At 8kSec Academy, we continuously update our courses to reflect current changes in the security landscape, exploitation techniques, and defensive mechanisms. Throughout 2025, we released multiple updates across our Android and iOS-focused courses, adding new modules, expanding hands-on content, and aligning lessons with the latest security research and tooling.
Here is a look at the new modules, research, and tools we integrated into the academy this past year.
February 19, 2025: Added the CVE-2023-26083 Module
Available in: Offensive Mobile Reversing and Exploitation and Offensive Android Internals
The CVE-2023-26083: Kernel Pointer Leakage in Mali GPU’s Timeline Stream Message Buffers module introduces an in-depth analysis of a real-world Android kernel vulnerability. It covers both internal driver behavior and exploitation, showing how subtle issues in GPU drivers can lead to serious security impact.
It examines Mali GPU driver internals, explains how timeline streams operate, and demonstrates how kernel pointers can be leaked from kernel space to user space, including a full, live Proof-of-Concept that walks through the exploitation process step by step.
Videos included in this update:
- Introduction to CVE-2023-26083
- Background of Mali GPU
- Internals of Mali GPU Driver and Context
- Understanding the Role of Timeline Streams and Vulnerability Deep Dive
- Walkthrough of PoC code to Exploit CVE-2023-26083
- Exploiting CVE-2023-26083 using PoC
September 17, 2025: Added the Patch Diffing in iOS Module
Available in: Offensive Mobile Reversing and Exploitation and Offensive iOS Internals
The Patch Diffing in iOS module focuses on understanding vulnerabilities through Apple’s own fixes. By comparing vulnerable and patched binaries, learners gain insight into both exploitation techniques and Apple’s defensive design decisions.
Here’s what’s included in this update:
- Introduction to patch diffing concepts
- Extracting and preparing iOS binaries
- Patch diffing tools and practical techniques
- Real-world case studies, including:
- CVE-2025-24201 — WebKit out-of-bounds read/write
- CVE-2025-24203 — XNU page zeroing bug
- CVE-2025-24200 — USB Restricted Mode bypass
- CVE-2025-43200 — iMessage logical flaw
- CVE-2025-31201 — RPAC PAC bypass
- References for deeper further study
September 24, 2025: Added Modules for Reverse Engineering, MCP, and Fuzzing Android Third-Party Libraries
Available in: Practical Mobile Application Exploitation
The Reverse Engineering and Fuzzing Android Third-Party Libraries module guides learners through reverse engineering and fuzzing Android third-party libraries to uncover vulnerabilities and improve security. It begins with using Ghidra to analyze compiled libraries, disassemble native code, and reveal hidden functionality. From there, it covers setting up dynamic instrumentation and creating test harnesses to prepare libraries for safe and effective fuzzing. Finally, the module explores fuzzing strategies to expose crashes, memory issues, and logic flaws, and explains how to triage findings as it relates to both libraries and applications.
In addition, a dedicated video was added that introduces reverse engineering with MCP servers, demonstrating how MCP can support analysis of complex libraries and improve visibility into their internal behavior during reverse engineering workflows.
Videos included in this update:
- Reversing using MCP Servers
- Reverse Engineering and Fuzzing Android Third-Party Libraries Module:
- Reverse Engineering Android Third-Party Libraries with Ghidra
- Instrumenting Third-Party Library Functions and Fuzz Preparation
- Fuzzing Android Third-Party Libraries
September 24, 2025: Added JNI Reversing and Native Fuzzing Module
Available in: Offensive Mobile Reversing and Exploitation and Offensive Android Internals
This advanced module dives deep into the Java Native Interface (JNI) layer, where Java and native code meet and where many high-impact vulnerabilities exist. It covers JNI fundamentals and architecture, reversing JNI functions exposed to Java, and techniques for beautifying and retyping JNI-heavy native code to improve analysis.
