Some tools when playing with Android

CVE-2025-21479 proof-of-concept, I think

Bug reports from Immunefi Bounty Boosts

Android Emulator with Newest Security Patch

PoC of CVE-2023-40130

Android framework fuzz

Curated Web3 security learning hub for smart contract auditors and protocol teams: roadmaps, audit tools, public reports, fuzzing, formal verification, AI-assisted workflows, offchain security, inc…

eBPF-Based DexDumper for Android

RunAsAnyone: PoC and writeup for bypassing the initial patch of CVE-2024-0044, Android run-as any app vulnerability allowing privilege escalation from adb to installed app

阿布量化交易系统(股票，期权，期货，比特币，机器学习) 基于python的开源量化交易，量化投资架构

Our PoC code for our Android Bytecode Exploitation examples

E²VA short for Exploitation Experience with Vulnerable App is a vulnerable app to learn userspace exploitation on Android

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security

A CPU Backdoor. Phrack 72

CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13

openHarmony逆向工具包，初步支持反编译

Repository for information about 0-days exploited in-the-wild.

Quarkslab conference talks

Android-DirtyStream Vuln Demo

Conference presentation slides

Jar Analyzer - 一个 JAR 包 GUI 分析工具，内置 AI 助手协助分析，支持 JAR DIFF 分析，方法调用关系搜索，方法调用链 DFS 算法分析，模拟 JVM 的污点分析验证 DFS 结果，字符串搜索，Java Web 组件入口分析，CFG 程序分析，JVM 栈帧分析，自定义表达式搜索等

A CAT called tabby ( Code Analysis Tool )

A new version of Soot with a completely overhauled architecture

KernelGPT: Enhanced Kernel Fuzzing via Large Language Models (ASPLOS 2025)

notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)