Interactive Learning Roadmap
How to Learn Mobile Security
A dependency-ordered path from first principles to userland and kernel-level exploitation — across iOS and Android, app-level and OS-level. Start on the shared foundation, then fork into the specialization you want. Userland exploitation (browser, media parsers, IPC, sandbox escapes) and kernel-level exploitation are treated as distinct advanced tracks that chain together into a full compromise. Every node explains what it is, why it matters, and what it takes to master.
Tip: click any node for a full checklist of the skills, knowledge and tools it takes to master it — plus an honest note where a skill only comes from original research or paid training · filter by platform or level · Esc closes.
Foundations
The shared trunk — five milestones every mobile security researcher shares before specializing, sequenced by dependency. Each opens a full checklist of the skills, knowledge and tools it takes to master it.
Mobile Platform Fundamentals
How iOS & Android are actually built — before you attack anything.
What it is
How the two mobile platforms are structured: app formats (IPA / Mach-O vs APK / DEX / Smali), the languages they are written in (Swift & Objective-C, Kotlin & Java, plus cross-platform Flutter and React Native), the app sandbox, the permission model, and the OS trust model that decides what code is allowed to run.
Why it matters
You cannot attack or defend what you do not understand. Every later node assumes you know how an app is packaged, how it is isolated from other apps, and how the OS enforces trust. Skipping this is the #1 reason beginners get stuck later.
What it takes to master this — skills, knowledge & tools
Build Your Mobile Hacking Lab
A repeatable environment is the prerequisite for every exercise.
What it is
Standing up a working test environment: a jailbroken iPhone or rooted Android device, or Corellium virtual devices, plus emulators and the core toolchain — ADB, a Frida server, an intercepting proxy, and sideloading tools like TrollStore, ipatool and rootAVD.
Why it matters
Mobile security is hands-on — reading about it is not enough. A reliable, repeatable lab (choosing device vs Corellium, getting root/jailbreak, installing tooling) is the foundation every practical skill is built on.
What it takes to master this — skills, knowledge & tools
Reverse Engineering & Static Analysis
Take apps apart without running them.
What it is
Disassembling and decompiling apps at rest: reading Mach-O and DEX/Smali, decompiling with Ghidra, Hopper and Jadx, unpacking and rebuilding APKs with Apktool, reading ARM64, and recognizing and defeating common obfuscation.
Why it matters
Static reverse engineering surfaces the logic, hardcoded secrets and vulnerable code paths that feed every exploit. It is the backbone skill — dynamic analysis is far more effective once you can read the binary.
What it takes to master this — skills, knowledge & tools
Dynamic Instrumentation with Frida
Hook and rewrite a running app on the fly.
What it is
Instrumenting a live process: tracing and modifying functions, arguments and return values with Frida and Objection, debugging with LLDB, intercepting and decrypting network traffic, and bypassing SSL certificate pinning — including on Flutter apps.
Why it matters
Runtime is where the interesting defenses actually live — root/jailbreak detection, certificate pinning, in-app crypto. Instrumentation lets you observe real behavior and rewrite it live, which is the single most-used skill in day-to-day mobile pentesting.
What it takes to master this — skills, knowledge & tools
ARM64 & Assembly Foundations
The bridge from app testing to kernel exploitation.
What it is
The ARM64 (AArch64) architecture that every modern phone runs on: registers, the calling convention, common instructions, exception levels, and reading compiled code fluently in a disassembler.
Why it matters
This is the crossover point from app-level testing into OS and kernel exploitation. Memory-corruption bugs, ROP chains and kernel R/W primitives all require you to read and reason about ARM64 — so it is where the two tracks meet.
What it takes to master this — skills, knowledge & tools
The app-security track
App-Level Exploitation
Attacking the app itself — storage, IPC, deep links, crypto, network defenses and anti-tampering. No jailbreak-kernel work required to start.
