Collaborate Disseminate
The app I am trying to attack (under a legitimate bug bounty program of course) has the following code for its broadcast receiver:
//From vulnerable app
public void onReceive(Context paramContext, Intent paramIntent)
{
…… Continue reading Android: Can you exploit a broadcast Receiver that receives a custom object from the intent?
Most of the more famous fuzzers such as Sulley or SPIKE seems to work only for network applications. I can’t seem to find any fuzzers for GUI-based applications for Windows. Is it because it is not feasible to create one for … Continue reading Are there any good fuzzers for Windows GUI applications?
What are the possible ways an attacker could force two paired devices to unpair? What it be any different for classic bluetooth and bluetooth smart?
Continue reading How feasible would forced unpairing of paired bluetooth devices be?
Classic Bluetooth protects its connection by keeping the pairing process secret. How does Classic Bluetooth prevent the keys from being sniffed during the pairing process? On what channel does the pairing process occur?
Lots of articles mention the importance of keeping the BD_ADDR secret as knowing it can allow an attacker to do stuff. What can an attacker really do?(Assuming that he has knowledge of the UAP + LAP but not NAP which is irrel… Continue reading What can an attacker know with knowledge of a device’s BD_ADDR?
Information regarding bluetooth sniffing is all over the place in bits and pieces.To better understand the topic,I’ve created a possible attack tree for an attacker to achieve bluetooth sniffing between a given master and all… Continue reading Possible Attack Tree for Bluetooth Sniffing?
Information regarding bluetooth sniffing is all over the place in bits and pieces.To better understand the topic,I’ve created a possible attack tree for an attacker to achieve bluetooth sniffing between a given master and all… Continue reading Possible Attack Tree for Bluetooth Sniffing?
With tools like kismet,ubertooth-follow and ubertooth-btle, is it possible to sniff all bluetooth traffic for all devices at any given point in time? From what I understand, it is not possible since you need to follow the hop… Continue reading Is Ubertooth able to sniff traffic for more than one device for both classic bluetooth and BLE?
When connecting to a new AP, the client device will pop a warning to ask if the certificate of the new AP should be trusted. If trusted, the warning doesn’t show anymore if the certificate is known to have been trusted before… Continue reading Which attributes of a WPA AP certificate are used by a client device in deciding if the certificate has been trusted before?
I tried replicating the Karma attack and it does not work on my iphone5s and galaxy s6. Even when the phones send out directed probe requests and the Rouge AP responds with the appropriate probe responses, the phones just ign… Continue reading Is the Karma attack still relevant today?