?? ????’???? ????????????! ???????????? ?????????????? ?????? ???? ?????????????? ?????? ?????? ?????? ?????????????????? ?? ???????????? ???????????????? ???????????????????? With a track record of real vulnerability findings (mobile, IoT, or low-level binaries). ?? ???????????? & ???? ?????????????????? Someone who can build AI agents and bring them to life in real web applications. We move fast, experiment a lot, and build things that matter. Want to know more? Apply here and we will reach out! ?? https://lnkd.in/eFziZun6 #mobilesecurity #offensivesecurity #redteaming
关于我们
?? ???????????? ???????????????? ??????????????????: ?????????????????? ?????????????????? ???? ???????????? ?????????????? ?????? ?? At Mobile Hacking Lab, we redefine mobile security training. Our courses offer unmatched expertise in areas like arm64 assembly, reverse engineering, and exploit mobile development. Our state-of-the-art Labs environment, equipped with the latest arm64 Android and iOS devices including cloud VMs, provides a practical, immersive learning experience. We're dedicated to keeping you at the forefront of mobile security through hands-on training, lifetime access to materials, and continuous updates. ???????? ???????? ???? ??????????: Immerse yourself in our state-of-the-art Labs environment, a dynamic space equipped with the latest arm64 Android and iOS devices and cloud VMs. Our courses offer more than just theoretical knowledge - they provide a hands-on, practical learning experience. Our commitment extends beyond the training period, offering lifetime access to course materials and continuous updates to keep you at the forefront of mobile security. ???????????????? ???? ??????????: ? Explore real-world scenarios with our Free Labs ? Android Userland Fuzzing and Exploitation Course ? Current and upcoming Offensive Mobile Security Training Courses ?????? ???????????? ???????????? ?????????????? ??????: ? Expertise: Unmatched knowledge in offensive mobile security domains ? Practical Learning: Hands-on experience in a state-of-the-art environment ? Lifetime Access: Continuous support with access to course materials ? Continuous Updates: Stay ahead with the latest in mobile security Ready to Elevate Your Mobile Security Game? Explore more about us and our offerings: ?? https://www.mobilehackinglab.com/courses ?? Your journey to mobile security excellence starts here. Dive into a world where knowledge meets innovation. ?????????? ???? ?????????????? ???????? ????????????? ?????????????? ???????? ????! ??
- 网站
-
https://www.mobilehackinglab.com
MobileHackingLab的外部链接
- 所属行业
- 职业培训和指导
- 规模
- 2-10 人
- 类型
- 上市公司
MobileHackingLab员工
动态
-
?? We accidentally crashed a MacBook… just by touching a video file! ?? While researching an Android media player vulnerability, we found an integer overflow bug that led to a buffer overflow—but what happened next was completely unexpected. Could this be leveraged for Denial of Service (DoS)? Or maybe something worse? ??