iOS apps
Insecure Local Storage
Keychain, plist files, pasteboard and app snapshots leaking secrets.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Broken Cryptography
Weak or misused crypto in iOS apps and how to automate finding it.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Deep Links, Universal Links & WebViews
Abusing URL schemes, Universal Links and insecure WebView bridges.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Network Interception & Cert Pinning
Intercepting HTTPS, cert transparency, ATS and Flutter traffic.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Jailbreak Detection Bypass
How apps detect jailbreak and how to defeat those checks.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Anti-Reversing, Fraud & Fingerprinting
Device fingerprinting, Frida/proxy/VPN detection and fraud controls.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
App Patching & Entitlements
Binary patching, entitlements and re-signing to alter behavior.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Enhanced Security Mode (iOS)
iOS app hardening — the opt-in Enhanced Security / EMTE memory protections.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Android apps
Insecure Local Storage
SharedPreferences and SQLite databases exposing sensitive data.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Insecure Crypto
Weak cryptography patterns in Android apps.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Exploiting Activities
Unauthorized access, data leakage and intent spoofing via exported components.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Content Providers
Leaky or injectable content providers exposing app data.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Deep Links
Hijacking and abusing Android deep-link handlers.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Cert Pinning & Proxy-Unaware Apps
Bypassing pinning and intercepting apps that ignore the system proxy.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Root Detection Bypass
Manual and automated defeat of multiple root checks.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Modern Root & Hardware Attestation Spoofing
Next-gen root hiding and the arms race against hardware-backed attestation.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Android Advanced Protection Mode
The Android 16 hardening umbrella — and what it changes for attackers.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Passkeys / FIDO2 Mobile Attack Surface
The passwordless attack surface — passkey sync, recovery and cross-device flows.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Biometric Auth Bypass
Attacking insecure biometric authentication implementations.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Play Integrity, VPN & Proxy Detection
How apps attest device integrity and detect tampering.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Native Library Fuzzing
Instrumenting and fuzzing third-party native libraries.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
AI / MCP-Driven Malware Reversing
Using APKTool & Jadx MCP servers to reverse Android malware.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Cross-platform
OWASP MASVS / MASTG Methodology
The industry-standard verification standard and testing guide for mobile apps.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Traffic Interception Fundamentals
Proxies, TLS, and interception architecture across platforms.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Flutter & React Native Testing
Reversing and instrumenting cross-platform frameworks.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Obfuscation & Anti-Debugging
Deobfuscation, string decryption, control-flow flattening and defeating anti-debug / tamper checks.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
API & Backend Security
The server behind the app: endpoint enumeration, auth/JWT flaws, GraphQL, Firebase, cloud auth and business-logic bugs.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Fraud & Abuse Defenses
Real-world fraud flows apps must resist: OTP scams, device-reset attacks, call-detection abuse.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
NFC Relay & ATS Fraud Attacks
Contactless-payment relay malware and automated transfer fraud on Android.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Accessibility Abuse & Overlay Banking Trojans
How modern Android banking trojans weaponize accessibility services and overlays.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
eSIM & eUICC Security
The embedded-SIM attack surface — eUICC internals, test profiles and remote provisioning.
Why it matters
A specialized skill in the app-level track that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
The userland-to-kernel research track
OS Exploitation: Userland & Kernel
Going below the app — both userland exploitation (browser/JIT, zero-click media parsers, IPC and sandbox escapes) and kernel-level exploitation (XNU/Linux internals, mitigations, memory-corruption primitives, jailbreak/root research). Real chains start in userland and pivot into the kernel; this track covers both ends and the bridge between them.
