Hacking Mobile Platforms Flashcards
Which of the following is not an OWASP Top 10 Mobile Risk?
Buffer overflow
Reverse engineering
Insecure communication
Insecure cryptography
Buffer overflow
On android, which of the following Java API framework blocks manages the data sharing between applications?
Notification manager
Content providers
Window manager
Activity manager
Content providers
Which of the following is an Android banking Trojan that uses a malicious SMS to compromise the security of a target mobile device by dynamically loading web views and targeting specific domains based on received commands?
Fing
xHelper
Gustuff
cSploit
Gustuff
What is xHelper?
Android/Trojan.Dropper.xHelper is a variant of Android/Trojan.Dropper. The first noticeable characteristic of xHelper is the use of stolen package names. For instance, xHelper uses package names starting with “com.muf.”
What is cSploit?
cSploit is an Android network analysis and penetration suite that is used to map the local network, fingerprint hosts’ operating systems and open ports, perform integrated traceroute, forge TCP/UDP packets, and perform MITM attacks such as password sniffing, JavaScript injection, capturing real-time network traffic, DNS spoofing, and session hijacking
What is TunesGo?
TunesGo is an android tool that has an advanced android root module that recognizes and analyzes your Android device and chooses an appropriate Android-root-plan for it automatically.
What is zANTI?
zANTI is an android application that acts as a pentesting toolkit
What is DroidSheep?
DroidSheep is a simple Android tool for web session hijacking (sidejacking)
What is ORBOT?
Orbot is a proxy app that empowers other apps to use the internet more privately. It uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world. Attackers can use this application to hide their identity while performing attacks or surfing through the target web applications.
What are Velonzy, TaiG and Yalu?
iOS Jailbreaking Tools
What is X-Ray?
X-Ray is an android vulnerability scanner
What is Spyzie?
Spyzie is an iOS spyware tool to gather SMS logs, call logs, app chats, GPS, etc.
What is Apricot?
Apricot is a web-based mirror OS for iPhone. It supports iOS 13.2 devices. Users can run this mirror iOS version with the default iOS 13.2 simultaneously
What is Hexxa Plus?
Hexxa Plus is a Jailbreak Repo Extractor for iOS 13.2, which allows you to install themes, tweaks, and apps. It is compatible with iOS 13 and higher versions up to iOS 13.2.3 including iOS 13.3 beta
What is Trident?
Trident is a sophisticated spyware that exploits vulnerabilities in an iPhone to spy on users. These vulnerabilities allow attackers to jailbreak the target iPhone remotely and install malicious spyware such as Pegasus. Trident is capable of taking complete control of the target mobile device, and it allows attackers to monitor and track all the user activities
