The Blog
Writeups, technique breakdowns, and deep dives into finding real vulnerabilities in Android apps.
Flutter
Intercepting Flutter App Traffic When Burp Shows You Nothing
Flutter apps ignore the OS proxy and ship their own TLS stack, so Burp sits there empty. Here's how to actually get visibility with Frida.
March 2, 2026
Frida
Bypassing Root Detection Without Breaking the App
Most root detection bypass scripts are copy-pasted and brittle. Here's the systematic way to find and defeat the checks that actually matter.
February 14, 2026
IDOR
Finding an IDOR That the Web Testers Missed
The web app for this target had already been tested twice. The Android client hit a different endpoint entirely — and it wasn't locked down.
January 18, 2026
IDOR
Forging API Signatures to Find 15 IDORs in an E-Wallet App
The app signed every request to stop parameter tampering. Once the signing function was reverse engineered, the "protection" became the attack surface.
April 30, 2020
Race Condition
Bypassing a Passcode Screen With Nothing but Timing
Fuzzing the deep link parameters went nowhere. The bypass turned out to have nothing to do with parameters at all — it was a timing gap in how the passcode activity got loaded.
October 18, 2019