mirror of
https://github.com/vaib25vicky/awesome-mobile-security.git
synced 2024-10-01 06:35:35 -04:00
Update README.md
This commit is contained in:
parent
ba4604b59b
commit
33f01e8449
64
README.md
64
README.md
@ -6,7 +6,7 @@ Maintained by [@vaib25vicky](https://twitter.com/vaib25vicky) with contributions
|
|||||||
|
|
||||||
## Android
|
## Android
|
||||||
|
|
||||||
### General
|
### General - Blogs, Papers, How To's
|
||||||
|
|
||||||
* [An Android Hacking Primer](https://medium.com/swlh/an-android-hacking-primer-3390fef4e6a0)
|
* [An Android Hacking Primer](https://medium.com/swlh/an-android-hacking-primer-3390fef4e6a0)
|
||||||
* [Secure an Android Device](https://source.android.com/security)
|
* [Secure an Android Device](https://source.android.com/security)
|
||||||
@ -21,6 +21,22 @@ Maintained by [@vaib25vicky](https://twitter.com/vaib25vicky) with contributions
|
|||||||
* [Android Security Guidelines](https://developer.box.com/en/guides/security/)
|
* [Android Security Guidelines](https://developer.box.com/en/guides/security/)
|
||||||
* [Android WebView Vulnerabilities](https://pentestlab.blog/2017/02/12/android-webview-vulnerabilities/)
|
* [Android WebView Vulnerabilities](https://pentestlab.blog/2017/02/12/android-webview-vulnerabilities/)
|
||||||
* [OWASP Mobile Top 10](https://www.owasp.org/index.php/OWASP_Mobile_Top_10)
|
* [OWASP Mobile Top 10](https://www.owasp.org/index.php/OWASP_Mobile_Top_10)
|
||||||
|
* [Practical Android Phone Forensics](https://resources.infosecinstitute.com/practical-android-phone-forensics/)
|
||||||
|
* [Mobile Reverse Engineering Unleashed](http://www.vantagepoint.sg/blog/83-mobile-reverse-engineering-unleashed)
|
||||||
|
* [Android Root Detection Bypass Using Objection and Frida Scripts](https://medium.com/@GowthamR1/android-root-detection-bypass-using-objection-and-frida-scripts-d681d30659a7)
|
||||||
|
* [quark-engine - An Obfuscation-Neglect Android Malware Scoring System](https://github.com/quark-engine/quark-engine)
|
||||||
|
* [Root Detection Bypass By Manual Code Manipulation.](https://medium.com/@sarang6489/root-detection-bypass-by-manual-code-manipulation-5478858f4ad1)
|
||||||
|
* [Application and Network Usage in Android](https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1528491463.pdf)
|
||||||
|
* [GEOST BOTNET - the discovery story of a new Android banking trojan](http://public.avast.com/research/VB2019-Garcia-etal.pdf)
|
||||||
|
* [Mobile Pentesting With Frida](https://drive.google.com/file/d/1JccmMLi6YTnyRrp_rk6vzKrUX3oXK_Yw/view)
|
||||||
|
* [Magisk Systemless Root - Detection and Remediation](https://www.mobileiron.com/en/blog/magisk-android-rooting)
|
||||||
|
* [AndrODet: An adaptive Android obfuscation detector](https://arxiv.org/pdf/1910.06192.pdf)
|
||||||
|
* [Hands On Mobile API Security](https://hackernoon.com/hands-on-mobile-api-security-get-rid-of-client-secrets-a79f111b6844)
|
||||||
|
* [Zero to Hero - Mobile Application Testing - Android Platform](https://nileshsapariya.blogspot.com/2016/11/zero-to-hero-mobile-application-testing.html)
|
||||||
|
* [How to use FRIDA to bruteforce Secure Startup with FDE-encryption on a Samsung G935F running Android 8](https://github.com/Magpol/fridafde)
|
||||||
|
* [Android Malware Adventures](https://docs.google.com/presentation/d/1pYB522E71hXrp4m3fL3E3fnAaOIboJKqpbyE5gSsOes/edit)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
### Books
|
### Books
|
||||||
|
|
||||||
@ -83,9 +99,12 @@ Maintained by [@vaib25vicky](https://twitter.com/vaib25vicky) with contributions
|
|||||||
* [PATDroid - Collection of tools and data structures for analyzing Android applications](https://github.com/mingyuan-xia/PATDroid)
|
* [PATDroid - Collection of tools and data structures for analyzing Android applications](https://github.com/mingyuan-xia/PATDroid)
|
||||||
* [AndroL4b - Android security virtual machine based on ubuntu-mate](https://github.com/sh4hin/Androl4b)
