Slides and videos from my Briefings:
- Basic definitions and registers
- Offset and Addressing modes
- Load and Store
- Branch
- Data Processing (Part 1)
- Data Processing (Part 2)
- Selections and loops
- Subroutines
- Dynamic Memory Allocation
- Basic definitions- part 1
- Basic definitions- part 2
- Overflows
- Use After Free & Double free
- FastBin Dup to Stack
- FastBin Dup Consolidate
- Unsafe Unlink
- House of Spirit
- House of Lore
- Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk
- Creating and using JVM instances in Android C/C++ applications
- Android Security Workshop
- TapJacking Attacks, a thorough guide - part 1
- TapJacking Attacks, a thorough guide - part 2
- TapJacking Attacks, a thorough guide - part 3
- The Application Sandbox
- Fear of the Target SDK, a story of a Ransomware
- Tracing JNI Functions
- When Equal is Not, Another WebView Takeover Story
- Pending intents: A pentester's view
- Size Matters — CVE-2021–0485 (High)
- Vulnerability in TikTok Android app could lead to one-click account hijacking
- How an Android application can drain your wallet
- The Signal Protocol and the Double Ratchet algorithm
- Just another Cracking the Uncrackable
- Dissecting the Escobar bot
- Uncovering Trojans in 5'
- Microsoft CVE-2023-21721
- Microsoft CVE-2023-23391
- Microsoft CVE-2024-21374
- Microsoft CVE-2024-21448
- Microsoft CVE-2024-26204
- Microsoft CVE-2025-29805
- Microsoft CVE-2024-49057
- Google CVE-2021-0485
- Google CVE-2021-39617
- Google CVE-2023-20906
- Samsung CVE-2025-21079
- Samsung CVE-2025-58487
- Samsung CVE-2025-58486
- Samsung CVE-2026-20976
- Samsung CVE-2026-20985
- Samsung CVE-2026-20994
- Zoom CVE-2022-36928
- Zoom CVE-2023-34117
- Zoom CVE-2025-64741
- Zoom CVE-2026-53407
- Zoom CVE-2026-53408
- Xiaomi CVE-2023-26321
- TikTok CVE-2022-28799
- TikTok CVE-2024-45240
- Nextcloud CVE-2023-39957
- Imo.im CVE-2022-47757
- WPS office for Android CVE-2024-35205
- Basecamp CVE-2023-36612