-
Dear all,
I am wondering is there any method to prevent an Android application to execute "_exit(0);" command from native shared object library?
Once the Android application is opened, an exit(0) …
bwmob updated
5 years ago
-
With Android Oreo, you now have new broadcast (implicit intent) limitations, as well as limitations as a background service. This will influence how the rogue apps might be able to get to your intents…
-
What about mentioning https://github.com/reddr/LibScout in 0x05i -> ## Checking for Weaknesses in Third Party Libraries (MSTG-CODE-5) ?
Let's verify its effectiveness first before including it.
-
One thing we might want to add to the MSTG is that we should, optionally, try to limit the information shared through notifications when they have a high confidentiality.
-
Platform:
Android/iOS
Description:
Evaluate Dwarf (http://www.giovanni-rocca.com/dwarf/) and check if it makes sense to add to MSTG. If it does add it to 0x05c/0x6c.
-
Hi there!
Great project. It would be great to also map all the Mobile vulnerabilities from [OWASP's MASVS](https://mas.owasp.org/MASVS/).
How were the ASVS json's generated? Maybe I could try to…
-
Evaluate Dexcalibur (https://github.com/FrenchYeti/dexcalibur/wiki/Gallery) and check if it makes sense to add to MSTG. If it does add it to 0x05b.
https://www.youtube.com/watch?v=2dGoolvMEpI
-
A new security feature `Android Protected Confirmation` has arrived to Android P. This can help with non-repudiation and alike. Time to start a write up about it and see how we can best relate this to…
-
**Describe the issue**
Mitigating steps to address a new attack form NCC against Qualcomm backed key stores should be added to MSTG.
https://www.nccgroup.trust/us/our-research/private-key-extract…
-
Can you check if some of the below techniques taken from [here](https://github.com/darvincisec/AntiDebugandMemoryDump)
can be included ?
1. Check for JDWP string in /proc/self/task/comm as an indica…