MFFA - Media Fuzzing Framework for Android
The main idea behind this project is to create corrupt but structurally valid media files, direct them to the appropriate software components in Android to be decoded and/or played and monitor the system for potential issues (i.e system crashes) that may lead to exploitable vulnerabilities. Custom developed Python scripts are used to send the malformed data across a distributed infrastructure of Android devices, log the findings and monitor for possible issues, in an automated manner. The actual decoding of the media files on the Android devices is done using the Stagefright command line interface. The results are sorted out, in an attempt to find only the unique issues, using a custom built triage mechanism.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Using Apache mod_rewrite as a redirector to filter C2 traffic for Cobalt Strike servers.
A lightweight and portable Docker container for penetration testers and CTF players
A blog post discussing the often overlooked dangers of CSV injection in applications.
A standard for conducting penetration tests, covering seven main sections from planning to reporting.
A blog post about bypassing AppLocker using PowerShell diagnostic scripts
A Python-based tool for identifying and exploiting file inclusion and directory traversal vulnerabilities in web applications.
Caldera is a cybersecurity framework by MITRE for automated security assessments and adversary emulation.
A post-exploitation framework designed to operate covertly on heavily monitored environments.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.