?????????? ??????????.... ???????????? ???????? ?????????????????? ???? ?? ??????? Watch this. I’m about to touch a simple video file… and my entire MacBook crashes instantly. No warnings. No error messages. Just a complete freeze… and then—BOOM! A full system reboot. As promised in my previous post, this one of the bugs we never further explored or published. Let me take you back to where it all started… Watch the video: https://lnkd.in/eFxmATCD Github link to the sample: https://lnkd.in/ePwxerrd #mobilesecurity #offensivesecurity #redteaming
-
-
Recently, in my free time, I went through all the available security testing challenges for Android applications from MobileHackingLab. Thanks to their team for the opportunity to gain such an interesting experience for free. The vulnerabilities presented in the challenges have a significant impact and are quite realistic—you can easily encounter them not only in a lab environment but also in real-world applications. Thanks, MobileHackingLab! #android #pentest #mobilehackinglab
-
-
-
-
-
+5
-
-
InfoSec Professional | Top 60 and Bugcrowd MVP (14 Qs) | OSCP, CRTO, eWPTXv2, eCPTXv2, SISE | Not Interest in Handling Financial Services
Bismillah. A late post. Continuing my exploration of the free iOS Application Security Course from MobileHackingLab, this time, I’m writing about one of the labs that I find quite interesting. Not just because of the case itself, but also due to the “lesson learned” beyond the core material, which is worth noting. InshaAllah. Title: Exploiting Unsanitized URL Handling and SQL Injection through Deep Links in iOS App: Write-up of Flipcoin Lab ——— Background on this Article’s Release: We know that to properly test an app, a deep understanding of its flow is important (both from an external perspective and from what happens behind the scenes). This includes reviewing all user layers within the system. Technically, this approach is necessary because we acknowledge that risks exist not only externally but also internally. In this case study, we see that executing a working exploit requires a thorough understanding of the application’s flow (not just from its external appearance but also by examining the database). Although the exploitation in this lab is limited to the local device, its lesson can be applied to much broader scenarios. ——— By the way, on a related note, professional testers often work within a fixed timeframe set by the client (or at least within an agreed-upon timeframe). If they lack a deep understanding of the target application, there is a real risk that certain vulnerabilities may go unnoticed. This brings to mind some cases that led to a quote I shared back in 2019: “Attacks and risks don’t wait for a company’s budget to arrive next year.” In this context, transparency becomes one of the key aspects of achieving proper testing. Rather than hiding the application’s flow to achieve a “perfect score”, being transparent with testers ensures that risks are identified and addressed in a timely manner. ——— Regardless, hope you enjoy the write-up! https://lnkd.in/dvSPrQGB
-
?? ???????????????????? ?????????????? ?????? ???? ?????? ???? ?????????????? & ????????????... ?? JavaScript bridges in ?????????????? & ?????? ???????? have been responsible for ???????????????? ???????????????? ?????????????????????????????? - some leading to ???????????? ???????? ?????????????????? (??????) in ????????-?????????????? ???????? like Twitter (X), TikTok, and crypto wallets. ?? ????????’?? ?????? ??????????????? Many apps use ???????????????? with ???????????????????????????????????????????? or other mechanisms to expose native functionality to JavaScript. When misconfigured, this l?????? ?????????????????? ???????????????????? ?????????????? ???????????? ?????? ??????????????????, leading to ???????? ??????????, ?????????????? ??????????????????, ?????? ???????? ???????? ???????????? ????????????????????. ?? ????????