43051
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
A step-by-step Android penetration testing guide for beginners
https://infosecwriteups.com/a-step-by-step-android-penetration-testing-guide-for-beginners-8435e5e969a3
Run Kitchen Sink from Android app using 219 devices at once targeting iOS, Windows and Android & signal range comparison of BLE spam messages for Flipper Zero, Bluetooth LE Spam and nRF Connect apps
https://www.mobile-hacker.com/2023/11/08/android-kitchen-sink-send-ble-spam-to-ios-android-and-windows-at-once-using-android-app/
Video tutorial on how to install rootless Kali NetHunter in 8 minutes on Android 13 and Android 14
https://www.youtube.com/watch?v=GmfM8VCAu-I
Arid Viper | APT’s Nest of SpyC23 Malware Continues to Target Android Devices
https://www.sentinelone.com/labs/arid-viper-apts-nest-of-spyc23-malware-continues-to-target-android-devices/
Bypassing Android 13 Restrictions with SecuriDropper
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Vulnerability (CVE-2023-36620) in Boomerang Parental Control Android app (100,000+ installs) allowed an attacker with physical access to device to take over admin control panel and spy on a kid
https://seclists.org/fulldisclosure/2023/Jul/12
Bluetooth LE spam attack is now ported to dedicated Android app to push notifications for Android and Windows
For Android, is can advertise over 170 devices
https://github.com/simondankelmann/Bluetooth-LE-Spam
Car Hacking using Flipper Zero and HackRF
Both blogs present in depth research and testing of common methods of hacking fixed-code and rolling codes of radio frequency locks using replay attacks, brute-force, signal jamming, RollJAM, Rolling-PWN and Keeloq Decryption
part1: https://chaos-lab.blogspot.com/2023/10/grand-theft-auto-rf-locks-hacking.html
part2: https://chaos-lab.blogspot.com/2023/10/grand-theft-auto-rf-locks-hacking_31.html
How to get Wi-Fi password via WPS Button attack using NetHunter
https://www.mobile-hacker.com/2023/10/31/nethunter-hacker-x-wps-attacks/
Discovered XMPP (Jabber) instant messaging protocol encrypted TLS connection wiretapping (Man-in-the-Middle attack) of jabber.ru (aka xmpp.ru) service’s servers on Hetzner and Linode hosting providers in Germany
https://notes.valdikss.org.ru/jabber.ru-mitm/
Bypass Android Applications Debug and Root Detection via debugger.
shubhamsonani/hacking-with-precision-bypass-techniques-via-debugger-in-android-apps-27fd562b2cc0" rel="nofollow">https://medium.com/@shubhamsonani/hacking-with-precision-bypass-techniques-via-debugger-in-android-apps-27fd562b2cc0
Pwn2Own 2023 hacking contest resulted in hacking Samsung Galaxy S23 twice, Xiaomi's 13 Pro smartphone, as well as printers, smart speakers, Network Attached Storage (NAS) devices, and surveillance cameras from Western Digital, QNAP, Synology, Canon, Lexmark, and Sonos
https://www.bleepingcomputer.com/news/security/samsung-galaxy-s23-hacked-twice-on-first-day-of-pwn2own-toronto/
The outstanding stealth of Operation Triangulation
https://securelist.com/triangulation-validators-modules/110847/
Automatically extract URL and IP endpoints from Android app to a text file using apk2url.
Fast and useful tool for pentesters, bug bounty hunters, or malware analyst
https://github.com/n0mi1k/apk2url
BLE Spam allows now to send unwanted notifications to iOS, Android and Windows at once using Flipper Zero.
If you don't have Flipper Zero, in the blog I explained how to trigger popups using any Android smartphone even with custom messages
https://www.mobile-hacker.com/2023/10/17/spam-ios-android-and-windows-with-bluetooth-pairing-messages-using-flipper-zero-or-android-smartphone/
Android malware spying on Urdu-speaking residents via a possible watering-hole attack
https://www.welivesecurity.com/en/eset-research/unlucky-kamran-android-malware-spying-urdu-speaking-residents-gilgit-baltistan/
How to bypass root detection in Android flutter apps
https://shobi.dev/blog/2023-28-10-bypassing-root-detection-in-flutter-with-frida
Pandora's box is now open: the well-known Mirai trojan arrives in a new disguise to Android-based TV sets and TV boxes (Tanix TX6 TV Box, MX10 Pro 6K, H96 MAX X3 and others)
https://news.drweb.com/show/?lng=en&i=14743https://news.drweb.com/show/?lng=en&i=14743
Usage of ispw, the Swiss Army Knife for iOS/MacOS security research
https://8ksec.io/ipsw-walkthrough-part-1-the-swiss-army-knife-for-ios-macos-security-research/
A curated list of modern Android exploitation conference talks
https://github.com/actuator/Android-Security-Exploits-YouTube-Curriculum
WhatsApp spy mod spreads through Telegram, attacks Arabic-speaking users
https://securelist.com/spyware-whatsapp-mod/110984/
Mobile Malware Analysis Part 3 – Pegasus
https://8ksec.io/mobile-malware-analysis-part-3-pegasus/
Arid Viper (APT-C-23) disguising mobile spyware as updates for non-malicious Android applications
https://blog.talosintelligence.com/arid-viper-mobile-spyware/
Android adware discovered on Google Play with over 2,000,000 installs
https://news.drweb.com/show/review/?lng=en&i=14767
Your printer is not your printer ! - Hacking Printers at Pwn2Own Part I
https://devco.re/blog/2023/10/05/your-printer-is-not-your-printer-hacking-printers-pwn2own-part1-en/
Leveraging a Hooking Framework to Expand Malware Detection Coverage on the Android Platform
https://unit42.paloaltonetworks.com/hooking-framework-in-sandbox-to-analyze-android-apk/
How to increase radio range of Flipper Zero beyond 100 meters | internal vs. external radio module
https://www.mobile-hacker.com/2023/10/24/how-to-increase-radio-range-of-flipper-zero-yourself-beyond-100-meters/
Analysis of Rusty Droid Android RAT
https://labs.k7computing.com/index.php/rusty-droid-under-the-hood-of-a-dangerous-android-rat/
iObfuscate: Unraveling iOS Obfuscation Techniques
Examine multiple examples of Reverse Engineering iOS obfuscation techniques
https://github.com/LaurieWired/ObjectiveByTheSea2023/
Malicious “RedAlert - Rocket Alerts” Application Targets Israeli Phone Calls, SMS, and User Information through fake website
https://blog.cloudflare.com/malicious-redalert-rocket-alerts-application-targets-israeli-phone-calls-sms-and-user-information/