Tweets from January 2016

RT @rene_mobile: Details on CVE-2015-6606 (discovered by Michael Roland from our lab) are now online: https://t.co/qmQRcM1rw5, https://t.co/mm1Md167b2

7:25pm January 31st 2016 via FalconPro3

RT @anestisb: Finally a useful oat de-opt. tool that resolves vtable entries from boot.oat, allowing offline analysis - nice work. https://t.co/WeBdxoLFx7

7:19pm January 31st 2016 via FalconPro3

RT @iamnion: while Samsung just released SMR-JAN-2016 I’m still waiting for SMR-DEC-2015 to hit a device near me #yaymobiledeviceupdates

12:25pm January 29th 2016 via FalconPro3

@ChainfireXDA feel free to use it, I have no objections at all. Haven't tested it on anything other than ARM32.

9:56pm January 28th 2016 via FalconPro3 in reply to ChainfireXDA

@jcase @adumont if usb debugging is enabled you can use the input command to simulate screen taps

9:11pm January 28th 2016 via FalconPro3 in reply to jcase

Android sensord 0day root exploit (tested on LG L7) - https://t.co/aGxbzzF7Jr

8:51pm January 28th 2016 via Twitter Web Client

RT @Dinosn: Android ADB Debug Server Remote Payload Execution https://t.co/KTIuUwgOWF

8:50pm January 28th 2016 via Twitter Web Client

@ChainfireXDA public domain I guess, I forked it from some code I found that contained no license (except the system properties from AOSP)

6:08pm January 28th 2016 via FalconPro3 in reply to ChainfireXDA

RT @laginimaineb: BTW - if anyone wants to check out the exploit code: https://t.co/TwOUucx3M1

2:47pm January 25th 2016 via FalconPro3

RT @laginimaineb: Matlab - specifically, imagesc and/or HeatMap. To acquire the dumps I inject a library which dumps the process's VAS https://t.co/uXFIBDSbxP

2:46pm January 25th 2016 via FalconPro3

RT @laginimaineb: Just published the final post in the zero perms to TrustZone saga: https://t.co/E5UYJfIuyd. Using thermal vision to get code-exec. Enjoy!

11:43pm January 24th 2016 via FalconPro3

RT @marcograss: Exploiting a Linux Kernel Infoleak to bypass Linux kASLR - https://t.co/0mkTvzDymS

9:50pm January 24th 2016 via Twitter Web Client

RT @Maijin212: @__tjf__ New to assembly? Get help ! "?d opcode" & "e asm.describe=true ; e asm.pseudo=true" @radareorg git version https://t.co/VZRaZyUUZg

12:03pm January 24th 2016 via FalconPro3

RT @kapitanpetko: Apparently Nexus kernel debug cables are also open source: https://t.co/Y1UxFWICZf

12:02pm January 24th 2016 via FalconPro3

@mountainmanjed @xer0510yahoocom yes, that is correct, is how raddiff2 (from radare2) presents binary patch output.

4:19am January 24th 2016 via FalconPro3 in reply to mountainmanjed

RT @Fuzion24: Cool! Playing around with the BSD malloc allocator in Copperhead ... seems pretty effective at catching my UAFs: https://t.co/Poeq4s5Rzx

11:14pm January 23rd 2016 via FalconPro3

RT @AndroidTamer: CVE-2016-0728 : Google Response:Patch released : mandatory to get 1-march-2016 patch status : https://t.co/i1slkd3LgJ

11:12pm January 23rd 2016 via FalconPro3

RT @AndroidTamer: Droid-FF (Android fuzzing framework) by @antojosep007 to be presented at @HITBSecConf https://t.co/hrxxz1vI6s

11:16pm January 22nd 2016 via FalconPro3

TIL: equivalent of Linux 'strace -fetrace=open' on OSX is 'dtruss -f -t open' Thanks https://t.co/XiyUKVS0sD

3:52pm January 21st 2016 via Twitter Web Client

CAF browser (npBrowser) is available in Google Play too: https://t.co/0AFvQpVtlT here's an interview with the dev: https://t.co/Uf0kcrVvzG

