocurrency-in-2021/
The Record
North Korean hackers stole nearly $400M in cryptocurrency in 2021
Hackers working for the North Korean government are believed to have stolen almost $400 million worth of cryptocurrency from seven hacked companies over the course of 2021, up from the $300 million they stole from four companies the year before.
Capturing RDP NetNTLMv2 Hashes: Attack details and a Technical How-To Guide https://www.gosecure.net/blog/2022/01/17/capturing-rdp-netntlmv2-hashes-attack-details-and-a-technical-how-to-guide/
GoSecure
24/7 managed detection, response, and expert cybersecurity services - GoSecure
We provide around-the-clock threat detection and incident response, backed by expert consulting to keep your organization secure.
How to Securely Implement TLS Certificate Checking in Android Apps https://www.guardsquare.com/blog/how-to-securely-implement-tls-certificate-checking-in-android-apps
Guardsquare
How to Implement Android TLS Certificate Checking | Guardsquare
Learn how to avoid TLS certificate issues and tighten the security process using certificate and SSL pinning and certificate transparency on android.
reFlutter - Flutter Reverse Engineering Framework https://www.kitploit.com/2022/01/reflutter-flutter-reverse-engineering.html
KitPloit - PenTest & Hacking Tools
reFlutter - Flutter Reverse Engineering Framework
Vulnerable AWS Lambda function – Initial access in cloud attacks https://sysdig.com/blog/exploit-mitigate-aws-lambdas-mitre/
Sysdig
Lambda Threat – Best Practices for Lambda Security | Sysdig
The security research team explains the attack scenario with a vulnerable AWS Lambda function could be a threat used by attackers.
CVE-2022-21661: Exposing Database Info via WordPress SQL Injection https://www.zerodayinitiative.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection
Zero Day Initiative
Zero Day Initiative — CVE-2022-21661: Exposing Database Info via WordPress SQL Injection
In October of this year, we received a report from ngocnb and khuyenn from GiaoHangTietKiem JSC covering a SQL injection vulnerability in WordPress. The bug could allow an attacker to expose data stored in a connected database. This vulnerability was recently…
Analysis of Destructive Malware (WhisperGate) targeting Ukraine https://medium.com/s2wblog/analysis-of-destructive-malware-whispergate-targeting-ukraine-9d5d158f19f3
Medium
Analysis of Destructive Malware (WhisperGate) targeting Ukraine
BLKSMTH | S2W TALON
A Beginner’s guide into Router Hacking and Firmware Emulation https://secnigma.wordpress.com/2022/01/18/a-beginners-guide-into-router-hacking-and-firmware-emulation/
SecNigma
A Beginner’s guide into Router Hacking and Firmware Emulation
Prelude This post is about the personal experiences of me; A noobie hacker- who is super new into router reversing and the challenges I had to face, the research I did and the things I had learned …
Zooming in on Zero-click Exploits https://googleprojectzero.blogspot.com/2022/01/zooming-in-on-zero-click-exploits.html
Blogspot
Zooming in on Zero-click Exploits
Posted by Natalie Silvanovich, Project Zero Zoom is a video conferencing platform that has gained popularity throughout the pandemic. U...
Analyzing an IDA Pro anti-decompilation code https://antonioparata.blogspot.com/2022/01/analyzing-ida-pro-anti-decompilation.html
Blogspot
Analyzing an IDA Pro anti-decompilation code
Twitter: @s4tan GitHub: https://github.com/enkomio/ In this post I'll analyze a piece of code that induces IDA Pro to decompile t...