Introduction to Kali NetHunter Hacker series: Which NetHunter fits you best?
https://www.mobile-hacker.com/2023/07/04/introduction-of-kali-nethunter-hacker-series-and-which-nethunter-fits-you-best/

Analysis of account takeover discovered in Android app with 100M+ installs from Google Play ($1000 bounty)
https://medium.com/@amolbhavar/how-i-get-1000-bounty-for-discovering-account-takeover-in-android-application-3c4f54fbde39

Analysis of Android EverSpy 2 Malware which source code price is $4,000
https://www.theobservator.net/everspy-2-malware-reverse-engineering/

Android ASCWG CTF Challenge
https://0xmkr24.medium.com/android-challenge-in-ascwg-finals-109c03c66055

Using MLIR for Dalvik Bytecode Analysis
Using intermediate representations allows analysts to write optimizations and code analysis passes easier than parsing binary or bytecode directly. Kunai is a library intended for static analysis of dalvik bytecode, in a newer version of the library, the idea is to use the capabilities and possibilities offered by MLIR, writing a new dialect centered on Dalvik instructions.
Presentation: https://youtu.be/hfqOivYdD40
Slides: https://llvm.org/devmtg/2023-05/slides/Lightning-Talks/01-Eduardo-EuroLLVM2023.pdf

Exploit Google Pixel 7

In detail analysis of exploiting CVE-2023-21400 on Google Pixel 7 with Dirty Pagetable exploit that uses file UAF and pid UAF vulnerabilities
https://yanglingxi1993.github.io/dirty_pagetable/dirty_pagetable.html

Android malware installed directly from a website can bypass "installation from untrusted sources" warning using WebAPK technology
WebAPK enables creation Android native apps from web applications
https://www.linkedin.com/pulse/using-webapk-technology-phishing-attacks-csirt-knf

The Turkish Government Masqueraded Site Distributing Android RAT
https://blog.cyble.com/2023/07/10/the-turkish-government-masqueraded-site-distributing-android-rat/

How to install Kali NetHunter on rootless Android via Termux and how to set it up as a portable Kali Linux workstation
Blog: https://www.mobile-hacker.com/2023/07/11/nethunter-hacker-i-installation-of-rootless-kali-nethunter/
Video tutorial: https://youtu.be/fqaSEbaYkJQ

Letscall – new sophisticated Vishing toolset consists of three malicious stages
https://www.threatfabric.com/blogs/letscall-new-sophisticated-vishing-toolset

Obfuscation in Mobile Apps https://speakerdeck.com/marcobrador/droidcon-berlin-2023-obfuscation-in-mobile-apps

Finding the Entrypoint of iOS Apps in Ghidra
In video tutorial we extract the components of an iOS application and learn how to find the entrypoint using Ghidra to start reverse engineering
https://youtu.be/mLDsIMXafP4

Bypassing advance root detections using Frida
Techniques learned from video:
-presence of SU binary
-SELinux policies
-mountinfo
-attr/prev
-looking for SU bin paths using Supervisor calls

Video: https://youtu.be/7KqPwxlA-00
Scripts and POCs: https://github.com/fatalSec/in-app-protections

iOS Forensic Toolkit tips & tricks
https://blog.elcomsoft.com/2023/07/ios-forensic-toolkit-tips-tricks/

How to root OnePlus 7 Pro and install Kali NetHunter with custom kernel
[blog] https://www.mobile-hacker.com/2023/07/18/how-to-install-kali-nethunter-on-rooted-oneplus-7-pro/
[video] https://youtu.be/nkiy5iwa6Vs

Analysis of WyrmSpy and DragonEgg Android spyware attributed to Chinese Espionage Group APT41
https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41

Advanced Frida Usage Part 3 – Inspecting iOS XPC Calls
XPC is a type of IPC (InterProcess Communication) used on *OS
https://8ksec.io/advanced-frida-usage-part-3-inspecting-ios-xpc-calls/

How to reverse engineer #Xamarin iOS and Android apps
Xamarin is open-source platform that allows to create cross platform apps for iOS, Android, and Windows using C#
https://www.appknox.com/security/xamarin-reverse-engineering-a-guide-for-penetration-testers

Android SpyNote attacks electric and water public utility users in Japan
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/android-spynote-attacks-electric-and-water-public-utility-users-in-japan/

Bypass Instagram and Threads SSL pinning on Android
You can download already patched APKs for none-rooted devices, patch APK using Python noscript yourself, or download Frida bypass noscript for rooted Android
https://github.com/Eltion/Instagram-SSL-Pinning-Bypass

Reverse Engineering Android game Coin Hunt World and its communication protocol to cheat the app. Bug reported and fixed
https://research.nccgroup.com/2023/05/31/reverse-engineering-coin-hunt-worlds-binary-protocol/