|
* [AndroL4b - Android security virtual machine based on ubuntu-mate](https://github.com/sh4hin/Androl4b)
|
||||||
* [Radare2 - Unix-like reverse engineering framework and commandline tools](https://github.com/radareorg/radare2)
|
* [Radare2 - Unix-like reverse engineering framework and commandline tools](https://github.com/radareorg/radare2)
|
||||||
|
* [Cutter - Free and Open Source RE Platform powered by radare2](https://cutter.re/)
|
||||||
* [yteCodeViewer - Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger)](https://bytecodeviewer.com/)
|
* [yteCodeViewer - Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger)](https://bytecodeviewer.com/)
|
||||||
* [Mobile-Security-Framework MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF)
|
* [Mobile-Security-Framework MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF)
|
||||||
* [CobraDroid - Custom build of the Android operating system geared specifically for application security ](https://thecobraden.com/projects/cobradroid/)
|
* [CobraDroid - Custom build of the Android operating system geared specifically for application security ](https://thecobraden.com/projects/cobradroid/)
|
||||||
|
* [Magisk v20.2 - Root & Universal Systemless Interface](https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445)
|
||||||
|
|
||||||
|
|
||||||
#### Android Online APK Analyzers
|
#### Android Online APK Analyzers
|
||||||
|
|
||||||
@ -150,12 +169,21 @@ Maintained by [@vaib25vicky](https://twitter.com/vaib25vicky) with contributions
|
|||||||
* [Android-Reports-and-Resources](https://github.com/B3nac/Android-Reports-and-Resources/blob/master/README.md)
|
* [Android-Reports-and-Resources](https://github.com/B3nac/Android-Reports-and-Resources/blob/master/README.md)
|
||||||
* [android-security-awesome](https://github.com/ashishb/android-security-awesome)
|
* [android-security-awesome](https://github.com/ashishb/android-security-awesome)
|
||||||
* [Android Penetration Testing Courses](https://medium.com/mobile-penetration-testing/android-penetration-testing-courses-4effa36ac5ed)
|
* [Android Penetration Testing Courses](https://medium.com/mobile-penetration-testing/android-penetration-testing-courses-4effa36ac5ed)
|
||||||
|
* [Lesser-known Tools for Android Application PenTesting](https://captmeelo.com/pentest/2019/12/30/lesser-known-tools-for-android-pentest.html)
|
||||||
|
* [android-device-check - a set of scripts to check Android device security configuration](https://github.com/nelenkov/android-device-check)
|
||||||
|
* [apk-mitm - a CLI application that prepares Android APK files for HTTPS inspection](https://github.com/shroudedcode/apk-mitm)
|
||||||
|
* [Andriller - is software utility with a collection of forensic tools for smartphones](https://github.com/den4uk/andriller)
|
||||||
|
* [Dexofuzzy: Android malware similarity clustering method using opcode sequence-Paper](https://www.virusbulletin.com/virusbulletin/2019/11/dexofuzzy-android-malware-similarity-clustering-method-using-opcode-sequence/)
|
||||||
|
* [Chasing the Joker](https://docs.google.com/presentation/d/1sFGAERaNRuEORaH06MmZKeFRqpJo1ol1xFieUa1X_OA/edit#slide=id.p1)
|
||||||
|
* [Side Channel Attacks in 4G and 5G Cellular Networks-Slides](https://i.blackhat.com/eu-19/Thursday/eu-19-Hussain-Side-Channel-Attacks-In-4G-And-5G-Cellular-Networks.pdf)
|
||||||
|
* [Shodan.io-mobile-app for Android](https://github.com/PaulSec/Shodan.io-mobile-app)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## iOS
|
## iOS
|
||||||
|
|
||||||
### General
|
### General - Blogs, Papers, How to's
|
||||||
|
|
||||||
* [iOS Security](https://www.cse.wustl.edu/~jain/cse571-14/ftp/ios_security/index.html)
|
* [iOS Security](https://www.cse.wustl.edu/~jain/cse571-14/ftp/ios_security/index.html)
|
||||||
* [Basic iOS Apps Security Testing lab](https://medium.com/@ehsahil/basic-ios-apps-security-testing-lab-1-2bf37c2a7d15)