9:00am January 21st 2016 via Twitter Web Client

@koehntopp i think it's forked from here: https://t.co/Ezmlk6QwpJ no idea if the full src is available. I wouldn't fully trust it :)

8:52am January 21st 2016 via Twitter Web Client in reply to koehntopp

RSBrowser: a fork of CAF Chromium browser (with built-in ad blocker), which is available through Google Play - https://t.co/dSkMtaJvvM

8:45am January 21st 2016 via Twitter Web Client in reply to pof

CAF Chromium Browser: a chromium fork with built-in ad blocker for Android - https://t.co/d0ebSGMWN2

8:08am January 21st 2016 via Twitter Web Client

RT @rpaleari: Did you know there's an in-kernel URL filtering module in your Samsung phone? Oh, and it's buggy... (with @joystick) https://t.co/5EacV9g0l4

7:40am January 21st 2016 via Twitter Web Client

RT @collinrm: Mobile Security News Update January 2016 https://t.co/m9hRFd4n2L #theyearjuststarted

10:11pm January 19th 2016 via FalconPro3

RT @virqdroid: NexMon enables the monitor mode of the bcm4339 Wi-Fi chip on the Nexus 5 - https://t.co/PIRUICU16J

10:03pm January 19th 2016 via FalconPro3

RT @aseemjakhar: Released source code for DIVA Android (Damn Insecure and Vulnerable App) https://t.co/sUam8CWXWo

9:57pm January 19th 2016 via FalconPro3

RT @thegrugq: https://t.co/mMSmoS6Lz5 < what you need to know about baseband security in modern smartphones. It isn't all that bad.

7:40am January 19th 2016 via FalconPro3

RT @RootJunky: Nexus 6P Android Security Patch Level January 1, 2016 bypassed!: https://t.co/dU3SO4T7TD via @YouTube

3:09pm January 15th 2016 via Twitter Web Client

RT @RootJunky: How to Bypass Factory Reset Protection on your Nexus 6P, 5X, 5, & 6: https://t.co/BRKZnzQQzE via @YouTube

3:08pm January 15th 2016 via Twitter Web Client

RT @marcograss: [CVE-2015-7292] Amazon Fire Phone Kernel Stack based Buffer Overflow - my disclosure and writeup https://t.co/fhNorEQEJg

2:57pm January 15th 2016 via Twitter Web Client

RT @jcase: LOL Mediatek/Obi nerfed ALL property space security any user can control any property, even ro ones - https://t.co/QecAHSzaTn

7:09am January 15th 2016 via FalconPro3

RT @CopperheadSec: CopperheadOS's OpenBSD malloc port uncovered a use-after-free in Android's fancy new over-the-air update sorcery: https://t.co/3atsWgn8sm.

6:58am January 15th 2016 via FalconPro3

RT @jcase: Can we really call it FDE on android? https://t.co/pdIrDWWuEE? when its only one partition, and data leaks to other partitions?

6:50am January 15th 2016 via FalconPro3

@ebt_muffinman emu to server, biggest is the size of a game savestate (+tcp headers), size depends on the game (neogeo bigger than capcom).

6:20am January 15th 2016 via FalconPro3 in reply to ebt_muffinman

RT @CopperheadSec: Android now reads over-the-air updates from the encrypted data partition without mounting them via a magical tool: https://t.co/ER0WtgSVTO.

4:34am January 12th 2016 via FalconPro3

RT @binitamshah: GSM-scanner : Spectrum monitoring system for GSM providers : https://t.co/gPIVscEMLT

4:59am January 10th 2016 via FalconPro3

RT @jonoberheide: Great overview (with references) on Intel SGX: https://t.co/yYrgVFzFOV

4:58am January 10th 2016 via FalconPro3

RT @hashcat: Added support to crack Android FDE (Samsung DEK) to oclHashcat v2.10! 171kH/s @ 290x, 217.7 kH/s @ 980Ti: https://t.co/QIAam1aEny

7:23am January 9th 2016 via FalconPro3

RT @NowSecureMobile: Who’s watching you? Our @giantpune spoke to @DarkReading about vulnerable mobile apps for surveillance cameras https://t.co/gunQZ9Olwh

