Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer

The other day I had a Litchi flavored ice cream shake. The thing probably didn’t have a single drop of Litchi extract in it, maybe that makes it a false representation of a reality.

Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets. This would happen without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone. SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri

North Korean hacking group Kimsuky (aka Thallium, Black Banshee) first became active in 2012 and has carried out attacks on targets engaged in Media, Research, Politics, and Diplomacy, etc around the world. The group mainly attempts to collect by distributing malware and taking over accounts through spear-phishing attacks. Attacks have mainly targeted Windows, though instances of attacks on Android devices have likewise been discovered.

In November 2020, we found the mobile version of the AppleSeed family used by Kimsuky group. In that sample, the group even called themselves Thallium, a name given by Microsoft. We published our analysis on VB2021 localhost. Unveil the evolution of Kimsuky targeting Android devices

Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices.

MVT is a forensic research tool intended for technologists and investigators. Using it requires understanding the basics of forensic analysis and using command-line tools. This is not intended for end-user self-assessment. If you are concerned with the security of your device please seek expert assistance. Mobile Verification Toolkit

Snake Keylogger is a malware developed using .NET. It’s focused on stealing sensitive information from a victim’s device, including saved credentials, the victim’s keystrokes, screenshots of the victim’s screen, and clipboard data.

The malware usually is delivered by malicious doc and the malware comes packed , so let’s start unpacking. Deep Analysis of Snake Keylogger

palera1n is a work-in-progress script that automates patching tfp0 and booting a dev kernel so that you can successfully jailbreak.

This is a tethered jailbreak, which means the device must be booted using a computer every time, otherwise it won’t boot at all.

However, this can be easily reverted using irecovery -n (and other tools that can kick the device out of recovery mode) (this will remove your jailbreak, however). palera1n, iOS 15.0 - 15.3.1 jailbreak

I won’t give you the exploitable commands in this blog post, but you may gain some knowledge about the tools used for reversing firmwares and doing patch analysis using one of the latest exploit on Google’s phone Pixel 6.

The Pixel 6 has a bug in the bootloader that could make user at risk and that forced google to activate the anti-rollback to prevent any privacy issue. Pixel6: Booting up

It’s time to hold your loved ones
While the chains are loosed and the world
Runs wild.

Requiescat In Pace, February 4, 1928 - October 2, 2022

There’s room for creative expression in all forms of media. “Pop” media is inherently “uncreative” because it is designed to appeal to the masses for profit, so major media executives will not take risks with anything experimental because they might lose profit. But just because most people consume television and games instead of books it doesn’t mean that one medium is better than the other. Rather, they all have their own purpose.

When people try to prove a medium as being good or try to fit a work of art into a medium that it doesn’t fit in, it usually comes off as pretentious. Think of indie games for example, a lot of them are pretentious because they try to push a “deep narrative” in a medium that’s more about interactivity. That’s also why film adaption of novels struggle to be faithful to the original source material - stuff that works in novels doesn’t work in film.

If someone wants to start making films just because movies are more popular right now they need to either disregard the audience or make sure they respect the medium of film, otherwise everything they make will suck.

Oh, wow, only a few hours after tweeting that this needed to be “ironed out”, SpecterDev has now published his implementation of the PS5 IPV6 Kernel exploit!

This release relies on the Webkit vulnerability as an entry point, meaning it will work on any PS5 (including PS5 Digital edition) running firmware 4.03. Lower firmwares might work (although the exploit might need tweaking). Higher firmwares will not work at the moment (they are not vulnerable to the Webkit exploit) PS5 Kernel exploit + Webkit vulnerability for Firmware 4.03

Insular is a sandbox environment to clone selected apps and isolate them from accessing your personal data outside the sandbox (including call logs, contacts, photos and etc) even if related permissions are granted. Device-bound data (SMS, IMEI and etc) is still accessible.

Isolated app can be frozen on demand, with launcher icon vanish and its background behaviors completely blocked. Insular

Give thanks to the Sin,
for without it Man would know not the extent of his own Joy.
The contrast of the valley accentuates the height of the hill.

Propaganda is the last-ditch effort to unite morality with interests. Fascism is the abandonment or transformation of morality to serve interests.

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. Cross Site Scripting (XSS) Vulnerability Payload List

You need to stop blaming your parents for the way you turned out. Your parents probably did the best they could for you.

Hello everyone! Until seeing this blog from _n1ghtw0lf, I did not know that we can use YARA rules for configuration extraction. He wrote a YARA rule for dotnet samples using dotnet and a custom module. Then, it is inspired me to do the same thing for other kinds of samples besides samples that are written in dotnet. However, I could not find any module that gets the data at the given offset. Thus, I decided to write my own helper. Also, I will give an example YARA rule that uses this module to extract the Danabot sample’s configuration. Configuration Extraction with YARA

If you opened the sample in JEB decompiler, you will find classes names are obfuscated and contains nop code which makes the analysis of the code more harder and it’s an indicator that the sample is packed. So we need to get the decrypted payload. We will use this script with Frida to get the payload. Technical analysis of Alien Android malware

QR codes are 2-dimensional bar codes that encode arbitrary text strings. A common use of QR codes is to encode URLs so that people can scan a QR code (for example, on an advertising poster, building roof, volleyball bikini, belt buckle, or airplane banner) to load a web site on a cell phone instead of having to ’type’ in a URL.

QR codes are encoded using Reed-Solomon error-correcting codes, so that a QR scanner does not have to see every pixel correctly in order to decode the content. The error correction makes it possible to introduce a few errors (fewer than the maximum that the algorithm can fix) in order to make an image. QArt Codes

CVE-2021-1961 is a vulnerability I discovered in the communication protocol of Qualcomm’s TrustZone (QSEE). It allows you to corrupt memory management data in the protocol, which I exploited into instructing the TrustZone to modify the Android kernel memory, thus achieving arbitrary read/write primitives over physical memory addresses. I turned this powerful primitive into a reliable exploit that works out of the box without the need to be adapted per device/version. Attacking the Android kernel using the Qualcomm TrustZone