Episode 14: Mobile Hacking Dynamic Analysis w/ Frida + Random Hacker Stuff
Critical Thinking - Bug Bounty Podcast - Un pódcast de Justin Gardner (Rhynorater) & Joel Margolis (teknogeek) - Jueves
Categorías:
Episode 14: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Dynamic Analysis within Mobile Hacking and a bunch of random hacker stuff. It's a good time. Enjoy the pod.Follow us on Twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on Twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterJoel’s Alternative to UberTooth One:https://www.amazon.com/Bluetooth-UD100-G03-Exchangeable-Bluesoleil-Microsoft/dp/B0161B5ATMD3monDev’s Burp VPS Plug-in:https://github.com/d3mondev/burp-vps-proxyFireProx:https://github.com/ustayready/fireproxJoel’s Universal SSL De-pinning Frida Script:https://gist.github.com/teknogeek/4dc35fb3801bd7f13e5f0da5b784c725Command-line Fuzzy Finder:https://github.com/junegunn/fzfJustin’s two article recommendations for using Frida:https://tinyurl.com/5n94d6ryhttps://tinyurl.com/yfy3n5f5Copy screen of physical device:https://tinyurl.com/ymdrscm5Flipper:https://flipperzero.one/BetterCap BLE Module:https://www.bettercap.org/modules/ble/Timestamps:(00:00:00) Intro(00:00:55) Hacker Chats(00:03:27) Podcast Content Commentary(00:04:09) SSRF Rebinding Error Confession(00:06:02) Flipper Zero(00:07:58) Bettercap BLE(00:09:36) Sena USB Bluetooth Adapter(00:12:41) Burp VPS Proxy Plugin(00:13:55) Fireprox(00:15:40) Dynamic Mobile Hacking(00:17:40) Dynamic Analysis Overview(00:18:18) Emulator Talk(00:24:29) Joel’s APK Analysis Flow(00:26:30) Cert Pinning(00:32:17) Joel’s SSL Cert Pinning Script(00:35:29) Hands-on look at Frida(00:50:11) Frida on Non-rooted Devices(00:58:22) Tracing Errors to Overwritable Functions(01:00:39) Native Libraries(01:09:18) GenyMobile Screen Mirroring Tool(01:11:50) Justin’s Report of the Day and Custom SSL Pinning(01:18:15) Joel’s First Ever Bug, Jailbreak Detection Bypass