This is your work, valued

flankerhqd

Elite
@flankerhqd

JAADAS. Joint Advanced Defect assEsment for android applications

352

vendor-android-cves. Collections of my POCs for android vendor CVEs

287

jebmcp. Python

250

bindump4j. A portable utility to locate android binder service

100

jebPlugins. Various Jeb plugins, including obfuscation restore

91

wifimonster. Wifi sniffing and hijacking tool

82

mediacodecoob. Infoleak and PC control poc for CVE-2015-6620 (24445127), I'll add after conference

53

CVE-2015-6620-POC. POC for CVE-2015-6620, AMessage unmarshal arbitrary write

38

descriptor-describes-toctou. POCs for IOMemoryDescriptor racing bugs in iOS/OSX kernels

20

IOUSBHID-IOHID-Overflow. Integer overflow in IOHIDDevice/IOUSBHIDDevice

20

cve-2015-6612poc-forM. C++

16

protostar-solutions. Automatically exported from code.google.com/p/protostar-solutions

13

blitzard. Will release EXPs soon after BHUSA

8

presentations. Various presentations and related materials

6

cc98-worm. cc98-xss-worm at 2012.12.31

6

mosec2016. The slides and exploit of mosec2016

5

Introspy-Android. Security profiling for blackbox Android

3

drozer-py3. The Leading Security Assessment Framework for Android.

3

unmap_poc.

2

feishu-chatgpt. Go

2

VirtualApp. An open source implementation of MultiAccount.(Support 4.0 - N).

2

idaplugins-list. A list of IDA Plugins

2

BadKernel. Full exploit of CVE-2016-6754(BadKernel) and slide of SyScan360 2016

2

iWooyun. iOS client for wooyun.org

2

dexposed. dexposed enable 'god' mode for single application.

2

ApkProtect. 通付盾第一代安全加固方案

2

MFFA. Media Fuzzing Framework for Android

2

wixss. Traffic Hijack Tool via NodeJS

2

appshark. Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.

2

type-inference. Automatically exported from code.google.com/p/type-inference

1

dpt-shell. An android Dex protects shell implementation

1

VirtualAppDoc.

1

sqlchop. A novel SQL injection detection engine built on top of SQL tokenizing and syntax analysis.

1

ShakaApktool. ShakaApktool

1

GitHack. A `.git` folder disclosure exploit

1

BinAbsInspector. BinAbsInspector: Vulnerability Scanner for Binaries

1

mate7_TZ_exploit. Huawei mate 7 TrustZone exploit

1

mobile-security-wiki. HTML

1

training. Training materials crafted and publicly provided by Red Naga members

1

uxss. uxss在线测试页面

1

bifuz. Broadcast Intent FUZzing Framework for Android

1

pine. Dynamic java method hook framework on ART.

1

closurether. network traffic hijack via Node

1

AndroidKernelExploitationPlayground. C

1

navicat-keygen. A keygen for Navicat Premium

1

mitmproxy. An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers

1

canhazaxs. A tool for enumerating the access to entries in the file system of an Android device.

1

ovaa. Oversecured Vulnerable Android App

1

my-notes.

1

PyWxDump. SharpWxDump的Python语言版。微信客户端取证,可获取用户个人信息(昵称/账号/手机/邮箱/数据库密钥(用来解密聊天记录)),解密脚本,获取数据库脚本;持获取多用户信息,目前支持所有新版本、正式版版本

1

androrat. Remote Administration Tool for Android devices

1