From d6ef30a8895a9bd43170163154bacab93b743821 Mon Sep 17 00:00:00 2001 From: Shayan Rais Date: Fri, 17 Feb 2017 23:36:30 +0500 Subject: [PATCH 1/8] added AOSP - Issue tracker added AOSP - Issue tracker strikeout depreciated Vulnerability Google Doc removed Root Exploits (from Drozer issue #56) --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 6409bf8..de4772c 100644 --- a/README.md +++ b/README.md @@ -210,11 +210,12 @@ Tutorials List ---- -1. [Vulnerability Google Doc](https://docs.google.com/spreadsheet/pub?key=0Am5hHW4ATym7dGhFU1A4X2lqbUJtRm1QSWNRc3E0UlE&single=true&gid=0&output=html) -* [Root Exploits (from Drozer issue #56)](https://github.com/mwrlabs/drozer/issues/56) -* [Android Security Bulletins](https://source.android.com/security/bulletin/) + +1. [Android Security Bulletins](https://source.android.com/security/bulletin/) * [Android's reported security vulnerabilities](https://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-19997/Google-Android.html) * [Android Devices Security Patch Status](https://kb.androidtamer.com/Device_Security_Patch_tracker/) +* [AOSP - Issue tracker](https://code.google.com/p/android/issues/list?can=2&q=priority=Critical&sort=-opened) +* ~~[Vulnerability Google Doc](https://docs.google.com/spreadsheet/pub?key=0Am5hHW4ATym7dGhFU1A4X2lqbUJtRm1QSWNRc3E0UlE&single=true&gid=0&output=html)~~ Bounty Programs ---- From a06ac6a7db66b4e272c74aa74aaa984b1413309e Mon Sep 17 00:00:00 2001 From: Shayan Rais Date: Mon, 20 Feb 2017 10:53:02 +0500 Subject: [PATCH 2/8] added Android Security Acknowledgements --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index de4772c..61ffcf4 100644 --- a/README.md +++ b/README.md @@ -200,6 +200,10 @@ Books ---- 1. [SEI CERT Android Secure Coding Standard](https://www.securecoding.cert.org/confluence/display/android/Android+Secure+Coding+Standard) +Researchers +---- +1. [Android Security Acknowledgements](https://source.android.com/security/overview/acknowledgements.html) + Tutorials ---- 1. [Android Reverse Engineering 101 by Daniele Altomare](http://www.fasteque.com/android-reverse-engineering-101-part-1/) From 55fcc64d778c1037b0fb0d0ee27c6f5f9ea36e51 Mon Sep 17 00:00:00 2001 From: Shayan Rais Date: Mon, 20 Feb 2017 12:09:50 +0500 Subject: [PATCH 3/8] added Open Web Application Security Project added links related to OWASP --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 61ffcf4..59c42e3 100644 --- a/README.md +++ b/README.md @@ -204,9 +204,10 @@ Researchers ---- 1. [Android Security Acknowledgements](https://source.android.com/security/overview/acknowledgements.html) -Tutorials +Others ---- -1. [Android Reverse Engineering 101 by Daniele Altomare](http://www.fasteque.com/android-reverse-engineering-101-part-1/) +1. [OWASP Mobile Security Testing Guide Manual](https://github.com/OWASP/owasp-mstg) +* [Android Reverse Engineering 101 by Daniele Altomare](http://www.fasteque.com/android-reverse-engineering-101-part-1/) ---- @@ -219,6 +220,7 @@ List * [Android's reported security vulnerabilities](https://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-19997/Google-Android.html) * [Android Devices Security Patch Status](https://kb.androidtamer.com/Device_Security_Patch_tracker/) * [AOSP - Issue tracker](https://code.google.com/p/android/issues/list?can=2&q=priority=Critical&sort=-opened) +* [OWASP Mobile Top 10 2016](https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10) * ~~[Vulnerability Google Doc](https://docs.google.com/spreadsheet/pub?key=0Am5hHW4ATym7dGhFU1A4X2lqbUJtRm1QSWNRc3E0UlE&single=true&gid=0&output=html)~~ Bounty Programs From 847bf03465c4146c83e23d76c2330b79f8fc7ca2 Mon Sep 17 00:00:00 2001 From: Shayan Rais Date: Mon, 20 Feb 2017 15:33:03 +0500 Subject: [PATCH 4/8] added Exploit Database links --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 59c42e3..b9b2157 100644 --- a/README.md +++ b/README.md @@ -193,7 +193,8 @@ Misc Tools Research Papers ---- -1. [Android security related presentations](https://github.com/jacobsoo/AndroidSlides) +1. [Exploit Database](https://www.exploit-db.com/papers/) +* [Android security related presentations](https://github.com/jacobsoo/AndroidSlides) * [A good collection of static analysis papers](https://tthtlc.wordpress.com/2011/09/01/static-analysis-of-android-applications/) Books @@ -221,6 +222,7 @@ List * [Android Devices Security Patch Status](https://kb.androidtamer.com/Device_Security_Patch_tracker/) * [AOSP - Issue tracker](https://code.google.com/p/android/issues/list?can=2&q=priority=Critical&sort=-opened) * [OWASP Mobile Top 10 2016](https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10) +* [Exploit Database](https://www.exploit-db.com/search/?action=search) * ~~[Vulnerability Google Doc](https://docs.google.com/spreadsheet/pub?key=0Am5hHW4ATym7dGhFU1A4X2lqbUJtRm1QSWNRc3E0UlE&single=true&gid=0&output=html)~~ Bounty Programs