-?????????? ?????????? ?????????? ???????????? (?????? ?????????????? ???? ???? ?????? ???????????????? ????????????????) ?? ?????????????? (??) ?????????????? ?????? - ???????? ?????? ?????????????? ?? ??????????????????????????: Misconfigured WebView + Chromium flaw (CVE-2020-6506) ?? ????????????: Attackers could execute JavaScript, steal user credentials, and hijack sessions. ?? ???????????? ?????????????? ?????? - ?????? ?????? ???????????????????? ???????????????????? ?? ??????????????????????????: Unsafe ???????????????????????????????????????????? exposing native functions. ?? ????????????: Attackers could execute arbitrary code, exfiltrate user data, and install malware. ?? ?????? ?????????????? ?????? - ?????????????? ???????????????????? ?????????? ?? ??????????????????????????: JavaScript calling native Java methods via reflection. ?? ????????????: Attackers could delete app data and potentially escalate privileges. ?? ???????? ?????????????? ?????? - ???????? ?????????????????? ?????? ???????????????????? ?? ??????????????????????????: JavaScript in WebView exploited a ZIP extraction flaw. ?? ????????????: Attackers could overwrite files, leading to remote compromise. ?? ???????? ???? ?????????? ?????? ???? ???????? & ???????????? ??????????????/?????? ????????? ?? Get ???????? hands-on training in our security courses: ?? iOS Application Security Course: https://lnkd.in/ewbGGymD ?? Android Application Security Course: https://lnkd.in/e9FMMPsE ?? ?????????? ?????? ???????? ???? ????????????????? ???? ???????? ???????? ????????! ?? ?????????????? ???????????????????? ???????????? ????????: ?? Lab - Postboard: https://lnkd.in/eUrxY9_7? ?? Lab - Guess Me: https://lnkd.in/eEZp7xfw ?? ?????? ???????????????????? ???????????? ????????: ?? Lab - FreshCart: https://lnkd.in/ei_NzScz ?? ????????’?? ?????? ?????????? ?????????????? ?????????????????????????? ??????’???? ????????? ???????? ???????? ???????????????? ??????????! ?? #mobilesecurity #offensivesecurity #redteaming
-
-
?? ?????????????? ????????... ?? ???????????? ?????????? ?????? ???????? ???????? ?????????? What if I told you that just ?????????????? ???? ?????????? ???? ???????? ?????????? could let attackers ???????? ???????? ???????? ????????????? ?? ???? ????????????. ?? ???? ??????????????????. ?? ???? ????????????????. ?? ???????? ???????? ????????. Sounds like science fiction? It’s not. ?????? ??????????’?? ?????????????? ?????????????? leveraged ?????????? ?????????????? ?????????????????????????????? to infect iPhones with ????????-?????????? ??????????????—and it's not the first time. ?? Image Parsing: A Persistent 0-Day Attack Vector For decades, ?????????? ?????????????? have been a ???????????????? for 0-day vulnerabilities. From fuzzing ?????????? ?????? ???????? to ???????????????????? ?????????????????? ????????, attackers continue to find critical ???????????? ???????????????????? ???????? in ?????????? ???????????????? ??????????????????. ?? ???????? ???? ?????? ???????? ???????????????? ?????????? ?????????????? ????????????????: ?? ?????????????????? (????????)? Attackers sent a malicious ?????????????? ???????????????????? containing an image that triggered an ?????????? ??/?? ???????????? ????????????????, leading to the deployment of Pegasus spyware. ?? ?????????????????? ???????????????? (credits Citizen Lab): https://lnkd.in/gXPi_uNF ?? ?????????????????????? (????????)? Targeted a vulnerability in ??????????’?? ???????????????????????? by ?????????????? ?? ?????????????????? ?????? ?????????????????? ???? ?? ??????, bypassing BlastDoor security and ?????????????????? ?????????????????? ????????. ?? ?????????????????? ???????????????? (credits Google Project Zero): https://lnkd.in/eRT9CXM9 ?? ?????????????? (????????)? Leveraged a ???????????? ?????????????????????????? to load a malicious image, which, when ?????????????? ???????? ?? ???????????? ??????????????, enabled ???????????? ???????????????????????? ???? ??????????????. ?? ?????????????????? ???????????????? (Lookout Security): https://lnkd.in/e-66mDsV ?? Want to ???????????? ???????????? ??????????????? Follow MobileHackingLab! Are you interested in learning offensive mobile security for FREE? ?? ???????? ?????????????? ?????????????????????? ???????????????? ???????????? ?? https://lnkd.in/dB6_9axu ?? ???????? ?????? ?????????????????????? ???????????????? ???????????? ?? https://lnkd.in/e4KxkpXP ?? ???????? ???? ?????????? ?????? ???? ???? ?????????????????? ???? ?????? ??????????????? ?? https://lnkd.in/eM9UTzfD ?? ?????????? ???? ?????????? ?????? ???? ???? ?????????????? ?????? ???????????????????????? ???? ??????????????? ?? https://lnkd.in/eszhXDx5 ?? What are your thoughts on zero-click image parsing attacks? Have you ever fuzzed an image parser? ??????’?? ?????????????? ???? ?????? ????????????????! ?? #offensivesecurity #mobilesecurity #redteaming
-
-
