Tweets from March 2014

RT @TeamAndIRC: WeakSauce has been updated fixing bugs, and adding compatibility for many older HTC phones http://t.co/RZdYsdmCtO

8:50pm March 30th 2014 via Falcon Pro

.@iolandatweets is forcing me to shutdown this... due to "housekeeping". #truelove http://t.co/ucrFYROy9D

4:19pm March 30th 2014 via Falcon Pro

RT @xdadevelopers: Jcase and Beaups Root the Verizon HTC One 2014 (M8) and S-Off Last Year's Verizon HTC One http://t.co/GbQVORdszP

10:05am March 30th 2014 via Falcon Pro

RT @dinodaizovi: Grats to @jduck, @quine, @collinrm, @pof, @s7ephen, @ochsff for getting Android Hacker's Handbook out. I'm stoked: http://t.co/RP37jE1IXW

8:53pm March 29th 2014 via Falcon Pro

RT @kutyacica: Qualcomm Security Summit lineup looking great. Talks by our ceo, Android Security Team, @esizkur @collinrm @mwrlabs @FireEye @nedos & more

7:34pm March 27th 2014 via Falcon Pro

RT @0xroot: New Vulnerabilities in Firefox for Android: Overtaking Firefox Profiles - http://t.co/5Uydq1VG2a

7:12pm March 27th 2014 via Falcon Pro

RT @k3170Makan: So basically webview is a wrapper for WebViewChromiumFactoryProvider.java ? https://t.co/8c4dAWLLLM interesting...

7:11pm March 27th 2014 via Falcon Pro

RT @jduck: Android "PileUp" attacks look interesting, discussion on G+ here: https://t.co/SKTTHxu6f2

7:09pm March 27th 2014 via Falcon Pro

RT @timstrazz: https://t.co/ZgKA6eABea #Android #Malware mining coins… https://t.co/qnskKxWtVf samples submitted to Contagio - enjoy

6:56pm March 27th 2014 via Falcon Pro

RT @collinrm: Trying to harden my Nexus 5. Very basic apps, no research tools. http://t.co/D4JmxC1FNN

5:39pm March 27th 2014 via Falcon Pro

@Xgamerz I've been practicing ;) http://t.co/RzNM6I3FYB

1:47pm March 27th 2014 via web

RT @VXShare: Posted a special torrent of new Android APK (zip) #malware. 24,317 samples in 48GB. Users login for links.

8:44am March 26th 2014 via Falcon Pro

RT @lcamtuf: Fyodor put together a new version of F-D: http://t.co/92eDXhLH7B. Hop in.

8:37am March 26th 2014 via Falcon Pro

RT @jduck: I'm told ebook of Android Hacker's Handbook will be out on/before Apr 14th. Kindle maybe earlier cc @JamesBChen @piotr @ebeip90 @eQuiNoX__

8:34am March 26th 2014 via Falcon Pro

RT @Fuzion24: Android devices need a 'fastboot oem userlock' to lock the bootloader to a custom image. 'oem userunlock' would delete the user partition

8:30am March 26th 2014 via Falcon Pro

RT @esizkur: Slide deck of my CSW 2014 talk about memory corruptions and concurrency (with an encore, starting on slide 30): https://t.co/fms8slf7Vj

8:15am March 26th 2014 via Falcon Pro

RT @daniel_bilar: Android: Fortifying 'Zygote' ASLR https://t.co/Fk9J1EZDVB via @grsecurity [Morula model, odl, selective randomization http://t.co/UuSODxeQNn

1:48pm March 25th 2014 via Falcon Pro

I have published a new post: Hacking Super Street Fighter II Turbo (Part 1) - http://t.co/RBewHzlbEh #SuperTurbo #MAME

1:14am March 25th 2014 via web

RT @jduck: You can take a look inside Android Hacker's Handbook now. Just click the cover on the left and enjoy ;-) http://t.co/0TwUtldACc

10:59pm March 24th 2014 via Falcon Pro

RT @thomas_cannon: New iOS malware use Cydia Substrate to steal advertisement promotion fee [via @zihangxiao] http://t.co/M9D4LrpGXq

10:55pm March 24th 2014 via Falcon Pro

RT @_iphelix: IDA Patcher plugin to enhance binary/memory patching. http://t.co/Uhbindr3QH #ida #plugin #re

9:12pm March 24th 2014 via web

RT @TeamAndIRC: Decrypting encrypted classes using JEB + custom plugin https://t.co/OUt2vi9PLz Sure saves a lot of time @jebdec

5:56am March 23rd 2014 via Falcon Pro

RT @cheru2: Android Custom Permissions Leak User Data http://t.co/SwqYkKpqhS

6:35pm March 22nd 2014 via Falcon Pro

RT @1ns0mn1h4ck: Ctf is over , congratulation to the winners ! @DragonSectorCTF http://t.co/6nr1k9Nx0y

8:27am March 22nd 2014 via Falcon Pro

RT @cryptax: In case some of you have already seen my Hidex prez at Hack.lu, there'll be new stuff at #INS14 as I have recently updated the tool.