iOS internals
XNU Kernel, Mach Traps & Syscalls
The XNU kernel, Mach traps, MIG calls and the syscall interface.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Kernel Cache, KEXTs & dyld Shared Cache
Extracting and navigating the kernelcache, KEXTs and dyld shared cache.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Mach Messaging & XPC IPC
mach_msg2, task/thread/host ports and XPC as an attack surface.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
iOS Filesystem, Daemons & Data Extraction
The iOS filesystem layout, launchd and daemons, and monitoring/extracting data with fsmon.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Code Signing, Trust Cache & Entitlements
How iOS enforces code integrity and how bypasses work.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Secure Enclave & Data Protection
The Secure Enclave, the key hierarchy and iOS Data Protection classes that guard app secrets.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Sandbox Internals & Profiles
Dumping and analyzing sandbox profiles and hardened profiles.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Userland Memory Corruption & the Renderer→Escape Chain
How a userland bug in a parser or the browser becomes code execution inside a sandboxed process — the first half of every modern chain.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Zero-Click Media Parsers (CoreAudio / CoreMedia)
The interaction-less audio/video parsing surface reachable over iMessage/AirDrop that anchors zero-click chains alongside ImageIO.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Userland PAC Bypass & dyld Abuse
Defeating user-mode Pointer Authentication and abusing the dynamic linker to turn a primitive into arbitrary code execution.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Sandbox Escape via XPC / Mach & GPU Services
Turning code execution in a sandboxed process into a full escape by exploiting privileged XPC/Mach services and the GPU process.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Userland→Kernel Bridge: DarkSword Chain (Case Study)
A real in-the-wild chain that begins with a browser bug and pivots through a sandbox escape into kernel R/W — the canonical userland-to-kernel example.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Mitigations: PAC, PPL, SPTM, MIE
Modern iOS exploit mitigations and the ideas behind bypassing them — including MIE/EMTE, CoreTrust and USB Restricted Mode.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Heap Exploitation Primitives
Heap overflow, UAF, kalloc_type, PGZ and feng-shui on iOS.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
ROP & Exploit Primitives
Building the primitives that turn a bug into control.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Kernel R/W Primitives (PUAF, kfd)
PhysPuppet, multi-level paging PUAF and the kfd project.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Deterministic Kernel Exploitation (Case Study)
The Trigon exploit — turning an XNU integer overflow into a deterministic, mitigation-defeating kernel R/W.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Patch Diffing & Variant Analysis
Diff an iOS update to locate the fixed bug, root-cause it, and hunt for variants — the core vulnerability-discovery skill.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Kernel Panic & Crash-Log Analysis
Reading and symbolicating iOS kernel panic logs to triage crashes toward exploitable bugs.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
WebKit & Browser Exploitation
The WebKit / JavaScriptCore attack surface behind zero-click and 1-click iOS chains.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Image-Parser Zero-Click Vulnerabilities
The system image-parsing attack surface behind modern zero-click chains.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Jailbreak Internals
Dopamine, PPL bypass, codesigning bypass and trust-cache injection.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Case Study: CVE-2023-23536
An end-to-end real-world iOS kernel exploit walkthrough.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
iOS Malware Analysis
Sourcing and analyzing real iOS malware safely.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Zero-Click Chains & Spyware Forensics
Hunting mercenary spyware — from the zero-click delivery chain to on-device forensic triage.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Android internals
AOSP Source Tree & Building From Scratch
Navigating the AOSP tree and compiling AOSP and custom kernels.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Boot Sequence, Boot Images & GKI
Android boot flow, extracting/decrypting boot images and GKI.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Zygote & App Spawning
How Android forks apps from Zygote and why it matters.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Binder IPC Framework
The Binder driver and framework — Android core IPC attack surface.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
PackageManagerService Internals
packages.xml/.list, preferred packages and defaults internals.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Access Control: SELinux, DAC & Capabilities
Android layered access control — SELinux policy plus DAC and Linux capabilities.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Privilege Escalation
task_struct, cred and the mechanics of getting root.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Scudo Allocator & MTE
Scudo chunk headers, checksums and Memory Tagging Extension.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Defeating MTE (Coprocessors & Speculation)
Where Memory Tagging breaks down — untagged coprocessors, speculative tag leaks and async-mode gaps.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Samsung KDP & RKP
Samsung kernel data protection and real-time kernel protection.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
JNI Reversing & Native Fuzzing
RegisterNatives, JNI signatures and runtime JNI hooking, then fuzzing native bindings.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Patch Diffing & Variant Analysis
Diff Android security-bulletin patches to find the bug, root-cause it, and hunt variants.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Kernel Symbolication & Crash Analysis
Symbolicating kernels and reading tombstones, ANRs and stack traces.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Case Study: CVE-2024-0044
Reading sandbox data of apps and privapps via CVE-2024-0044.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Mali GPU Exploitation (CVE-2023-26083)
Mali GPU driver internals and a full PoC exploit walkthrough.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Android Malware Analysis
Sourcing and analyzing real Android malware — unpacking, behaviour and anti-analysis evasion.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
Custom Kernels & Exploit Porting
Compiling custom kernels and porting exploits across devices.
Why it matters
A specialized skill in the OS-exploitation track — spanning both userland and kernel-level work — that builds on the five foundations. The checklist below is what mastering it actually takes.
What it takes to master this — skills, knowledge & tools
A free, open study plan for learning mobile security. Every node points to the skills, tools and standards on the topic — plus, where relevant, the hands-on 8kSec course that goes deeper.
8ksec.io/roadmaps/mobile-security · a free resource for the mobile security community