-
A new security feature `Android Protected Confirmation` has arrived to Android P. This can help with non-repudiation and alike. Time to start a write up about it and see how we can best relate this to…
-
One thing we might want to add to the MSTG is that we should, optionally, try to limit the information shared through notifications when they have a high confidentiality.
-
Platform:
Android/iOS
Description:
Evaluate Dwarf (http://www.giovanni-rocca.com/dwarf/) and check if it makes sense to add to MSTG. If it does add it to 0x05c/0x6c.
-
Can you check if some of the below techniques taken from [here](https://github.com/darvincisec/AntiDebugandMemoryDump)
can be included ?
1. Check for JDWP string in /proc/self/task/comm as an indica…
-
Evaluate Dexcalibur (https://github.com/FrenchYeti/dexcalibur/wiki/Gallery) and check if it makes sense to add to MSTG. If it does add it to 0x05b.
https://www.youtube.com/watch?v=2dGoolvMEpI
-
I was curious if this could be achieved by using a `MediaStreamTrackGenerator`. I build a little demo for it.
https://stackblitz.com/edit/js-1jfqfv?file=index.js,index.html
It uses a canvas to r…
-
**Describe the issue**
Mitigating steps to address a new attack form NCC against Qualcomm backed key stores should be added to MSTG.
https://www.nccgroup.trust/us/our-research/private-key-extract…
-
**Describe the issue**
Maybe it is worth to take a look and investigate this tool: https://www.kitploit.com/2020/02/gda-android-reversing-tool-new.html
I think we haven't mentioned it anywhere in MS…
-
With Android Oreo, the way you can handle shared memory (Securely) has changed. time to udpate the MSTG! https://developer.android.com/about/versions/oreo/android-8.1
Let's check the platform intera…
-
You can now test whether the user is allowed to install unknown sources. This can help in checking the security posture of the device. It is a good idea to raise awareness with android developers to c…