Dropping exploit code from my DEF CON 33 talk: Recursive Request Exploits (RRE)
TL;DR: Trace API calls backward from a protected resource. If any upstream API is unauthenticated, you can bypass access to the whole chain.
https://t.co/SitI81GAUO
I built Comment Crusader, a Burp Suite extension to uncover one of the more overlooked sources of data leaks in web apps: developer comments. Will be released this month.
Enjoy a quick teaser.
Thrilled to share that my former Android Red Team has hit a major milestone with their first blog post! They detailed the exploitation of Android Binder (CVE-2023-20938), achieving root privileges on updated devices.
Read more: https://t.co/ceqPzeB0Ne
I presented a lightning talk at Google Cloud Security Talks today focused on how our Android Red Team was able to attack modem chips to help drive important baseband mitigations in Android 12+
If you're interested in just the exploit demo, skip to 9:40
https://t.co/cVaYoBglpf
I'll be presenting on the state of Pixel cellular security at Google Cloud Security Talks on Oct 25th. Please register if interested!
https://t.co/ba3w2xm0kr
Our Android Red Team's #defcon31 talk "Over the Air Under the Radar. Attacking and Securing the Pixel Modem" was just posted. Check it out!
https://t.co/Q7rJtMeqAG
Excited to read "The Android Malware Handbook" by co-authors and colleagues Sebastian Porst and Salvador Mandujano on Android malware detection and analysis. It covers reversing, app static and dynamic analysis with hand on examples. Pre-order now!
https://t.co/2vUwBuJla4
Our Android Attack Tools team (an arm of Android Red Team) just published this article on continuous fuzzing. If your company is new to the fuzzing game and are looking for a recipe to build from, this is an excellent read.
https://t.co/ZIbAdb89F5
Heard on a call today debating the pros and cons of fuzzing:
"Fuzzing is just an expensive way to warm your living room in winter"
Well said. It's both a pro and a con.
PoC how to trigger Remote Code Execution in Over-the-Air attack targeting Google Pixel 6 #RCE
Victim perspective: Connect to attacker's fake base station -> receive call -> PWND!
Slides: https://t.co/kqUKteGrJD
Demo: https://t.co/ZB3XMdfoTA via @jumpycastle@vxradius
Over the air (OTA) RCE proof of concept targeting the Pixel 6 modem demonstrated during our Black Hat and DEFCON talks last week @vxradius
This has been patched 👍
https://t.co/9H9Zhq1gnQ
If you saw our presentation on Red Teaming the Pixel modem at Black Hat and DEFCON this week, we referenced an article that directly captures the mitigations introduced in Android 14.
Big steps forward for cellular security.
https://t.co/QA5GOx70k4
Our Black Hat and DEF CON talks are coming up this week. See you all there!
Title: Over the Air, Under the Radar. Attack and Securing the Pixel Modem
#blackhat : 3:20 pm Weds (Oceanside C)
#defcon: 1:00 pm Fri (Track 2)
Come see our Android Red Team's review of the Pixel modem at DEF CON. We'll be demoing a full PoC of OTA RCE (all patched)
Talk title: Over the Air, Under the Radar
https://t.co/vQfv8O9JEU
Excited to announce our #Android#RedTeam was accepted to speak at both #BlackHat USA and #defcon31. We will be presenting "Over the Air, Under the Radar" covering attack surface we identified and mitigated on cellular comms
Stop by if you're there!
https://t.co/9Z8M8Tf2Dd