| [Hacking Bank] The Second Story of Finding Critical Vulnerabilities on Banking Application |
|
|
|
| Automating Unsolicited Richard Pics; Pwning 60,000 Digital Picture Frames |
|
|
|
| WebView XSS, account takeover |
|
|
|
| Account Takeover in KAYAK |
|
|
|
| Hacking Smartwatches for Spear Phishing |
|
|
|
| Accidental $70k Google Pixel Lock Screen Bypass |
|
|
|
| Discovering vendor-specific vulnerabilities in Android |
|
|
|
| Scan QR Code and Got Hacked (CVE-2021–43530 : UXSS on Firefox Android Version) |
|
|
|
| [Hacking Banks] Broken Access Control Vulnerability in Banking application [PART I] |
|
|
|
| Gcash Vulnerability Walkthrough |
|
|
|
| Shopping App Deeplink Arbitrary URLs |
|
|
|
| Arbitrary File Corruption: End - to - End Encrypted Messaging Application |
|
|
|
| Android Application Forgot Password Token Leakage Leading to Account Takeover |
|
|
|
| Contentful Access Token Disclosure in Android APK |
|
|
|
| Vulnerability in TikTok Android app could lead to one-click account hijacking |
|
|
|
| Chaining Telegram bugs to steal session-related files. |
|
|
|
| Amazon Quickly Fixed A Vulnerability In Ring Android App That Could Expose Users’ Camera Recordings |
|
|
|
| How I earned a $7000 bug bounty from Grab (RCE Unique Bugs) |
|
|
|
| Researching Xiaomi’s TEE to get to Chinese money |
|
|
|
| Identity Confusion in WebView-based Mobile App-in-app Ecosystems |
|
|
|
| The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I) |
|
|
|
| React debug.keystore key was trusted by Meta(Facebook) which caused to Instagram account takeover by malicious apps. |
|
|
|
| Hacking into the worldwide Jacuzzi SmartTub network |
|
|
|
| The Android kernel mitigations obstacle race |
|
|
|
| Impact of an Insecure DeepLink |
|
|
|
writeups.xyz
/
Android