🔍 安卓版的hap查看器，支持解析 OpenHarmony/HarmonyOS API9+(Stage模型) 的应用安装包

CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13

Yet another xpc sniffer

IDA Plugin to automatically identify and set enums for standard functions

Oracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability

A PoC to trigger CVE-2023-5217 from the Browser WebCodecs or MediaRecorder interface.

IPTV直播源抓取 自动整合hao趣网直播源+TVBox直播源+其他网上直播源 择取分辨率、速度最佳视频流 定期更新

PromtFuzz is an automated tool that generates high-quality fuzz drivers for libraries via a fuzz loop constructed on mutating LLMs' prompts.

Writeup and exploit for CVE-2023-45777, bypass for Intent validation inside AccountManagerService on Android 13 despite "Lazy Bundle" mitigation

Script to quickly hook natives call to JNI in Android

🔓A curated list of modern Android exploitation conference talks.

Auto-generated CodeQL rules for matching CVE vulnerabilities and variants.

The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

基于frida的安卓hook框架，提供了很多frida自身不支持的功能，将hook安卓变成简单便捷，人人都会的事情

Android APP漏洞之战系列，主要讲述如何快速挖掘APP漏洞

Some presentations I did in the past

A collection of browser exploitation codes from Singular Security Lab.

VM Escape for Parallels Desktop <18.1.1

ChatDBG - AI-assisted debugging. Uses AI to answer 'why'

Samples and Unpacker of malicious backdoors and exploits developed and used by Pinduoduo

拼多多apk内嵌提权代码，及动态下发dex分析

Reverse engineered ChatGPT API