logo
Android Stack Overflow Exploitation (ARMv7) - MobileHackingLab

Android Stack Overflow Exploitation (ARMv7) - MobileHackingLab

In this post, we explore an Android Stack Overflow vulnerability within a server-client chat messaging application. By analyzing the native code and leveraging vulnerabilities such as format string and stack buffer overflow, we develop an exploit using pwntools to gain control of the target system. Throughout the process, we also examine security features like RELRO, stack canaries, and NX to understand the defenses in place and how to bypass them.
8 minutes to read
Kousha Zanjani
Analyzing MSFVenom Android Payload (Malware)

Analyzing MSFVenom Android Payload (Malware)

MSFVenom is a versatile and widely used tool for generating payloads and shellcodes as part of the Metasploit Framework. It allows users to create customized payloads for various platforms, including Android, for penetration testing purposes. I want to analyze a bit of MSFVenom Android payload to better understand its structure and how it can be used to exploit vulnerabilities in Android devices.
6 minutes to read
Kousha Zanjani
NahamCon CTF 2022 Android Writeup (Solutions)

NahamCon CTF 2022 Android Writeup (Solutions)

Two days ago, I helped my friends to solve CTF NahamCon2022 challenges. I was wondering about Android challenges, so I focused on them. In this blog post, I’ll explain how I solved Android challenges. Mobilize This one was an easy challenge for beginners. Anyone could solve this. :)) I opened the APK file in Jadx-GUI. There was nothing in MainActivity. So I just searched in strings.xml, and there it is. FLAG!
4 minutes to read
Kousha Zanjani

Android Trust Wallet Stealer Malware Analysis

As far as technology improves, hackers do their best to abuse these technologies. Android became one of the most impressive technology and it’s going further. Hackers research Android Security every moment and Android malware spread more and more. There is a lot of malware that developed till today. I want to analyze an Android malware that is a Crypto Wallet Stealer. I have a sample which you can download it from HERE .
2 minutes to read
Kousha Zanjani

TeamTNT Miners in the Wild

Last night my friend and I were Looking for some Redis NOSQL (Because Most of them do not have any authentication of course 😆) in Shodan and Censys for Bug Hunting. I’ve found some interesting things which led me to write this blog post. Most of the Redis seemed to be exploited and infected with a Miner by TeamTNT. I used shodan query port:6379 to find Redis services. Redis has a tool called redis-cli which lets you interact with Redis servers.
3 minutes to read
Kousha Zanjani

Lemon Duck Malware

A month ago I’ve got a Log from a company (we will call it victim corp from now) that it was detected as a malicios activity. What I’ve got from that report log was just an URL, Funny right?! :)) I’ve start to google dork it. After some search and googling I’ve found some URLs and one of them was from app.any.run website which is one of the best sandbox for malware analysis and downloading samples.
5 minutes to read
Kousha Zanjani