8kSec

The Way to Android Root: Exploiting Your GPU on Smartphone by Xiling Gong, Xuan Xing, Eugene Rodionov Slides available at: https://lnkd.in/gPc-u_-e

Learn how to exploit pipe_buffer for arbitrary read/write access on Linux and Android in this detailed guide - https://lnkd.in/gzTX8qct #MobileSecurity #Exploit #Android

Q: How to decrypt and capture mobile app TLS/SSL traffic using tools like Fiddler, Charles Proxy, or MITM Proxy, and still generate PCAP files in Wireshark for SNORT analysis? With the latest mobile OS security updates and certificate pinning, how are you guys handling these challenges nowadays? A: One of the common ways to solve this is to install a CA certificate as Trusted on the device. Here are some links that can help. Btw, i usually use Burp as a Proxy as i personally find it better overall. https://lnkd.in/dMfeJidC https://lnkd.in/dnWzzDUA Once this is done, you can bypass SSL/Certificate pinning using dynamic instrumentation tools like Frida or tools like Objection that use Frida under the hood. Here are some links that can help https://lnkd.in/dSHXc7k3 https://lnkd.in/dkv8sjjZ So yes, you do need to perform additional steps to bypass SSL pinning.You can also patch out the SSL Pinning check from the Android/iOS app completely. This change is permanent and you don't need to connect frida after that. Here is a reference that can help https://lnkd.in/evXWGhj #MobileSecurity

Extracting Sandbox Profiles on iOS with CellebriteLabs fork of SandBlaster by TFP0 Labs, Inc https://lnkd.in/eEksfTec #iOSSecurity #Sandboxing #BinaryNinja

Question: You suggest ARM64 has tons of intrinsic vulnerabilities. Does it though? ARM is likely the most prevalent processing architecture globally (by sockets). By that logic, it should be the most attractive platform ever. And yet, ARM doesn't seem to be breached at scale, despite the vulnerabilities you share. Why? Are all vendors equally vulnerable (e.g., Qualcomm, Samsung, etc.)? Do modern OS trap these violations? Answer: Yes, most operating systems have additional mitigations that need to be bypassed to completely exploit a vulnerability. Barriers to exploiting a vulnerability include figuring out the entry point, restricted process permissions, sandboxing, and more. These measures can prevent an exploit or limit the damage it can cause. #ARM64 #AArch64 #MobileSecurity

Read more about Dirty stream attack here at https://lnkd.in/gpmaxcP2 . Learn about how path traversal and code execution go hand in hand in the post. #MobileSecurity #AndroidSecurity #Pentest

State-backed attackers and commercial surveillance vendors often recycle old exploits repeatedly. Learn more about the latest findings from Google’s Threat Analysis Group as they reveal the n-day exploits targeting iOS and Android - https://lnkd.in/eTQwffAk #MobileSecurity #DFIR #iOSSecurity #AndroidSecurity

Read an in-depth analysis of a double free vulnerability in Samsung's NPU driver leading to code execution using Dirty Pagetable technique - https://lnkd.in/dnKvgGmj by Javier P Rufo. You can see the full #exploit code here - https://lnkd.in/dXa9-69A #MobileSecurity #AndroidSecurity #RedTeam

Q: What's the best way to securely handle authorization tokens in mobile apps? Should we store and manage the tokens on the device, or keep them on the server and use a user ID for requests? Is that secure, especially for sensitive data? A: In order to authenticate the user, you need to have some kind of local storage mechanism to store the user token. It is recommended to use platform-provided secure storage mechanisms. For example, on Android, use the Keystore system; on iOS, use the Keychain. Ensure it's using proper Keychain attributes https://lnkd.in/gCTYSNTe. Also consider implementing short-lived tokens with refresh mechanisms. This limits the potential damage if a token is compromised. Usually, if you are storing token locally, the attackers needs to have physical access to the device to get the token. The chances of this are almost negligible. It is recommended to use JWT tokens as they are self-contained, meaning they include all the information needed to verify the user, such as the user ID and expiration date. This eliminates the need for server-side sessions. Since JWT tokens are stored on the client-side (typically in secure storage on mobile devices as mentioned above), the server does not need to manage session data, which simplifies the architecture overall. #MobileSecurity #AppSecurity

One of our favourite Mobile Hacking Talks: Mobile Exploitation, the past, present, and future. https://lnkd.in/dhnQpEp8 by Ki Chan Ahn #MobileHacking