Its been a while since i last blogged. I’m just back to India after BlackHat Abu Dhabi which was one of the best hackercons i’ve ever been to. The stay arranged by the BlackHat for the speakers was amazing, at Emirates Palace. Our (Me and Subho Halder) talk was on Day 2 : Dec 5th.
The talk went pretty good, and we released the framework (Android Framework for Exploitation) code on Github (will be updating it soon, with the server code).
The code has been fully written in Python, and could be extended by writing modules as well. The structure is pretty much self-explanatory and there is a command line help which you could get by typing in ? .
You could get the presentation slides and the Whitepaper from the BlackHat Archives page here.
BlackHat ended up pretty well with us getting a lot of private training requests on Android and ARM Exploitation classes.
Also, just few hours back, Subho Halder got an email from Facebook Security that we (Aditya Gupta and Subho Halder) will be getting a bounty of $2500 for a bug that we submitted 4 months back, that will come as a Facebook WhiteHat Debit Card.
The issue was in the video upload feature (via Webcam) of Facebook, as they didnt had proper security checks enforced. Using this, an attacker could trick a user to silently record his webcam video and publish it to his facebook wall, without the user even knowing about it.
Plus, our names would be listed in the Facebook WhiteHat list.
(the below image is from CNET, as our card is still on its way)
Will be blogging more about Facebook security issue and Android Exploitation soon.
Filed under: Android Framework for Exploitation, BlackHat, Facebook, Hall of Fame