Whapa is an android whatsapp database parser that automates the process. The main purpose of whapa is to present the data handled by the Sqlite…
Link: http://seclist.us/whapa-is-an-android-whatsapp-database-parser-that-automates-the-process.html
Tag: Mobile Security
Nate Cardozo, Attorney with EFF Talks Encryption at RSA Conference 2018
Threatpost talks to crypto expert Nate Cardozo, senior staff attorney with the Electronic Frontier Foundation at RSA Conference 2018 about the U.S. government’s current position on device encryption and law enforcement’s use of iPhone passcode cracker called GreyKey.
Millions of Apps Leak Private User Data Via Leaky Ad SDKs
Mobile apps leak personal data via insecure ads that transmit ad-targeting data insecurely.
Link: https://threatpost.com/millions-of-apps-leak-private-user-data-via-leaky-ad-sdks/131251/
Millions of Apps Leak Private User Data Via Leaky Ad SDKs
Mobile apps leak personal data via insecure ads that transmit ad-targeting data insecurely.
Link: https://threatpost.com/millions-of-apps-leak-private-user-data-via-leaky-ad-sdks/131224/
Google Play Boots Three Malicious Apps From Marketplace Tied to APTs
Researchers said three apps used to surveil Middle East targets were booted from the Google Play marketplace.
Link: https://threatpost.com/google-play-boots-three-malicious-apps-from-marketplace-tied-to-apts/131214/
Intel Tells Remote Keyboard Users to Delete App After Critical Bug Found
Intel said it is lights out for its Remote Keyboard app just as security researchers find three vulnerabilities that let local attackers inject keystrokes in sessions.
Google’s April Android Security Bulletin Warns of 9 Critical Bugs
Google updates its Android OS to address its own OS and component partners Qualcomm and Broadcom.
Link: https://threatpost.com/googles-april-android-security-bulletin-warns-of-9-critical-bugs/130936/
Cloudflare Launches Publicly DNS-Over-HTTPS Service
Clouldflare launches DNS-over-HTTPS service called 1.1.1.1 that it says will be a “privacy-first” DNS service for consumers.
Link: https://threatpost.com/cloudflare-launches-publicly-dns-over-https-service/130900/
Under Armour Reports Massive Breach of 150 Million MyFitnessPal Accounts
Under Armour is getting kudos for disclosing breach within weeks, but concerns remain over an unknown portion of credentials reportedly stored using the weak SHA-1 hashing function.
Adhrit – Android APK Reversing And Analysis Tool That Can Help Secuity Researchers And CTF Enthusiasts Alike
Adhrit is an open source Android APK reversing and analysis tool that can help security researchers and CTF enthusiasts alike. The tool is an effort to cut down on the amount of time spent on reversing and basic reconnaissance of Android applications. The project is still under progress and will continually incorporate features with time.USES:Extracts the apk contents.Disassembles native librariesExtracts jar out of dex.Extracts source code in Java.Extracts source code in Smali.Recompiles smali into APKSigns the APKChecks for bytecode injection points.Analyzes permissions used by the application.Dumps the Manifest.Dumps the certificate details.Checks for malware footprints in the VirusTotal database.PRE-REQUISITES:Linux or MACJava JDKUSAGE:Dowload the zip or clone the package and extract the tool ( git clone https://github.com/abhi-r3v0/Adhrit.git ).Place the application in the tool directory.Open a terminal and cd into the directory.Run python installer.py for installing the necessary tools.Use python adhrit.py -h for usage help.Example: python adhrit.py -a my_app.apkSCREENSHOTS:NOTE:Filenames with two ‘.’ may give an error. Please rename the apk in such cases. For example, if your file name is my.app.apk, rename it to myapp.apkDownload Adhrit
Link: http://feedproxy.google.com/~r/PentestTools/~3/tudpJ4mJKJI/adhrit-android-apk-reversing-and.html