Slides and videos from my Briefings:
- Basic definitions and registers
- Offset and Addressing modes
- Load and Store
- Branch
- Data Processing (Part 1)
- Data Processing (Part 2)
- Selections and loops
- Subroutines
- Dynamic Memory Allocation
- Basic definitions- part 1
- Basic definitions- part 2
- Overflows
- Use After Free & Double free
- FastBin Dup to Stack
- FastBin Dup Consolidate
- Unsafe Unlink
- House of Spirit
- House of Lore
- Creating and using JVM instances in Android C/C++ applications
- Android Security Workshop
- TapJacking Attacks, a thorough guide - part 1
- TapJacking Attacks, a thorough guide - part 2
- TapJacking Attacks, a thorough guide - part 3
- The Application Sandbox
- Fear of the Target SDK, a story of a Ransomware
- Tracing JNI Functions
- When Equal is Not, Another WebView Takeover Story
- Pending intents: A pentester's view
- Size Matters — CVE-2021–0485 (High)
- Vulnerability in TikTok Android app could lead to one-click account hijacking
- How an Android application can drain your wallet
- The Signal Protocol and the Double Ratchet algorithm
- Just another Cracking the Uncrackable
- Dissecting the Escobar bot
- Uncovering Trojans in 5'
- AOSP CVE-2021-0485
- AOSP CVE-2021-39617
- AOSP CVE-2023-20906
- Xiaomi's File Manager CVE-2023-26321
- TikTok CVE-2022-28799
- TikTok CVE-2024-45240
- Zoom CVE-2022-36928
- Zoom CVE-2023-34117
- MS One Note CVE-2023-21721
- MS Office CVE-2023-23391
- MS Teams CVE-2024-21374
- MS Teams CVE-2024-21448
- MS Outlook CVE-2024-26204
- Imo.im CVE-2022-47757
- WPS office for Android CVE-2024-35205
- Basecamp CVE-2023-36612
- Nextcloud CVE-2023-39957