|
Does anyone know of good Android exploit development / vulnerability discovery tutorials, guides, or other resources?
|
# ¿ Jul 16, 2019 09:54 |
|
|
# ¿ Apr 28, 2024 11:39 |
|
cinci zoo sniper posted:under which conditions a mobile app on android would not be able to access host devices imei? Where target SDK is above 4 and the app doesn't have the READ_PHONE_STATE permission. I'm sure in most cases you could get it via a lovely IPC or poorly stored data elsewhere though.
|
# ¿ Jul 16, 2019 12:28 |
|
Are you using the IMEI as a unique identifier for each device? You're not really supposed to do that, but all the alternatives kind of suck. There are heaps of weird Android devices that don't have an IMEI as well. So you would need an alternative or to just declare that you don't support those. yoloer420 fucked around with this message at 12:49 on Jul 16, 2019 |
# ¿ Jul 16, 2019 12:42 |
|
I don't recommend academic research or getting a PhD. Source: was a lecturer for ten years, have a PhD, have published 50+ papers. Consulting is way better. Do OSCP and get a job hacking poo poo.
|
# ¿ Aug 2, 2019 09:11 |
|
CRIP EATIN BREAD posted:God I wish I could read like I used to. College absolutely obliterated my desire to read recreationally and it's only been the past year or so that I've been able to consistently do it. You and me both. It's two years since I finished my PhD. I still can't put a dent in a novel. I really hope this gets better.
|
# ¿ Sep 19, 2019 14:34 |
|
Jewel posted:microsoft makes $200,000 every minute just loving pay people for doing work for you They do. They have internal teams as well as teams of consultants working on finding this poo poo 24/7. The bounty programmes are just there to soak up anyone who has bugs to sell. It's a pretty sweet deal, it's like one of those "pay what you feel" resteraunts, except nobody feels guilty about not paying. yoloer420 fucked around with this message at 12:11 on Jul 15, 2020 |
# ¿ Jul 15, 2020 11:52 |
|
I've left my previous employer and I'm at a new place now, sadly the short domain name I used to use for XSS stuff belonged to them, so I'm in need of a new one. Does anyone know of a service like https://catechgory.com/ that actually works?
|
# ¿ Sep 6, 2020 13:20 |
|
How have there been so few hilarious security fuckups lately? It's been really disappointing. Fingers crossed that things get fun again sometime soon. For the first time in forever I've found pentesting to be a grind
|
# ¿ Nov 2, 2020 09:28 |
|
Achmed Jones posted:android phones are not x86. The Lenovo K80 disagrees.
|
# ¿ Jan 10, 2021 00:19 |
|
Just connect your TV to the AP your neighbours air conditioner runs for some reason. Hth.
|
# ¿ Apr 7, 2021 06:57 |
|
~Coxy posted:NBNco hosed up a national project by developing some esoteric custom hardware that had multiple data connections (but a 1000/1000 limit on the PHY) I thought it was 1000/400? That's at least the most anyone will sell me without going to EE - which requires a new fibre run.
|
# ¿ Aug 21, 2023 09:47 |
|
|
# ¿ Apr 28, 2024 11:39 |
|
Does the vuln impact the Linux command line version as well?
|
# ¿ Aug 24, 2023 12:19 |