9:22pm January 8th 2016 via FalconPro3

RT @teamcymru: Android-based Smart TVs Hit By Backdoor Spread Via Malicious App #cybersecurity https://t.co/nejvS0Dvb9 https://t.co/zrmW0Pl9dg

9:16pm January 8th 2016 via FalconPro3

@NShogatsu Thank you! ありがとうございます

4:15am January 8th 2016 via FalconPro3 in reply to NShogatsu

@NShogatsu recording from jamma cabinet to android through usb? how is it done? USB経由でアンドロイドするJAMMAキャビネットからの記録?ã

10:47pm January 7th 2016 via FalconPro3 in reply to NShogatsu

@therealundamned if you do add future owners too please! when will my ud-cps2 be ready???

5:58pm January 7th 2016 via FalconPro3 in reply to therealundamned

RT @timstrazz: New post on a vulnerability I found in the #Android Blackphone (BP1) is now up https://t.co/5pKp812zLO CVE-2015-6841

2:18pm January 6th 2016 via FalconPro3

RT @oleavr: My presentation on “Cross-platform reversing with Frida” @noconname 2015: https://t.co/MWXUFs68sX Slides: https://t.co/C8etXAxq64

9:19am January 6th 2016 via FalconPro3

@natronkeltner @afrocheese yup! your work with the HTC exploit was awesome, based half of my preso on it! thanks guys :D

7:25am January 6th 2016 via FalconPro3 in reply to natronkeltner

@laginimaineb awesome! related to the QSEE vuln mentioned in the Nexus Security Bulletin? no English transcript, but slides in English :)

9:58pm January 5th 2016 via FalconPro3 in reply to laginimaineb

RT @laginimaineb: @pof @noconname @Vimeo Thanks for the mention! Is there an English transcript? And BTW - dropping 2 new TrustZone vulns+exploits *very* soon

9:56pm January 5th 2016 via FalconPro3

My presentation about '(Un)Trusted Execution Environments' @noconname 2015: [PDF] https://t.co/vFATxEa7sy video: https://t.co/P9igiTuiVe

3:42pm January 5th 2016 via Twitter Web Client

RT @0xroot: Slides deck for my presentation: My application is an onion, Help me doctor! https://t.co/zL5JuqOAi4

2:29pm January 5th 2016 via FalconPro3

RT @abd_sec: Targeting Android devices and you need "some" information about a spec. device? Here we go: https://t.co/yuG1CgLx0v https://t.co/vTXLQGzfb0

2:29pm January 5th 2016 via FalconPro3

RT @aseemjakhar: DIVA - Damn Insecure and Vulnerable App for Android. Play and give feedback https://t.co/Pf99TtwuIJ

2:22pm January 5th 2016 via FalconPro3

RT @jduck: It's that time of the month again... Security fixes for Android https://t.co/FPnHRSZAZd with some details here https://t.co/ynpcnI2x19

6:31am January 5th 2016 via FalconPro3

RT @zakoshisyoh: スーパーファミコンストリートファイターⅡのバイソンの負け顔のものまね https://t.co/q42MbDr7C2

8:29pm January 4th 2016 via Twitter for Android

RT @zakoshisyoh: スーパーファミコンストリートファイターⅡのエドモンド本田の負け顔のものまね https://t.co/3yDZoLXWbQ

8:29pm January 4th 2016 via Twitter for Android

RT @zakoshisyoh: スーパーファミコンストリートファイターⅡのガイルの負け顔のものまね https://t.co/YoKBDiMfwR

8:29pm January 4th 2016 via Twitter for Android

Nexus Security Bulletin - January 2016: https://t.co/11tQ47m0x3

7:13pm January 4th 2016 via Twitter Web Client

RT @caleb_fenton: Just released dex-oracle, an Android deobfuscation tool: https://t.co/Ej1lPWEcmH

9:32am January 4th 2016 via FalconPro3

@otochun777 no recording?? we want to see video of Mayakon Hawk and Shooting D, etc...

5:23pm January 2nd 2016 via FalconPro3 in reply to otochun777

RT @CopperheadSec: The CopperheadOS building documentation has been updated to cover the necessary steps for verified boot: https://t.co/0QACE4FVZE.

9:01pm January 1st 2016 via FalconPro3