Showing Posts About

Drozer

  • 17 Nov 2016

Working 9 till 5

A summer intern at MWR conducted security research on the Android game "Legion Hunters", uncovering multiple vulnerabilities in the game's login system. The research revealed unencrypted API calls, weak authentication mechanisms, and insecure account management that could allow unauthorized access to user accounts. The intern demonstrated how an attacker could potentially log in as any user by exploiting these security flaws.

  • 1 Sep 2013

Introducing drozer

Drozer is an open-source mobile security tool for Android exploit development. It enables advanced payload deployment and post-exploitation through multiple "weasel" techniques for gaining device access. The tool allows security researchers to build exploits, create reverse TCP shells, and escalate privileges on target Android devices.

  • 5 Jun 2013

Mercury v2.2.1

Mercury, an Android security testing tool, released its final version 2.2.1 with significant updates. The release included a new BSD license, improved PATH functionality, and a new Windows installer. The project will transition to its successor drozer at BlackHat Arsenal.

  • 28 Mar 2013

Announcing Mercury v2.2

Mercury v2.2, an Android Security Assessment Framework, introduces enhanced auto-completion features for command suggestions. The update maintains separate command histories for different contexts and improves ContentProvider interaction stability. A vulnerable Android app called Sieve is released to help security practitioners practice using the framework.

  • 7 Feb 2013

Announcing Mercury v2.1

Mercury v2.1, an Android security assessment framework, introduces three key improvements. Modules can now be installed directly from an online repository. Connections between the Mercury console and device can be secured with SSL and optional password protection. Performance optimizations have been made to the Mercury Agent to improve efficiency and resource management.

  • 14 Dec 2012

What's New in Mercury v2?

Mercury v2.0 introduces a completely rewritten architecture with modular reflection-based functionality. Infrastructure Mode enables remote device connectivity across firewalls and NAT. The user interface has been streamlined to provide faster, more direct access to Mercury's capabilities.

  • 7 Sep 2012

Mercury v1.1 is Released

Mercury v1.1 is an Android security testing framework with enhanced compatibility for newer Android versions. The release introduces a Reflection Interface for dynamic feature addition and includes new modules for comprehensive security scanning of Android devices and applications. Key improvements enable security professionals to more efficiently analyze potential vulnerabilities in Android systems.

  • 23 Aug 2012

Mercury Reflection

Mercury developed a dynamic reflection interface for Android security assessment that enables runtime code execution and plugin creation. The interface allows developers to load Java code dynamically on the server side without modifying the core application. This approach provides flexible functionality for examining and interacting with Android applications through a simple set of reflection methods.