From 5fce6f6b85849589da7160a451a7d36e9b032739 Mon Sep 17 00:00:00 2001 From: Shayan Rais Date: Mon, 20 Feb 2017 15:36:15 +0500 Subject: [PATCH 5/8] added Exploit Database links --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b9b2157..aca8186 100644 --- a/README.md +++ b/README.md @@ -222,7 +222,7 @@ List * [Android Devices Security Patch Status](https://kb.androidtamer.com/Device_Security_Patch_tracker/) * [AOSP - Issue tracker](https://code.google.com/p/android/issues/list?can=2&q=priority=Critical&sort=-opened) * [OWASP Mobile Top 10 2016](https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10) -* [Exploit Database](https://www.exploit-db.com/search/?action=search) +* [Exploit Database](https://www.exploit-db.com/search/?action=search&q=android) - click search * ~~[Vulnerability Google Doc](https://docs.google.com/spreadsheet/pub?key=0Am5hHW4ATym7dGhFU1A4X2lqbUJtRm1QSWNRc3E0UlE&single=true&gid=0&output=html)~~ Bounty Programs From 842ab2df5ece2deb9dceb96c514eee39e4219c72 Mon Sep 17 00:00:00 2001 From: Shayan Rais Date: Tue, 21 Feb 2017 10:09:09 +0500 Subject: [PATCH 6/8] removed strike-through from Vulnerability Google Doc --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index aca8186..f9e6bfc 100644 --- a/README.md +++ b/README.md @@ -223,7 +223,7 @@ List * [AOSP - Issue tracker](https://code.google.com/p/android/issues/list?can=2&q=priority=Critical&sort=-opened) * [OWASP Mobile Top 10 2016](https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10) * [Exploit Database](https://www.exploit-db.com/search/?action=search&q=android) - click search -* ~~[Vulnerability Google Doc](https://docs.google.com/spreadsheet/pub?key=0Am5hHW4ATym7dGhFU1A4X2lqbUJtRm1QSWNRc3E0UlE&single=true&gid=0&output=html)~~ +* [Vulnerability Google Doc](https://docs.google.com/spreadsheet/pub?key=0Am5hHW4ATym7dGhFU1A4X2lqbUJtRm1QSWNRc3E0UlE&single=true&gid=0&output=html) Bounty Programs ---- From 0ee9506eb2a7fdbc6aa0bc3d0dd8bc803a2e81f0 Mon Sep 17 00:00:00 2001 From: Shayan Rais Date: Tue, 21 Feb 2017 16:18:23 +0500 Subject: [PATCH 7/8] added Android Researcher - Zhuoqing Morley Mao - Yury Zhauniarovich --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index f9e6bfc..7c8bf18 100644 --- a/README.md +++ b/README.md @@ -204,6 +204,8 @@ Books Researchers ---- 1. [Android Security Acknowledgements](https://source.android.com/security/overview/acknowledgements.html) +* [Zhuoqing Morley Mao](http://web.eecs.umich.edu/~zmao/pubs.html) +* [Yury Zhauniarovich](http://www.zhauniarovich.com/pubs.html) Others ---- From f6bf2184cf916fcfbe585dfcc85b9274729017f6 Mon Sep 17 00:00:00 2001 From: Shayan Rais Date: Tue, 21 Feb 2017 16:48:08 +0500 Subject: [PATCH 8/8] replace Sample Source with Malware section moved to Bugs category --- README.md | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 7c8bf18..533426f 100644 --- a/README.md +++ b/README.md @@ -152,17 +152,6 @@ App Repackaging Detectors 1. [FSquaDRA](https://github.com/zyrikby/FSquaDRA) - a tool for detection of repackaged Android applications based on app resources hash comparison. -Sample Sources ----- - -1. [Contagio Mini Dump](http://contagiominidump.blogspot.com) -2. [Android Malware Github repo](https://github.com/ashishb/android-malware) -* [Open Source database](https://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares) -* [Admire](http://admire.necst.it/) -* [MalGenome](http://www.malgenomeproject.org/policy.html) - contains 1260 malware samples categorized into 49 different malware families, free for research purpose. -* [VirusTotal Malware Intelligence Service](https://www.virustotal.com/en/about/contact/) - powered by VirusTotal,not free -* ~~[Drebin](http://user.informatik.uni-goettingen.de/~darp/drebin/)~~ - Market Crawlers ---- @@ -227,6 +216,19 @@ List * [Exploit Database](https://www.exploit-db.com/search/?action=search&q=android) - click search * [Vulnerability Google Doc](https://docs.google.com/spreadsheet/pub?key=0Am5hHW4ATym7dGhFU1A4X2lqbUJtRm1QSWNRc3E0UlE&single=true&gid=0&output=html) +Malware +---- + +1. [androguard - Database Android Malwares wiki](https://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares) +* [Android Malware Github repo](https://github.com/ashishb/android-malware) +* [Android Malware Genome Project](http://www.malgenomeproject.org/policy.html) - contains 1260 malware samples categorized into 49 different malware families, free for research purpose. +* [Contagio Mobile Malware Mini Dump](http://contagiominidump.blogspot.com) +* [VirusTotal Malware Intelligence Service](https://www.virustotal.com/en/about/contact/) - powered by VirusTotal, not free +* [Admire](http://admire.necst.it/) +* ~~[Drebin](http://user.informatik.uni-goettingen.de/~darp/drebin/)~~ + + + Bounty Programs ---- 1. [Android Security Reward Program](https://www.google.com/about/appsecurity/android-rewards/)