8:47am March 21st 2014 via Falcon Pro

RT @angealbertini: 1st version of angecrypt.pyt, supporting PDF/PNG/JPG as output formats http://t.co/bpqcREaXZn http://t.co/3RoF6Js92I

8:46am March 21st 2014 via Falcon Pro

RT @raviborgaonkar: My slides on "Security Evolution of SIM Card" and on new embedded SIM security at #troopers14 Telco Sec Day here: https://t.co/fsskxF65zv

10:38pm March 20th 2014 via Falcon Pro

RT @layakk: Slides of our "Attacking 3G" presentation at #rooted2014 now available. http://t.co/22eMuzvLRb

6:48pm March 20th 2014 via Falcon Pro

RT @kalenz: A quick security review of the Uhuru Mobile demo ROM http://t.co/pFo8TXD4ZY

6:46pm March 20th 2014 via Falcon Pro

@ibelmonte congratz papá!!! y también a Lucas y a la mamá :D

12:46pm March 20th 2014 via Falcon Pro in reply to ibelmonte

RT @ohjeongwook: Reverse engineering NAND Flash for fun and profit http://t.co/ZTHpXON3ZY

10:10pm March 19th 2014 via Falcon Pro

RT @kapitanpetko: Card emulation using the UICC (via SWP) on Nexus 5: http://t.co/c9WoCCL4JR

8:34am March 19th 2014 via Falcon Pro

RT @jduck: I updated http://t.co/lVVX4JKonZ. According to Amazon (http://t.co/0TwUtldACc) the release date for Android Hacker's Handbook is March 31st!

8:28am March 19th 2014 via Falcon Pro

RT @jduck: TIL about @kapitanpetko's book (http://t.co/klrhnOpsLo)! Congrats to him and @billpollock (mystery solved)

8:25am March 19th 2014 via Falcon Pro

RT @ibrahimbalic: Android Debug Bridge Buffer Overflow # adb shell [command] [4366+ byte] Ornek : adb shell am [4366byte] #0day

2:53pm March 18th 2014 via web

RT @0xroot: Android OS Memory Corruption Part I http://t.co/48F3FgvTeU and Part II http://t.co/yrgHkQaMRy

2:50pm March 18th 2014 via web

RT @ibrahimbalic: Next time I publish an Android Asset Packaging Tool (aapt) BoF Vulnerability. ;)

2:47pm March 18th 2014 via web

RT @ibrahimbalic: Android malformed APK DoS – Part II details -> http://t.co/EpcCLcXhHf

2:47pm March 18th 2014 via web

jadx: new open source Dex to Java decompiler written in Java - https://t.co/QvV5oRlWIj

1:20pm March 18th 2014 via web

Android vuln allows to install app from Google Play without user explicit consent, already fixed via Play Services - http://t.co/Op8xp3fMV2

1:00pm March 18th 2014 via web

RT @4Dgifts: ASA now hooks Android's websettings prevent apps from turning on Javascript in Webviews,great add blocker & security https://t.co/amQl8pQwOA

8:23am March 18th 2014 via Falcon Pro

@TeamAndIRC sorry to hear that, my condolences

8:20am March 18th 2014 via Falcon Pro in reply to TeamAndIRC

RT @capstone_engine: New toy: CEbot! Disasm binary on Twitter, simply by tweet your hex-string with hashtag #2ce & get back answer. See http://t.co/NSfn98sY

8:19am March 18th 2014 via Falcon Pro

RT @TeamAndIRC: Android De-obfuscation: String Encryption http://t.co/vAKG2PyD7D

8:00am March 18th 2014 via Falcon Pro

RT @0xroot: About addJavascriptInterface abuse in Android Browsers - http://t.co/Nrq7iSt4hJ

11:19pm March 17th 2014 via Falcon Pro

RT @grsecurity: Since no distro ships a working ARM cross-toolchain with GCC plugin support: https://t.co/5LccHxM3Sz Created by http://t.co/Rxoc570BVt

7:39pm March 17th 2014 via Falcon Pro

RT @cryptax: 76% of IP packets downloaded are pure advertisement traffic. Hmm. So much for free surfing... See http://t.co/MlamKaLzeG #Android #mobile

5:00pm March 17th 2014 via Falcon Pro

RT @mwrlabs: Our advisory for Paypal's Android app RCE and SSL issues: https://t.co/Uvh2SqtK8I Vendor claims "no risk to brand" #itsafeaturenotabug

4:55pm March 17th 2014 via Falcon Pro

RT @marcograss: Remotely Crashing Bluetooth on Android - http://t.co/VXd48yAi0q

4:55pm March 17th 2014 via Falcon Pro

@Xgamerz yes, i am aware of it :) nice work by papasi!