|
* [Basic iOS Apps Security Testing lab](https://medium.com/@ehsahil/basic-ios-apps-security-testing-lab-1-2bf37c2a7d15)
|
||||||
@ -164,6 +192,22 @@ Maintained by [@vaib25vicky](https://twitter.com/vaib25vicky) with contributions
|
|||||||
* [IOS_Application_Security_Testing_Cheat_Sheet](https://www.owasp.org/index.php/IOS_Application_Security_Testing_Cheat_Sheet)
|
* [IOS_Application_Security_Testing_Cheat_Sheet](https://www.owasp.org/index.php/IOS_Application_Security_Testing_Cheat_Sheet)
|
||||||
* [OWASP iOS Basic Security Testing](https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06b-basic-security-testing)
|
* [OWASP iOS Basic Security Testing](https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06b-basic-security-testing)
|
||||||
* [Dynamic analysis of iOS apps w/o Jailbreak](https://medium.com/@ansjdnakjdnajkd/dynamic-analysis-of-ios-apps-wo-jailbreak-1481ab3020d8)
|
* [Dynamic analysis of iOS apps w/o Jailbreak](https://medium.com/@ansjdnakjdnajkd/dynamic-analysis-of-ios-apps-wo-jailbreak-1481ab3020d8)
|
||||||
|
* [iOS Application Injection](https://arjunbrar.com/post/ios-application-injection)
|
||||||
|
* [Low-Hanging Apples: Hunting Credentials and Secrets in iOS Apps](https://spaceraccoon.dev/low-hanging-apples-hunting-credentials-and-secrets-in-ios-apps)
|
||||||
|
* [Checkra1n Era - series](https://blog.digital-forensics.it/)
|
||||||
|
* [BFU Extraction: Forensic Analysis of Locked and Disabled iPhones](https://blog.elcomsoft.com/2019/12/bfu-extraction-forensic-analysis-of-locked-and-disabled-iphones/)
|
||||||
|
* [HowTo-decrypt-Signal.sqlite-for-IOS](https://github.com/Magpol/HowTo-decrypt-Signal.sqlite-for-IOS)
|
||||||
|
* [Can I Jailbreak?](https://canijailbreak.com/)
|
||||||
|
* [How to Extract Screen Time Passcodes and Voice Memos from iCloud](https://blog.elcomsoft.com/2019/10/how-to-extract-screen-time-passcodes-and-voice-memos-from-icloud/)
|
||||||
|
* [Reverse Engineering Swift Apps](https://github.com/iOS-Reverse-Engineering-Dev/Swift-Apps-Reverse-Engineering/blob/master/Reverse%20Engineering%20Swift%20Applications.pdf)
|
||||||
|
* [Mettle your iOS with FRIDA](https://sensepost.com/blog/2019/mettle-your-ios-with-frida/)
|
||||||
|
* [A run-time approach for pentesting iOS applications](https://blog.securelayer7.net/a-run-time-approach-for-pen-testing-ios-applications-part-ii-objection-in-action/)
|
||||||
|
* [iOS Internals vol 2](http://newosxbook.com/bonus/iBoot.pdf)
|
||||||
|
* [Understanding usbmux and the iOS lockdown service](https://medium.com/@jon.gabilondo.angulo_7635/understanding-usbmux-and-the-ios-lockdown-service-7f2a1dfd07ae)
|
||||||
|
* [A Deep Dive into iOS Code Signing](https://blog.umangis.me/a-deep-dive-into-ios-code-signing/)
|
||||||
|
* [AirDoS: remotely render any nearby iPhone or iPad unusable](https://kishanbagaria.com/airdos/)
|
||||||
|
* [How to access and traverse a #checkra1n jailbroken iPhone File system using SSH](https://aboutdfir.com/jailbreaking-checkra1n-configuration/)
|
||||||
|
|
||||||
|
|
||||||
### Books
|
### Books
|
||||||
|
|
||||||
@ -185,6 +229,7 @@ Maintained by [@vaib25vicky](https://twitter.com/vaib25vicky) with contributions
|
|||||||
### Tools
|
### Tools
|
||||||
|
|
||||||
* [Cydia Impactor](http://www.cydiaimpactor.com/)
|
* [Cydia Impactor](http://www.cydiaimpactor.com/)
|
||||||
|
* [checkra1n jailbreak](https://checkra.in/)
|
||||||
* [idb - iOS App Security Assessment Tool](https://www.idbtool.com/)
|
* [idb - iOS App Security Assessment Tool](https://www.idbtool.com/)
|
||||||
* [Frida](https://github.com/frida/frida/releases)
|
* [Frida](https://github.com/frida/frida/releases)
|
||||||
* [Objection - mobile exploration toolkit by Frida](https://github.com/sensepost/objection)
|
* [Objection - mobile exploration toolkit by Frida](https://github.com/sensepost/objection)
|
||||||