?? ?????????? ?? ?????????????? ?????????????????????????????? ?????? ?????????????????? ???? ?????? ???????? ??????! In recent weeks, multiple Android vulnerabilities have been actively ?????????????????? ???? ?????? ?????????????????????? ???????????????? ???? ???????? ???????????????????????? ???????????? ???? ??????????????. Notably, two USB vulnerabilities are being leveraged in targeted attacks, alongside a privilege escalation flaw that effectively breaks the Android app sandbox. ???????????????? ?????????????????? ??????????????????????????????: 1?? ??????-????????-?????????? (?????? ???????????? ??????????????????????????) ? An ?????????????????????? ???????????????????? ???????? in the Linux kernel's HID driver enables unauthorized access to kernel memory. ? ????????????????????????: Serbian authorities reportedly used this vulnerability in combination with Cellebrite's forensic tools to extract data from confiscated devices. ?? https://lnkd.in/gJe5QEgH 2?? ??????-????????-?????????? (?????? ???????????? ??????????????????????????) ? A ???????????????? ??????-????-???????????? ?????????? issue in the USB Video Class (UVC) driver. ? ????????????: Allows ?????????????????? ???????????????????? through maliciously crafted USB interactions, making it an attractive target for attackers. 3?? ??????-????????-?????????? (?????????????? ?????????????? ????????????) ? A ?????????????????? ?????????????????????? ?????????????????????????? in the Android Framework. ? ????????????: ???????????? ??????????????’?? ???????????????????? ?????????? by allowing unauthorized access to files in other app sandboxes, severely compromising data security. ???????? ???? ?????????? ?????????? ?????????????? ????????????????? ?? ???????? ?????????????? ?????????????????????? ???????????????? ???????????? ?? https://lnkd.in/dB6_9axu ?? ???????? ?????? ?????????????????????? ???????????????? ???????????? ?? https://lnkd.in/e4KxkpXP ?? ???????? ???? ?????????? ?????? ???? ???? ?????????????????? ???? ?????? ??????????????? ?? https://lnkd.in/eM9UTzfD ?? ?????????? ???? ?????????? ?????? ???? ???? ?????????????? ?????? ???????????????????????? ???? ??????????????? ?? https://lnkd.in/eszhXDx5 ?? ???????? ???? ?????? ?????????? ?????????? ?????? ?????????????????????? ???????????????????? ?????????? ??????????????????????????????? ??????’?? ?????????????? ???? ?????? ????????????????! ?? ???????????? ???? ?????????? ???????? ???????? ?????????????? ?????? ???????? ???????????? ???????? ????????????????. ?? Hit like to support and follow MobileHackingLab for more Android security insights! #offensivesecurity #mobilesecurity #redteaming
-
-
Application & Cloud Security | eWPTX | eMAPT | eJPT | Azure Security Engineer AZ-500, SC-900, AZ-900 | CC - (ISC)2 | DevSecOps | Pentesting
As I mentioned in the previous post, the resources provided by MobileHackingLab were very useful during my journey through mobile pentesting, so I am happy to share some of the courses that I completed and were useful to me, from the Android application security course and the String and Guess me labs, which were very useful to put vulnerability detection and exploitation into practice. For those interested, I recommend checking out those modules.
-
-
Check out this nice write-up by Marcos González Sanz of the 'Config Editor' Hacking Lab, with full exploitation into a shell from the device.
Offensive Security Engineer | University Lecturer | [OSCP | OSWP | CRTO | CRTP | eCXD | RET2 | AFE] mrk.rip
Just launched a security blog: https://mrk.rip In this first post we take a deep dive into CVE-2022-1471—a critical SnakeYAML deserialization vulnerability. We set a vulnerable context up, understand it, exploit it, and then transition to Android using the vulnerable Config Editor app (from MobileHackingLab) to gain a reverse shell. Link: https://lnkd.in/dHuTNSjh Many thanks to Umit Aksu for helping me along the way — turns out toybox can do more than I initially thought ;)
-
I'm excited to share that I've successfully solved MobileHackingLab Android challenges! This experience helped me sharpen my skills in Android application pentesting. Participating in these challenges reinforced my passion for mobile application security and further expanded my knowledge in Android pentesting techniques. Looking forward to tackling more challenges and sharing my journey in the world of offensive cybersecurity! #AndroidSecurity #MobilePentesting #OffensiveSecurity #CTF #CyberSecurity