Sign in to follow this
Followers
0
Exploits Android Privilege Escalation
By
1337day-Exploits, in Updated Exploits
-
Similar Content
-
By itsMe
Dexcalibur
Dexcalibur is an Android reverse engineering platform focus on instrumentation automation. Its particularity is to use dynamic analysis to improve static analysis heuristics. It aims to automate boring tasks related to dynamic instrumentation, such as :
Hidden Content
Give reaction to this post to see the hidden content.
Decompile/disass intercepted bytecode at runtime
Write hook code and Manage a lot of hook message
Search interesting pattern/things to hook
Process data gathered by hook (dex file, invoked method, class loader, …)
and so … But not only that, because Dexcalibur has its own static analysis engine and it is able to execute a partial piece of smali.
Features and limitations
Actually, the biggest limitation is Dexcalibur is not able to generate source code of hook targeting native function (into JNI library). However, you can declare manually a Frida’s Interceptor by editing a hook.
Assuming Dexcalibur does not provide (for the moment) features to analyze native parts such as the JNI library or JNA, only features and limitations related to the Java part have been detailed.
Analysis accuracy depends on the completeness of the Android API image used during the early steps of the analysis. That means, if you use a DEX file generated from the Android.jar file from Android SDK, some references to internal methods, fields, or classes from Android java API could be missing. Better results are obtained when the analysis starts from a “boot.oat” file extracted directly from a real device running the expected Android version.
Hidden Content
Give reaction to this post to see the hidden content. Changelog v0.7.8
Fixed issues :
#43, #42 : Better detection and remediation of issues related to target platform and to target device
Improvements :
SmaliParser works on Windows
Add support of Android API 30
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. What you'll learn
Penetration Tests
Privilege Escalation for Windows
Privilege Escalation for Linux
CTF Solutions
Requirements
This is an intermediate to advanced course, please refer to previous courses if you have no cybersecurity fundamental training
Minimum intermediate cyber security knowledge
Minimum beginner Python knowledge
Optional: HackTheBox membership (Only for two sections, thus optional)
Description
Welcome to The Complete Pentesting & Privilege Escalation Course
If you want to become a cyber security professional, if you want to deepen your knowledge in ethical hacking topics, if you are preparing yourself for certifications such as OSCP; then you are at the right place! This is an intermediate to advanced course. If you want to make most of it, you should already have a background in cyber security and Python.
Throughout the course we will solve number of vulnerable machines on Vulnhub, TryHackMe & HackTheBox along with the other platforms. Especially Privilege Escalation topic will be thoroughly explained during the course, which will provide you the best tools if you are studying to get a certification such as OSCP. Furthermore we will not only focus on Linux machines but Windows machines as well.
Training is given by Atil Samancioglu who has more than 200.000 students worldwide on Ethical Hacking & Mobile Application Development topics along with the Codestars serving more than 1 MM students. If you are ready to take your ethical hacking skills to next level you can immediately see the content of the course and enroll today!
Some of the topics that we are going to cover during the course, completely hands-on:
Advanced Linux
CTF Solutions
Linux Privilege Escalation
Windows Privilege Escalation
Kernel Exploit
Suid
Sudo
Cronjobs
Metasploit
Potato Attacks
Brute Force
Meterpreter Shells
Content
This training will be completely hands on experience but without neglecting the theory. We will cover a lot of scenarios when we solve vulnerable machines which you will face a lot during pentests and certification exams. This will be a big step for you to advance your cyber security career.
In order to make most of this course you should have taken The Complete Ethical Hacking Course and similar courses before. You should have a working Kali Linux or a counterpart system already, this will not be covered during the course.
Due to the licensing issues, in the Windows pentest & privilege escalation sections we will need a Hack The Box membership. If you do not want to pay for that, you can always watch the last two sections by only taking notes, without exercising. However you should take into consideration that by exercising you can learn in a better way.
Warning: This course aims to provide a good training for people who want to be cyber security professionals. You should not break the law in any way with the offensive penetration test techniques and you accept the responsibility by taking this course.
Who this course is for:
Students who want to be cyber security professionals
Cyber security professionals who wants to get a certification
Cyber security students who wants to deepen their knowledge about pentests and privilege escalation
Hidden Content
Give reaction to this post to see the hidden content.
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. What you'll learn
Penetration Testing with Android Application
Hacking Mobile Application
Reverse Engineering of APK
Requirements
Learning Mindset
Description
This course includes customized VM with pre-installed tools which will save your time in installing multiple tools required for penetration testing of mobile applications.
- Start from Android architectures basics.
- Get a Customized VM with pre-installed tools
- Automated the Mobile Application Testing Process
- Covers Mobile applications reverse engineering.
- Practice on real world mobile applications.
- Build your own home lab on mobile application security.
- Provides you the skills necessary to perform Penetration tests of mobile applications.
- Automate the process of Mobile Testing
- Cover OWASP Top 10 vulnerabilities
Syallabus includes:-
Syllabus:
Introduction To Mobile Apps.
Mobile Application Security.
Mobile Application Penetration Testing.
The most common areas where we find mobile application data resides.
The Architecture of Android.
The App Sandbox and the Permission Model.
AndroidManifest.xml File.
Android Compilation Process.
Android Startup Process.
Android Application Components.
Setup a testing environment.
Android Debug Bridge (adb).
intercept and analyze the network traffic.
Reversing an Android application.
OWASP top 10 vulnerabilities for mobiles.
Install DIVA (Damn insecure and vulnerable App).
Insecure Logging Issue.
Insecure Data Storage.
Database Insecure Storage.
Insecure Data Storage Inside Temporary Files.
Hardcoding Issues.
NOTE: This course is created for educational purposes only.
Who this course is for:
Penetration testers
Forensers
Mobile App Developers
IT personnel
Anyone who has a personal or professional interest in attacking mobile applications.
All who wants to start their carrier in android security.
Who this course is for:
Android Penetration Testing
Hidden Content
Give reaction to this post to see the hidden content.
Hidden Content
Give reaction to this post to see the hidden content.
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. Update 30.01.2021 - Fusion Edition
You can multiple operation handle; multiple files upload and download, while watch live cam or screen watch, download or upload files multiple.
Builder error fixed. Now there no will be error.
Performance increased.
while Doze Mode (sleep mode) your victim can connect by hand Alarm Manager to server and communicate wtih you.
If server has no internet, victim can re-connect to server while internet avaible on Server.
Snapshot from camera is currently disabled by me. [I'm too lazy for re-coding this for new Socket instance :)].
Added settings for emui devices(huawei, oppo, honor etc....) for background working.
and some bug fixing, performance stabilisations etc......
Version 3
+Added live Camera stream (with resolution,zoom,flash,quality controls and scene,focus,white balance mode)
+Fixed loss data transfer
+Some excess codes have been removed
+Performance has been increased
Hidden Content
Give reaction to this post to see the hidden content.
-