2:26pm March 16th 2014 via Falcon Pro in reply to Xgamerz

@againsthimself it's Kalima Hotel in Caldetes, ~30km north of Barcelona

7:06pm March 15th 2014 via Falcon Pro in reply to againsthimself

Testing Occulus Rift, really impressed! http://t.co/TKZ0QGq4lS

11:36am March 15th 2014 via Falcon Pro

@TeamAndIRC @saidelike @jduck @iamnion enjoy!, some @viaForensics folks will be there too, unfortunately I can't make it either :(

9:52am March 15th 2014 via Falcon Pro in reply to TeamAndIRC

RT @VUPEN: We successfully #Pwn2Own'd Chrome with a use-after-free in Blink/Webkit + a Chrome sandbox escape (no flash, no kernel involved)

9:19am March 14th 2014 via Falcon Pro

RT @bl4sty: So WhatsApp has beefed up the crypto of those SD files .. https://t.co/EoPNr0Ykb2 .. looks like you need an accountname now as well, OH NOES

11:51pm March 13th 2014 via Falcon Pro

RT @AndroidPolice: Security Researcher Dan Rosenberg Calls Bullshit On Samsung "Backdoor" Vulnerability Published By FSF http://t.co/dNXkwphgOx

11:17pm March 13th 2014 via Falcon Pro

RT @antitree: Break down of my Android challenges for this year's #ISTS @RIT_SPARSA http://t.co/SBqAZAFZ7z

11:13pm March 13th 2014 via Falcon Pro

RT @TeamAndIRC: POC for fotabinder, since it appears to be turning up in more and more products http://t.co/G31zphLj2I

11:10pm March 13th 2014 via Falcon Pro

RT @TeamAndIRC: CVE-2014-1600 impacts Omate TrueSmart as well as other mediatek devices, cough free root cough

11:10pm March 13th 2014 via Falcon Pro

RT @djrbliss: This doesn't affect the severity of the finding, but it might help clarify the supposed intended use of the described functionality.

11:07pm March 13th 2014 via Falcon Pro

RT @djrbliss: In Samsung RIL vuln, I think it should be emphasized that a dir traversal bug was needed to cause writing outside /efs/root directory.

11:07pm March 13th 2014 via Falcon Pro

RT @kutyacica: opinion: a directory traversal bug is as much a backdoor as a WebKit UAF. Pointless accusations are pointless.

11:04pm March 13th 2014 via Falcon Pro

RT @kutyacica: re: replicant "backdoor". fact: all those listed phones got nothing to do with Qualcomm, not Qualcomm chips (...)

11:04pm March 13th 2014 via Falcon Pro

RT @AndroidTamer: Good article about various changes in how SDCARD is handled in android 4.4. http://t.co/i59pubjmFK

11:03pm March 13th 2014 via Falcon Pro

RT @sfvsbcn: The famous houses: Painted Ladies vs. Illa de la Discordia #sanfrancisco #barcelona #illustration http://t.co/Cn2SFbQYPc

4:25pm March 13th 2014 via web

RT @trufae: Replicant developers find and close Samsung Galaxy backdoor — #android https://t.co/kwsHS3YWnO

10:29am March 13th 2014 via web

Backdor found in Samsung Galaxy RIL allows baseband to perform remote I/O operations on the phone's storage - http://t.co/nq54hLMuSJ

10:28am March 13th 2014 via web

RT @timbray: NSA: “If we can get the target to visit us in some sort of web browser, we can probably own them” https://t.co/Qgm4ePUWVO

10:06pm March 12th 2014 via Falcon Pro

RT @antitree: Vodafone Germany looks to provide end-to-end encryption with SIM signatures http://t.co/J1LaPcaaqd

9:35am March 12th 2014 via Falcon Pro

RT @asby: Steal WhatsApp database (PoC) http://t.co/1Q3QgGrm8Y

9:30am March 12th 2014 via Falcon Pro

RT @hubert3: <iframe src=“facetime-audio://user@host.com”> viewed on iOS < 7.1 places a call with no user confirmation, nice find by @gepeto42.

