Boris Batteux
@BorisBatteux
Followers
117
Following
202
Media
0
Statuses
64
Joined May 2013
Did you know that Google Play Store is the most popular channel for threat actors to distribute #malware to target mobile banking apps? Learn more here: https://t.co/p9HQ1Fw7iq
#FinTech #Android #AppSec
guardsquare.com
In this research report, we describe how malware is typically distributed and describe the observed attack methods and behavior patterns.
0
2
2
SQL Injection is still present in 2023 on mobile platforms 📱. If you think iOS is more secure than Android because it’s difficult to misconfigure, this article will change your mind! Happy to share my very first CVE-2023-41387. #MobileSecurity #flutter
https://t.co/4dNWJdsHe6
seredynski.com
SQL Injection and app Misconfiguration are big a threat in mobile app landscape. Here is a story of One Flutter package that made Thousands apps vulnerables.
0
4
20
In our latest blog post, we delve into some intricacies of the Android permission system. Check out how we pushed the boundaries of custom permissions and unveiled CVE-2023-20947 by harnessing a solver approach! 🔓 https://t.co/dOromiFfhE
blog.thalium.re
The Android permission management system has already suffered from several vulnerabilities in the past. Such weaknesses can grant dangerous permissions to a malevolent application, an example being...
0
36
82
The Accessibility Service on Android is an impactful feature for people with disabilities. However, it also comes with security risks. Here, you can learn how to protect against them: https://t.co/1EbcSnOUcY
#MobileAppSecurity #Accessibility #CyberSecurity
0
2
2
I've ported SiMBA (MBA Simplification Tool) to C/C++, added enhancements, multithreading support and boosted the performance 🚀🚀🚀 ( https://t.co/akR8RA5zXX)
2
13
39
Really cool to see this integrated IDA. Performances are awesome!
Our new decompiler plugin is now available! gooMBA is here to help when you’re struggling with a ‘'mixed boolean arithmetic”-obfuscated binary. Read more 🌐 https://t.co/4hEfOZjbei
#HexRays #HexRaysDecompiler #IDAPro
1
0
1
Our new decompiler plugin is now available! gooMBA is here to help when you’re struggling with a ‘'mixed boolean arithmetic”-obfuscated binary. Read more 🌐 https://t.co/4hEfOZjbei
#HexRays #HexRaysDecompiler #IDAPro
3
62
147
We’ve just published a new Plugin Focus blog post! Joxean Koret (@matalaz) from Activision introduces his binary diffing plugin #Diaphora. Read more: https://t.co/XaA80cC4IJ
#PluginFocus #IDAPro #IDAPython #IDAPlugin
1
31
74
Another great Plugin Focus blog post is out! Marc-Étienne Léveillé introduces the IPyIDA plugin. Learn how this IDA add-on makes prototyping and Python plugin and script development friendlier 🌐 https://t.co/625Kw4ricN
#PluginFocus #IDAPro #IDAPython #IDAPlugin
0
15
58
Great post by @vinopaljiri about techniques for invoking functions directly from assembly: IDA Appcall, Dumpulator and Unicorn Engine https://t.co/asV8nqxUcM
#reverseengineering #malwareanalysis #informationsecurity #cybersecurity #assembly
0
53
209
IDA handles direct calls and adds cross-references automatically. What could you do when you are dealing with indirect calls? Check how to set callee addresses manually 🌐 https://t.co/zxZlcqueiv
#IgorsTipOfTheWeek #IDAtips #IDAPro #IndirectCalls
0
4
21
Time for a brief thread on one of @HexRaysSA most powerful classes provided as part of their IDA Python API The humble insn_t class Understanding this type will help you in all sorts of ways, including my favorite, generating YARA signatures Let's begin...
1
17
40
control flow unflattening of an android rasp sdk https://t.co/uqBk9KTnCV
eybisi.run
TargetRecently I have analyzed a RASP solution called Approov. Altough there are some novel detection techniques, overall it’s not that interesting. Instead I will focus on obfuscation part of native
2
34
123
Lets goo. Made some additions to https://t.co/ebe1NiBY5l and voila🥳 Finally a good blog post subject + will be explaining some ida internal errors I encounter while playing with hexray microcode api👽Blog post soon🤠
2
14
55
In the final blog of our Flutter app reverse engineering series, we look at how classical attacks apply to Flutter apps. Follow along as we investigate using techniques like code patching and hooking for cheating: https://t.co/ksODLAa8qj
#reverseengineering #Flutter #FlutterDev
guardsquare.com
Are the classical attacks that we see on mobile applications applicable to Flutter apps? Learn more about flutter app security and Frida Flutter.
0
8
17
TrollStore, a new iOS tool, prompts developers to rethink their #MobileAppSec as they can no longer rely on #Jailbreak or repackaging detection to stop modded #iOS apps. See how #TrollStore is impacting the industry. https://t.co/ahnVX5O2W3
#iOSDev
guardsquare.com
TrollStore is an iOS tool that enables users to install modded apps onto non-jailbroken devices. Learn more about TrollStore safety and mitigations.
0
2
8
The results are out! We are very honoured to have won first place🥇in the Hex-Rays plugin contest 2022 🎉 Our entry was "ttddbg", a time-travel debugging plugin for IDA already presented at #SSTIC 2022. Many congratulations to all the other entrants!
🥁 We have the winners of the Hex-Rays Plugin Contest 2022! Our congratulations go to: 🥇 ttddbg by @simsor and @citronneur 🥈 ida_kcpp by Uriel Malin and Ievgen Solodovnykov 🥉 FindFunc by Felix B. Take a look at the full list: https://t.co/Zu7idO5E8F
#PluginContest #IDA
6
21
62
📝New research by @lmpact_l: "Fork Bomb for Flutter" There are more and more Flutter applications, and security analysis of these apps is in high demand. Our member Phil shares his knowledge and presents his reFlutter tool. Read the article:
swarm.ptsecurity.com
Flutter applications can be found in security analysis projects or bugbounty programs. Most often, such assets are simply overlooked due to the lack of methodologies and ways to reverse engineer...
6
27
75
We investigate a bootloader on the #android13 update that increments an anti-roll back version and might put the users of Google Pixel 6 at risk. https://t.co/IWcqybiQrW
1
11
34
