Episode 14: Mobile Hacking Dynamic Analysis w/ Frida + Random Hacker Stuff
Critical Thinking - Bug Bounty Podcast6 Apr 2023

Episode 14: Mobile Hacking Dynamic Analysis w/ Frida + Random Hacker Stuff

Episode 14: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Dynamic Analysis within Mobile Hacking and a bunch of random hacker stuff. It's a good time. Enjoy the pod.

Follow us on Twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on Twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Joel’s Alternative to UberTooth One:

https://www.amazon.com/Bluetooth-UD100-G03-Exchangeable-Bluesoleil-Microsoft/dp/B0161B5ATM

D3monDev’s Burp VPS Plug-in:

https://github.com/d3mondev/burp-vps-proxy

FireProx:

https://github.com/ustayready/fireprox

Joel’s Universal SSL De-pinning Frida Script:

https://gist.github.com/teknogeek/4dc35fb3801bd7f13e5f0da5b784c725

Command-line Fuzzy Finder:

https://github.com/junegunn/fzf

Justin’s two article recommendations for using Frida:

https://tinyurl.com/5n94d6ry

https://tinyurl.com/yfy3n5f5

Copy screen of physical device:

https://tinyurl.com/ymdrscm5

Flipper:

https://flipperzero.one/

BetterCap BLE Module:

https://www.bettercap.org/modules/ble/

Timestamps:

(00:00:00) Intro

(00:00:55) Hacker Chats

(00:03:27) Podcast Content Commentary

(00:04:09) SSRF Rebinding Error Confession

(00:06:02) Flipper Zero

(00:07:58) Bettercap BLE

(00:09:36) Sena USB Bluetooth Adapter

(00:12:41) Burp VPS Proxy Plugin

(00:13:55) Fireprox

(00:15:40) Dynamic Mobile Hacking

(00:17:40) Dynamic Analysis Overview

(00:18:18) Emulator Talk

(00:24:29) Joel’s APK Analysis Flow

(00:26:30) Cert Pinning

(00:32:17) Joel’s SSL Cert Pinning Script

(00:35:29) Hands-on look at Frida

(00:50:11) Frida on Non-rooted Devices

(00:58:22) Tracing Errors to Overwritable Functions

(01:00:39) Native Libraries

(01:09:18) GenyMobile Screen Mirroring Tool

(01:11:50) Justin’s Report of the Day and Custom SSL Pinning

(01:18:15) Joel’s First Ever Bug, Jailbreak Detection Bypass

Avsnitt(172)

Episode 172: Source Code Review Meta Analysis

Episode 172: Source Code Review Meta Analysis

Episode 172: In this episode of Critical Thinking - Bug Bounty Podcast trying out a new structure of episode: a Meta Analysis of sorts of many Source Code Review techniques. This episode features tips...

30 Apr 51min

Episode 171: Path-Scoped Cookie Hacks with Uppercase & Post-based Raw Protobuf XSS

Episode 171: Path-Scoped Cookie Hacks with Uppercase & Post-based Raw Protobuf XSS

Episode 171: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives us some quick tips from his own hacking, including some clickjacking, using capital letters, and the potential value...

23 Apr 22min

Episode 170: Claude Code + Tmux, Websockets, and Other Korea LHE Takeaways

Episode 170: Claude Code + Tmux, Websockets, and Other Korea LHE Takeaways

Episode 170: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph their trip to Korea with some quick takeaways from the LHE. Follow us on twitter at: https://x.com/ctbbpodcastG...

16 Apr 32min

Episode 169: Attacking OAuth 2.1

Episode 169: Attacking OAuth 2.1

Episode 169: In this episode of Critical Thinking - Bug Bounty Podcast gr3pme goes over some of the changes from OAuth 2.0 vs 2.1 and how Hackers can capitalize.Follow us on twitter at: https://x.com/...

9 Apr 30min

Episode 168: XSSDoctor - Client-side Path Traversal Research

Episode 168: XSSDoctor - Client-side Path Traversal Research

Episode 168: In this episode of Critical Thinking - Bug Bounty Podcast we’re getting a visit from the XSS Doctor. Jonathan joins us to go through his Client-side workflow, run labs, and diagnose some ...

2 Apr 1h 35min

Episode 167: Stealing Bugs with Valeriy Shevchenko

Episode 167: Stealing Bugs with Valeriy Shevchenko

Episode 167: In this episode of Critical Thinking - Bug Bounty Podcast we welcome Valeriy Shevchenko to talk about program management, anchor programs, and Theft in Bug Bounty.Follow us on twitter at:...

26 Mars 51min

Episode 166: Rez0’s Top Claude Skill Secrets

Episode 166: Rez0’s Top Claude Skill Secrets

Episode 166: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Rez0’s Claude Skill Secrets, when AI Generated reports fall apart, and agents vs filters.Follow us on twitter at: h...

19 Mars 53min

Episode 165: Protobuf Hacking, AI-Powered Bug Hunting, and Self-Improving Claude Workflows

Episode 165: Protobuf Hacking, AI-Powered Bug Hunting, and Self-Improving Claude Workflows

Episode 165: In this episode of Critical Thinking - Bug Bounty Podcast Justin recaps his Zero Trust World experience, before we dive into Permissions issues client-side bugs, New Hardware Hacking Clas...

12 Mars 44min

Populärt inom Teknik

natets-morka-sida
uppgang-och-fall
elbilsveckan
rss-technokratin
bilar-med-sladd
skogsforum-podcast
market-makers
har-vi-akt-till-mars-an
bli-saker-podden
rss-elektrikerpodden
rss-laddstationen-med-elbilen-i-sverige
rss-powerboat-sverige-podcast
rss-it-sakerhetspodden
rss-veckans-ai
rss-uppgang-och-fall
rss-fabriken-2
rss-snacka-om-ai
developers-mer-an-bara-kod
hej-bruksbil
dom-kallar-oss-krypto