- 11x256 (tutorials about using Frida to instrument android applications)
- App Reverse Engineering 101
- All Anroid Security Refrence
- Android Application Security Series
- Android Penetration Testing
- Android application penetration testing guide
- hacker101-CTF
- 2021-THCon-Good old friend
- 2021-THCon-draw.per
- 2021-S4CTF-Water Color
- 2021-ritsec-memedrive
- 2021-DarkConCTF-fire in the android
- 2021-DarkConCTF-ezpz
- 2020-TokyoWesternsCTF-Tamarin : [ 1 ] - [ 2 ] - [ 3 ]
- 2020-HackTM-MobaDEX
- 2020-RaziCTF-Chasing a Lock
- 2020-RaziCTF-CTF Coin
- 2020-RaziCTF-Friends
- 2020-RaziCTF-Strong Padlock
- 2020-PhantomCTF-hehe
- 2020-SamsungCTF-vault101
- 2020-GoogleCTF-android
- 2019-asis-andex
- Arbitrary code execution on Facebook
- persistent code execution in the Google Play Core Library
- RCE in TikTok Android app
- Why dynamic code loading could be dangerous for your apps
- From Android Static Analysis to RCE
- Account takeover intercepting magic link
- Insecure deeplink leads to sensitive information disclosure
- android app deeplink leads to CSRF in follow action
- Possible to intercept broadcasts about uploaded files
- exported broadcast receiver
- insecure broadcast
- Gaining access to protected components
- Exploiting Activity in medium android app
- Google Photos : Theft of Database & Arbitrary Files Android Vulnerability
- Ability To Backdoor Facebook For Android
- SQL Injection found in NextCloud Android App Content Provider
- Time-Based SQL Injection to Dumping the Database
- Exploring vulnerabilities in WebResourceResponse
- Theft of arbitrary files leading to token leakage
- Possible to steal arbitrary files from mobile device
- Vulnerable to local file steal, Javascript injection, Open redirect
- Intent spoofinig
- Access of some not exported content providers
- Access of Android protected components via embedded intent
- Vulnerable to JavaScript injection