The module also explores RegisterNatives and JNI bindings, including how to find and trace them using custom tools such as JNINinja, as well as tools like Frida, RMS, and Medusa. On the fuzzing side, you’ll learn how to set up a functional JVM environment to bypass common fuzzing limitations, build and run AFL++ in Frida-mode, validate and triage crashes, and perform custom object-based fuzzing on JNI bindings.
Videos included in this update:
- Fuzzing – What we’ll cover
- JNI Fundamentals
- Reversing JNI Functions Exposed to Java
- Beautifying JNI Code and Retyping
- Reversing JNI RegisterNatives
- Intro to Finding & Tracing JNI Bindings
- Finding & Tracing JNI Bindings using JNINinja
- Finding & Tracing JNI Bindings using Frida
- Hooking and Tracing JNI methods at Runtime
- Exploring JNI Signatures using Medusa
- Overcoming Fuzz restrictions using functional JVM Environment
- Building AFL++ Frida-mode for Android
- Fuzzing using AFL Frida Mode
- Validating crashes in AFL Frida Mode
- Custom Object-based JNI binding Fuzzing
December 23, 2025: Added iOS Memory Protection and Security Model Updates
Available in: Offensive Mobile Reversing and Exploitation and Offensive iOS Internals
This update expands coverage of Apple’s latest memory protection mechanisms and adjusts exploitation content to reflect recent iOS security changes. It introduces in-depth coverage of Memory Integrity Enforcement (MIE) on modern iOS devices, compares Address Sanitizer with MIE, and walks through practical analysis techniques such as identifying IRG and STG instructions, analyzing MIE crash logs, and checking applications for MIE implementation.
Videos included in this update:
- Understanding Memory Integrity Enforcement (EMTE)
- Address Sanitizer vs MIE
- Finding the IRG/STG Instructions
- Analyzing MIE Crash Logs
- Checking Apps for MIE Implementation
December 23, 2025: Added Modern Mobile OS Constraints and Tooling Updates
Available in: Practical Mobile Application Exploitation
Before the holiday break, the course received a substantial refresh to stay aligned with modern mobile OS constraints and tooling updates. The update includes revised hands-on labs covering Memory Integrity Protection and in-app detection mechanisms, new techniques for advanced traffic interception under modern mobile OS restrictions, and updated course content for Frida 17, reflecting new APIs and workflow changes.
Included in this update:
- Frida 17+ Migration Guide
- Understanding and Enabling Enhanced Security in iOS Apps
- Checking for Enhanced Security in iOS Apps
December, 2025: Interactive Quizzes Across All Courses
In December 2025, we introduced interactive quizzes across all Mobile Security courses at 8kSec Academy. These quizzes are designed to help learners revisit key concepts, reinforce memorization, and validate their understanding as they progress through each course.
The quizzes focus on:
- Reviewing core technical concepts from each module
- Reinforcing important workflows, tools, and terminology
- Helping learners identify gaps before moving on to advanced topics
8kSec Battlegrounds Launch: Free Mobile Security Challenges
In addition to the course updates released in 2025, 8kSec Academy launched 8kSec Battlegrounds, a free hands-on platform for practicing real-world mobile security techniques.
8kSec Battlegrounds (https://8ksec.io/battle) offers interactive Android, iOS, and ARM exploitation challenges built around realistic mobile applications and attack scenarios. The challenges focus on identifying and chaining vulnerabilities in complete apps, rather than isolated CTF-style tasks, allowing learners to apply concepts covered in the courses in a practical, legal environment.
8kSec Battlegrounds is available to the wider community at no cost and complements the academy’s training by offering a place to practice, experiment, and reinforce mobile security concepts learned in the courses.
Continuous Curriculum Updates at 8kSec Academy
The updates released in 2025 reflect an ongoing effort to keep 8kSec Academy courses accurate, practical, and aligned with real-world mobile and AI security research. The curriculum continues to evolve alongside changes in mobile operating systems, tooling, and attack techniques, with further updates and new content planned throughout 2026 and beyond.
To stay current with AI and mobile security, visit 8kSec Academy.