2:01pm March 11th 2014 via Falcon Pro

RT @mobilejazzcat: Learn about @android Sandboxing Defense Mechanisms http://t.co/ZUshhljs5E by @mobiosis #android #androiddev

8:30am March 11th 2014 via Falcon Pro

This is how you debug a CPS2 game using mame-rr #ssf2x http://t.co/dR00EBXyiZ

3:13pm March 10th 2014 via web

RT @Gunther_AR: If there are some interesting Android papers that are missing, https://t.co/A6ExbBCK15 Please let us know. CC @jduck

11:31am March 10th 2014 via Falcon Pro

RT @jebdec: Mobile Hacking Summit training at @BlackHatEvents Vegas will include a section on JEB by @TeamAndIRC See https://t.co/IH8BDmB9WL

9:15am March 9th 2014 via Falcon Pro

RT @gamamb: Inline PGP signatures considered harmful: Everyone should switch to PGP/MIME https://t.co/SnRchqjvQr

12:25am March 9th 2014 via Falcon Pro

RT @shah_jim: Adding more bounce to Bouncer - http://t.co/KgLicWKjK8 Recent android defense research.

7:46am March 8th 2014 via Falcon Pro

RT @timstrazz: #Dendroid #Android Samples posted http://t.co/TYpsEhiutC - reminder (AV) researchers sharing is caring aka not being a dick

9:42pm March 7th 2014 via Falcon Pro

IOarm: a wargame running natively on ARMv7 - http://t.co/2hMwCxZdcJ via @rchiossi

9:18pm March 7th 2014 via Falcon Pro

RT @PaulOBrien: This is a nice little Xposed Mod to get around the Android quirk of apps inside other apps when sharing etc. http://t.co/UPIGqsOVI6

11:11am March 7th 2014 via Falcon Pro

RT @shah_jim: 2) "Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications" http://t.co/okAUwGCgee

10:34am March 7th 2014 via Falcon Pro

RT @shah_jim: 1) “PREC: Practical Root Exploit Containment for Android Devices” http://t.co/en6PPj4bUg

10:34am March 7th 2014 via Falcon Pro

List of Android Security Enhancements - http://t.co/gnTE7Butk3 via @anantshri

10:30am March 7th 2014 via Falcon Pro

RT @reyammer: 16% of the top 50 Android apps were (are?) vulnerable to remote code execution! Blog post of our NDSS paper is out: http://t.co/lkvOx5GmkC

7:39pm March 6th 2014 via Falcon Pro

RT @jcran: A more powerful, stealthier, and uncommon ARP poisoning technique http://t.co/JmqGW78ut7 (see also https://t.co/4QYJXdVPoe)

7:10pm March 6th 2014 via Falcon Pro

@josealun mira que tu versión de busybox tenga compilado el soporte de arping

4:54pm March 6th 2014 via Falcon Pro in reply to josealun

@julianor @fcerullo si, cuando tenga un rato libre la actualizaré para hacerla más usable y q no sea solo un launcher para el sh...

2:00pm March 6th 2014 via Falcon Pro in reply to julianor

@julianor @fcerullo si xD el shell script usa radare2 para cambiar la mac en el fichero de firmware de la wifi en Android

1:46pm March 6th 2014 via Falcon Pro in reply to julianor

@julianor @JaviTobal lo contestan ambos el cliente y el gw (este 3 o 4 veces), el isolation nos lo saltamos con arping (excepto PSPF)

1:06pm March 6th 2014 via Falcon Pro in reply to julianor

@julianor @JaviTobal el gateway contesta todas las peticiones arp, pero usamos arping para filtrar y quedarnos solo con la mac del cliente

12:54pm March 6th 2014 via Falcon Pro in reply to julianor

RT @newsycombinator: Append "_nomap" to your AP's SSID to opt out of Google Locaiton Services http://t.co/fqvf2DP3mn

12:23pm March 6th 2014 via Falcon Pro

RT @kutyacica: /dev/mem and /dev/kmem are now removed from msm kernels. Patch looks simple enough, took a bit more work though! ;) https://t.co/gvFpUz5kUV

12:18pm March 6th 2014 via Falcon Pro

RT @CERT_Polska_en: Excellent guide to amp attacks: "Amplification Hell: Abusing Network Protocols for DDoS" [PDF] http://t.co/VfKJL4eoHO

12:15pm March 6th 2014 via Falcon Pro

Here are my slides from today's presentation at @rootedcon: Bypassing wifi pay-walls with Android [PDF] https://t.co/aztEoysuXo #rooted2014

