A curated collection of security research, vulnerability analysis, and tooling deep-dives covering the 2026 landscape across four domains.
security-research/
├── android-security/ # Android RE, rooting, HAL research
│ ├── README.md
│ ├── kernelSU-next.md # LKM-mode root (no kernel recompile)
│ ├── ksu-frida.md # Zygisk-based Frida anti-tamper bypass
│ ├── nothing-phone-2a-apu.md # MediaTek APU unlock (KernelSU + Rust + Frida)
│ └── beerus-framework.md # All-in-one mobile pentest platform v1.1
│
├── linux-hardening/ # eBPF, kernel security, CIS automation
│ ├── README.md
│ ├── ebpf-lsm.md # Hot-loadable kernel security policies
│ ├── aegisbpf.md # Enforcement-first BPF runtime security
│ ├── ghostlock.md # CVE-2026-43499: 15-year-old LPE
│ └── cis-benchmark-automation.md # OpenSCAP + Lynis + Ansible
│
├── hardware-hacking/ # ESP32 side-channel, FI, IoT vulns
│ ├── README.md
│ ├── esp32-c5-xts-aes-side-channel.md # CPA on ESP32-C5 (AR2026-001)
│ ├── esp32-ecdsa-secure-boot-bypass.md # ECDSA timing leak (AR2026-006)
│ ├── esp32-s3-voltage-fault-injection.md # DFA via voltage FI (AR2026-005)
│ ├── esp32-v3-em-glitch.md # Single-pulse EM bypasses all
│ ├── tasmota-rce-CVE-2026-38422.md # CVSS 9.8 RCE
│ └── CVE-2026-34601.md # ESP32 mmWave UART overflow
│
└── offensive-security/ # AI exploit gen, VM escapes, tool landscape
├── README.md
├── llm-exploit-generation.md # CSA 2026 — AI cross threshold
├── CVE-Genie.md # 51% @ $2.77/CVE
├── phantomcore.md # Multi-stage attack reconstruction
├── ghostlock-CVE-2026-43499.md # Offensive LPE perspective
├── januscape-CVE-2026-53359.md # First cross-platform KVM escape
└── ai-pentest-tool-landscape.md # 70+ new open-source tools
| Domain | Key Finding | Severity |
|---|---|---|
| Android | KernelSU-Next LKM root — no kernel recompilation needed | Tooling |
| Android | Nothing Phone 2a APU unlock — HAL boundary research | Research |
| Linux | eBPF LSM — hot-load kernel security policy without reboot | Mitigation |
| Linux | AegisBPF — enforcement-first BPF security engine | Tooling |
| Linux | GhostLock (CVE-2026-43499) — 15-year-old kernel LPE | Critical (7.8) |
| ESP32 | EM glitch bypasses Secure Boot + Flash Encryption simultaneously | Critical |
| ESP32 | Tasmota RCE (CVE-2026-38422) — CVSS 9.8, no auth | Critical (9.8) |
| OffSec | CVE-Genie — 51% CVE reproduction at $2.77 each | Paradigm shift |
| OffSec | Januscape (CVE-2026-53359) — first cross-platform KVM escape | Critical (9.3) |
Each domain directory contains:
- README.md: Landscape overview with table of contents
- Per-topic writeups: Standalone, technically rigorous deep-dives with code/pseudocode
- Cross-references: Some topics span domains (e.g., GhostLock appears in both Linux Hardening and Offensive Security with different perspectives)
| Research Type | Minimum Equipment | Cost |
|---|---|---|
| Android RE | Pixel device, USB cable | $200-500 |
| eBPF/Linux | Linux 5.7+ system | $0 (existing) |
| ESP32 CPA | ChipWhisperer-Lite, scope | $300-500 |
| ESP32 FI | Glitcher, oscilloscope | $500-2000 |
| ESP32 EM | Decap station, EM probe, XYZ stage | $1000-3000+ |
| Offensive Security | Cloud VM, GPU for LLM inference | $50-500/month |
All content is standalone markdown — readable directly on GitHub or locally:
git clone https://github.com/harrydev/security-research
cd security-research
# Browse topics by directoryThis research is conducted on personal devices in controlled lab environments. All vulnerability disclosures follow responsible disclosure practices. Code examples are for educational and defensive purposes only.
MIT — See LICENSE for details.