The Mental Model: What is a Content Provider? In the world of Android, apps are isolated in their own “Sandboxes.” They aren’t allowed to talk to each other directly or touch each other’s files. S...

Why these notes exist These are personal review notes on LLM security from a web exploitation perspective. They are intentionally short, high-level, and focused on how things break, not theory or ...

𓅃 In the world of Android Penetration Testing, visibility is everything. If you cannot see the network traffic, you are effectively blind to potential vulnerabilities like IDORs, API flaws, or data...

Target Android App Security Goal Understanding the Attack Surface When we audit an Android application, we aren’t just looking at code; we are looking at a fortress. As a pentester, your job is t...

Hacking Android Services: The Lazy Pentester’s Guide (With Scripts!) Let’s be honest: When we start pentesting an Android app, we all love Activities. They are visual, they are right there on the ...

From “Hello World” to Broadcast Hijacking In the world of Android security, Broadcast Receivers are often the silent vectors for critical vulnerabilities. They aren’t visual like Activities, which...

Introduction In the world of web security, Enumeration is the art of being a digital detective. It’s not just about finding what’s open, but understanding how the system “talks” back to us. In th...

Network Requests on Android Android applications are not allowed to perform blocking network operations on the main (UI) thread. Any direct HTTP request executed on the main thread will trigger N...

Intent Redirects: The Middleman Attack The “Intent Redirect” vulnerability class occurs when an exported component (Activity, Service, etc.) accepts a nested Intent as an extra and launches it. ...

TL;DR Intents can control application logic Client-side state machines are exploitable adb is a valid attacker tool Context This note documents abusing Intent-driven state machines in ...