@ -197,6 +242,10 @@ Maintained by [@vaib25vicky](https://twitter.com/vaib25vicky) with contributions
|
|||||||
* [Burp Suite](https://portswigger.net/burp/communitydownload)
|
* [Burp Suite](https://portswigger.net/burp/communitydownload)
|
||||||
* [Cycript](https://cydia.saurik.com/api/latest/3)
|
* [Cycript](https://cydia.saurik.com/api/latest/3)
|
||||||
* [needle - The iOS Security Testing Framework](https://github.com/FSecureLABS/needle)
|
* [needle - The iOS Security Testing Framework](https://github.com/FSecureLABS/needle)
|
||||||
|
* [iLEAPP - iOS Logs, Events, And Preferences Parser](https://github.com/abrignoni/iLEAPP)
|
||||||
|
* [Cutter - Free and Open Source RE Platform powered by radare2](https://cutter.re/)
|
||||||
|
* [decrypt0r - automatically download and decrypt SecureRom stuff](https://github.com/shinvou/decrypt0r)
|
||||||
|
* [iOS Security Suite - an advanced and easy-to-use platform security & anti-tampering library](https://github.com/securing/IOSSecuritySuite)
|
||||||
|
|
||||||
### Labs
|
### Labs
|
||||||
|
|
||||||
@ -216,6 +265,14 @@ Maintained by [@vaib25vicky](https://twitter.com/vaib25vicky) with contributions
|
|||||||
* [Remotely Compromising iOS via Wi-Fi and Escaping the Sandbox](https://www.youtube.com/watch?v=bP5VP7vLLKo)
|
* [Remotely Compromising iOS via Wi-Fi and Escaping the Sandbox](https://www.youtube.com/watch?v=bP5VP7vLLKo)
|
||||||
* [Reverse Engineering iOS Mobile Apps](https://www.bugcrowd.com/resources/webinars/reverse-engineering-ios-mobile-apps/)
|
* [Reverse Engineering iOS Mobile Apps](https://www.bugcrowd.com/resources/webinars/reverse-engineering-ios-mobile-apps/)
|
||||||
* [iOS 10 Kernel Heap Revisited](https://www.youtube.com/watch?v=DNW6Im31lQo)
|
* [iOS 10 Kernel Heap Revisited](https://www.youtube.com/watch?v=DNW6Im31lQo)
|
||||||
|
* [KTRW: The journey to build a debuggable iPhone](https://media.ccc.de/v/36c3-10806-ktrw_the_journey_to_build_a_debuggable_iphone)
|
||||||
|
* [The One Weird Trick SecureROM Hates](https://media.ccc.de/v/36c3-11238-the_one_weird_trick_securerom_hates)
|
||||||
|
* [Tales of old: untethering iOS 11-Spoiler: Apple is bad at patching](https://media.ccc.de/v/36c3-11034-tales_of_old_untethering_ios_11)
|
||||||
|
* [Messenger Hacking: Remotely Compromising an iPhone through iMessage](https://media.ccc.de/v/36c3-10497-messenger_hacking_remotely_compromising_an_iphone_through_imessage)
|
||||||
|
* [Recreating An iOS 0-Day Jailbreak Out Of Apple's Security Updates](https://www.youtube.com/watch?v=p512McKXukU)
|
||||||
|
* [Reverse Engineering the iOS Simulator’s SpringBoard](https://vimeo.com/231806976)
|
||||||
|
* [Attacking iPhone XS Max](https://www.youtube.com/watch?v=8cOx7vfszZU&feature=youtu.be)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
### Misc.
|
### Misc.
|
||||||
@ -223,4 +280,7 @@ Maintained by [@vaib25vicky](https://twitter.com/vaib25vicky) with contributions
|
|||||||
* [Most usable tools for iOS penetration testing](https://github.com/ansjdnakjdnajkd/iOS)
|
* [Most usable tools for iOS penetration testing](https://github.com/ansjdnakjdnajkd/iOS)
|
||||||
* [iOS-Security-Guides](https://github.com/0xmachos/iOS-Security-Guides)
|
* [iOS-Security-Guides](https://github.com/0xmachos/iOS-Security-Guides)
|
||||||
* [osx-security-awesome - OSX and iOS related security tools](https://github.com/ashishb/osx-and-ios-security-awesome)
|
* [osx-security-awesome - OSX and iOS related security tools](https://github.com/ashishb/osx-and-ios-security-awesome)
|
||||||
|
* [Trust in Apple's Secret Garden: Exploring & Reversing Apple's Continuity Protocol-Slides](https://i.blackhat.com/eu-19/Thursday/eu-19-Yen-Trust-In-Apples-Secret-Garden-Exploring-Reversing-Apples-Continuity-Protocol-3.pdf)
|
||||||
|
* [Apple Platform Security](https://manuals.info.apple.com/MANUALS/1000/MA1902/en_US/apple-platform-security-guide.pdf)
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user