Android-Security-Teryaagh

Writeups and blogs or any kind of document

tutorial

• 11x256 (tutorials about using Frida to instrument android applications)
• App Reverse Engineering 101
• Android Applications Pentesting
• All Anroid Security Refrence
• Android Application Security Series
• Android Penetration Testing
• Android application penetration testing guide
• Flutter reverse : [1] - [2] - [3]
• Using Frida on Android without root
• Frida Handbook
• series of challenges for learning Frida for Android
• MITRE Mobile Techniques
• Android Security Risks
• Debug Native library in android
• ARM assembly basics
• 3 ways for Dynamic Code Loading in Android
• Analyze the native ELF binary in Ghidra
• Content Providers and the potential weak spots they can have
• Wi-Fi hacking using wifite
• Bypassing Hardened Android Applications
• Bypassing Root detection in android flutter apps
• Flutter Reverse Engineering and Security Analysis
• Android Deep Links exploitation
• https://medium.com/@appsecwarrior/bypass-ssl-pinning-for-flutter-a2f9ae85762e
• How to debug Android/iOS native library using GDB
• Advanced Frida Usage-Memory Scanning
• Instruction Tracing using Frida Stalker
• Fundamentals for Bytecode Exploitation: [1] - [2] - [3] - [4]

Blog

• xss on android
• Seeker: How a Simple Link Can Reveal Your Smartphone’s Location
• Owning a company from its mobile app
• Get persistent reverse shell from Android app
• Hacking Android Games
• Automated local DNS cache poisoning using Android while charging via computer
• Bad Zip and new Packer for Android
• Unsupported Compression Methods Enable Android Malware to Bypass Detection
• Common mistakes when using permissions in Android
• theft of arbitrary files
• Hacking Samsung’s Android Apps : [1] - [2]
• Hacking Xiaomi’s Adnroid Apps: [1]
• Client Side Encryption Bypass Leads to Account Takeover
• PGSharp: Analysis of a Cheating App for PokemonGO
• Use cryptography in mobile apps the right way
• How to Detect Frida
• apps with millions of downloads exposed to high-severity vulnerabilities
• Pending Intents: A Pentester’s view
• Unpacking a JsonPacker-packed sample
• Exploiting Android WebView Vulnerabilities
• Life hack for understanding Flutter Application : [1] - [2]
• Testing a new encrypted messaging app
• The Kangaroo packer with native decryption
• Android SELinux Internals

Malware analysis

• Take a note of SpyNote malware
• Malicious “RedAlert - Rocket Alerts”
• Blackrock
• SoumniBot
• Analysis of Android HookBot malware
• Reverse engineering of Android/Phoenix
• Fake Skype App
• Pegasus
• Xenomorph
• unmasking the godfather
• LightSpy mAPT Mobile Payment System Attack
• Unmasking – EVLF DEV
• Anubis analysis video
• MoqHao Malware Analysis
• SharkBot Malware Analysis
• SOVA Malware Analysis
• a Cabassous/FluBot Case study
• Reversing ActionSpy Android Malware
• Trojans and their little tricks
• App Serves Teabot Via GitHub
• Google Service Framework Malware
• Hydra Malware
• Hydra Malware : [1] - [2] - [3]
• Ginp Malware
• PEGASUS Malware
• Godfather Malware
• EASTERN ASIAN ANDROID ASSAULT – FLUHORSE
• Reverses Flutter-based Android Malware “Fluhorse”

CVE

• Samsung Flow - Any App Can Read The External Storage
• Samsung Galaxy - Any App Can Install Any App In The Galaxy App Store

CTF

• hacker101-CTF
• 2021-GoogleCTF-TRIDROID
• 2021-THCon-Good old friend
• 2021-THCon-draw.per
• 2021-S4CTF-Water Color
• 2021-ritsec-memedrive
• 2021-DarkConCTF-fire in the android
• 2021-DarkConCTF-ezpz
• 2020-TokyoWesternsCTF-Tamarin : [1] - [2] - [3]
• 2020-HackTM-MobaDEX
• 2020-RaziCTF-Chasing a Lock
• 2020-RaziCTF-CTF Coin
• 2020-RaziCTF-Friends
• 2020-RaziCTF-Strong Padlock
• 2020-PhantomCTF-hehe
• 2020-SamsungCTF-vault101
• 2020-GoogleCTF-android
• 2019-asis-andex
• 2019-GoogleCTF-Flaggy Bird

BugBounty

RCE

• Arbitrary code execution on Facebook
• persistent code execution in the Google Play Core Library
• RCE in TikTok Android app
• Why dynamic code loading could be dangerous for your apps
• From Android Static Analysis to RCE

Path traversal

• Arbitrary code execution on Facebook

insecure component

• Account takeover intercepting magic link
• Insecure deeplink leads to sensitive information disclosure
• android app deeplink leads to CSRF in follow action
• Possible to intercept broadcasts about uploaded files
• exported broadcast receiver
• insecure broadcast
• Gaining access to protected components
• Exploiting Activity in medium android app
• Google Photos : Theft of Database & Arbitrary Files Android Vulnerability
• Ability To Backdoor Facebook For Android
• Security flaws in samsung device

SQL Injection

• SQL Injection found in NextCloud Android App Content Provider
• Time-Based SQL Injection to Dumping the Database

Steal files

• Exploring vulnerabilities in WebResourceResponse
• Theft of arbitrary files leading to token leakage
• Possible to steal arbitrary files from mobile device
• Vulnerable to local file steal, Javascript injection, Open redirect
• securing Samsung devices

Privilege Escalation

• Intent spoofinig
• Access of some not exported content providers
• Access of Android protected components via embedded intent
• Vulnerable to JavaScript injection

XSS

• HTML Injection in BatterySaveArticleRenderer WebView
• Opening arbitrary URLs/XSS in SAMLAuthActivity
• XSS via start ContentActivity
• XSS in ImageViewerActivity
• Webview Vulnerablity
• Stored XSS in Google Ads
• XSS Stored On Messages In outlook

CSRF

• android app deeplink leads to CSRF in follow action

Bypasses

• Golden techniques to bypass host validations in Android apps
• Two-factor authentication bypass
• Bypass of biometrics security functionality is possible in Android application
• Bypass anti debugging

This site is open source. Improve this page.