- 11x256 (tutorials about using Frida to instrument android applications)
- App Reverse Engineering 101
- Android Applications Pentesting
- All Anroid Security Refrence
- Android Application Security Series
- Android Penetration Testing
- Android application penetration testing guide
- Flutter reverse : [ 1 ] - [ 2 ] - [ 3 ]
- Using Frida on Android without root
- Frida Handbook
- MITRE Mobile Techniques
- Android Security Risks
- Debug Native library in android
- ARM assembly basics
- 3 ways for Dynamic Code Loading in Android
- Analyze the native ELF binary in Ghidra
- Common mistakes when using permissions in Android
- theft of arbitrary files
- Hacking Samsung's Android Apps : [ 1 ] - [ 2 ]
- Hacking Xiaomi's Adnroid Apps: [ 1 ]
- Client Side Encryption Bypass Leads to Account Takeover
- PGSharp: Analysis of a Cheating App for PokemonGO
- Use cryptography in mobile apps the right way
- How to Detect Frida
- apps with millions of downloads exposed to high-severity vulnerabilities
- Pending Intents: A Pentester’s view
- Unpacking a JsonPacker-packed sample
- Exploiting Android WebView Vulnerabilities
- Life hack for understanding Flutter Application : [ 1 ] - [ 2 ]
- Testing a new encrypted messaging app
- The Kangaroo packer with native decryption
- Android SELinux Internals
- Anubis analysis video
- MoqHao Malware Analysis
- SharkBot Malware Analysis
- SOVA Malware Analysis
- a Cabassous/FluBot Case study
- Reversing ActionSpy Android Malware
- Trojans and their little tricks
- App Serves Teabot Via GitHub
- Google Service Framework Malware
- Hydra Malware
- Hydra Malware : [ 1 ] - [ 2 ] - [ 3 ]
- Ginp Malware
- PEGASUS Malware
- Godfather Malware
- EASTERN ASIAN ANDROID ASSAULT – FLUHORSE
- Reverses Flutter-based Android Malware “Fluhorse”
- Samsung Flow - Any App Can Read The External Storage
- Samsung Galaxy - Any App Can Install Any App In The Galaxy App Store
- hacker101-CTF
- 2021-GoogleCTF-TRIDROID
- 2021-THCon-Good old friend
- 2021-THCon-draw.per
- 2021-S4CTF-Water Color
- 2021-ritsec-memedrive
- 2021-DarkConCTF-fire in the android
- 2021-DarkConCTF-ezpz
- 2020-TokyoWesternsCTF-Tamarin : [ 1 ] - [ 2 ] - [ 3 ]
- 2020-HackTM-MobaDEX
- 2020-RaziCTF-Chasing a Lock
- 2020-RaziCTF-CTF Coin
- 2020-RaziCTF-Friends
- 2020-RaziCTF-Strong Padlock
- 2020-PhantomCTF-hehe
- 2020-SamsungCTF-vault101
- 2020-GoogleCTF-android
- 2019-asis-andex
- 2019-GoogleCTF-Flaggy Bird
- Arbitrary code execution on Facebook
- persistent code execution in the Google Play Core Library
- RCE in TikTok Android app
- Why dynamic code loading could be dangerous for your apps
- From Android Static Analysis to RCE
- Account takeover intercepting magic link
- Insecure deeplink leads to sensitive information disclosure
- android app deeplink leads to CSRF in follow action
- Possible to intercept broadcasts about uploaded files
- exported broadcast receiver
- insecure broadcast
- Gaining access to protected components
- Exploiting Activity in medium android app
- Google Photos : Theft of Database & Arbitrary Files Android Vulnerability
- Ability To Backdoor Facebook For Android
- Security flaws in samsung device
- SQL Injection found in NextCloud Android App Content Provider
- Time-Based SQL Injection to Dumping the Database
- Exploring vulnerabilities in WebResourceResponse
- Theft of arbitrary files leading to token leakage
- Possible to steal arbitrary files from mobile device
- Vulnerable to local file steal, Javascript injection, Open redirect
- securing Samsung devices
- Intent spoofinig
- Access of some not exported content providers
- Access of Android protected components via embedded intent
- Vulnerable to JavaScript injection