12:09pm March 6th 2014 via web

@fcerullo de momento sólo Android, iOS no está en mis planes aunque no lo descarto :)

11:55am March 6th 2014 via Falcon Pro in reply to fcerullo

RT @as0ler: At @rootedcon enjoying the drawing skills of @pof - Microsoft visio 2.0 http://t.co/nMknqJpavz

11:41am March 6th 2014 via Falcon Pro

RT @apasamar: @pof surprised us with advanced painting skills at #rooted2014 http://t.co/YNQgCkIE82

11:41am March 6th 2014 via Falcon Pro

The hotspot bypass scripts are available here - https://t.co/i4v9PLaIvy

11:40am March 6th 2014 via Falcon Pro

The PoC I presented today at @rootedcon is available here: "hotspot-bypass" - https://t.co/OopJOqLWgJ enjoy :)

11:37am March 6th 2014 via Falcon Pro

RT @ortegaalfredo: RT @newshtwit: backdooring ARM cpu https://t.co/FKymEMdQ8I <-- RSA 2014 talk. More detail, whitepaper *and tutorial* for #syscan 2014

10:43am March 6th 2014 via Falcon Pro

RT @blundell_apps: Add ChromeCast to your app with 3 files + Gradle https://t.co/o6q2HYowXn from my @novoda hack & tell

10:38am March 6th 2014 via Falcon Pro

on my way to Madrid, all ready for @rootedcon :) #rooted2014

3:37pm March 5th 2014 via Falcon Pro

RT @thegrugq: @pof @collinrm @s7ephen @KismetWireless and then OpenPDroid, because why the fuck not?

2:29am March 5th 2014 via web

ASA: Granular permission control for apps trying to access "private" resources using Cydia Substrate - https://t.co/Vgd8HkpYEf via @4Dgifts

2:27am March 5th 2014 via web

@4Dgifts awesome, didn't know about it! thanks for sharing

2:21am March 5th 2014 via web in reply to 4Dgifts

@collinrm BootUnlocker, adb wireless, setpropex, dexplorer, dexdump,...

2:03am March 5th 2014 via Falcon Pro in reply to collinrm

RT @AndroidPolice: Developer PSA: Google And Intel Release x86 Emulator Image With Google APIs For The First Time http://t.co/aSdtuOTPHC

1:59am March 5th 2014 via Falcon Pro

Capcom CPS2 ROM decryption effort: "clean" decrypted CPS2 images without the extra Phoenix features - http://t.co/JJhhx5m62r

1:29am March 5th 2014 via web

RT @evdokimovds: Avalanche is a dynamic defect detection tool that generates "inputs of death" (Valgrind, STP, +ARM & Android) https://t.co/72spT2Hwz5

12:08pm March 4th 2014 via Falcon Pro

Method for Scalable Analysis of Android Applications for Security Vulnerability (US Patent by NEC Labs) - http://t.co/wNP9oLZu7p

9:03am March 4th 2014 via web

RT @AndroidPolice: [New App] ViaProtect Public Preview Gives A Basic Look At Where Android Apps Are Sending Your Data http://t.co/rNOckKE7pD

8:20am March 4th 2014 via Falcon Pro

RT @carlosacastillo: [McAfee Labs] Automatic App Installation from Google Play Poses Big Risk http://t.co/kprlypMpvy by @dainakax

8:19am March 4th 2014 via Falcon Pro

RT @securitywatch: Does mobile security need root? @ahoog42 says YES. http://t.co/xLrKuziTdI

8:17am March 4th 2014 via Falcon Pro

RT @collinrm: Mobile Security News Update March 2014: http://t.co/xPtUFJthbN

8:17am March 4th 2014 via Falcon Pro

RT @scottyab: slides from my RSA talk on mobile app security https://t.co/zxDQmnmyz7 #RSAC14 @viaforensics

8:15am March 4th 2014 via Falcon Pro

RT @kapitanpetko: Unlocking Android devices using an OTP via NFC http://t.co/t1xL1SCnvc

8:03am March 4th 2014 via Falcon Pro

viaProtect (public preview release) for Android, handy to detect leaky apps at a glance - https://t.co/IsQXYNvvga

7:33am March 4th 2014 via Falcon Pro

RT @sf2kuroppi: Community Donation Drive for X-MANIA USA and TOURNAMENT OF LEGENDS II: http://t.co/UPshn6hCMj #xmaniausa #tol2 http://t.co/Ma2zDUYlEa

5:33am March 4th 2014 via Falcon Pro