- Android Pentesting Lab Setup – Android Studio
- iOS SSL Pinning Bypass using Frida
- SSL Pinning Bypass Using Frida and Objection
- How to Jailbreak iOS 15 & Setup for Pentesting
- Evernote: Universal-XSS, theft of all cookies from all sites, and more
- Interception of Android implicit intents
- TikTok: three persistent arbitrary code executions and one theft of arbitrary files
- Persistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC - CVE-2020-8913
- Android: Access to app protected components
- Android: arbitrary code execution via third-party package contexts
- An Android Hacking Primer
- Secure an Android Device
- Security tips
- OWASP Mobile Security Testing Guide
- Security Testing for Android Cross Platform Application
- Dive deep into Android Application Security
- Pentesting Android Apps Using Frida
- Mobile Security Testing Guide
- Mobile Application Penetration Testing Cheat Sheet
- Android Applications Reversing 101
- Android Security Guidelines
- Android WebView Vulnerabilities
- OWASP Mobile Top 10
- Practical Android Phone Forensics
- Mobile Reverse Engineering Unleashed
- Android Root Detection Bypass Using Objection and Frida Scripts
- quark-engine - An Obfuscation-Neglect Android Malware Scoring System
- Root Detection Bypass By Manual Code Manipulation.
- Application and Network Usage in Android
- GEOST BOTNET - the discovery story of a new Android banking trojan
- Mobile Pentesting With Frida
- Magisk Systemless Root - Detection and Remediation
- AndrODet: An adaptive Android obfuscation detector
- Hands On Mobile API Security
- Zero to Hero - Mobile Application Testing - Android Platform
- How to use FRIDA to bruteforce Secure Startup with FDE-encryption on a Samsung G935F running Android 8
- Android Malware Adventures
- DIVA (Damn insecure and vulnerable App)
- SecurityShepherd
- Damn Vulnerable Hybrid Mobile App (DVHMA)
- OWASP-mstg
- VulnerableAndroidAppOracle
- Android InsecureBankv2
- Purposefully Insecure and Vulnerable Android Application (PIIVA)
- Sieve app
- DodoVulnerableBank
- Digitalbank
- OWASP GoatDroid
- AppKnox Vulnerable Application
- Vulnerable Android Application
- MoshZuk
- Hackme Bank
- Android Security Labs
- Android-InsecureBankv2
- Android-security
- VulnDroid
- Android-Reports-and-Resources
- android-security-awesome
- Android Penetration Testing Courses
- Lesser-known Tools for Android Application PenTesting
- android-device-check - a set of scripts to check Android device security configuration
- apk-mitm - a CLI application that prepares Android APK files for HTTPS inspection
- Andriller - is software utility with a collection of forensic tools for smartphones
- Dexofuzzy: Android malware similarity clustering method using opcode sequence-Paper
- Chasing the Joker
- Side Channel Attacks in 4G and 5G Cellular Networks-Slides
- Shodan.io-mobile-app for Android
- iOS Security
- Basic iOS Apps Security Testing lab
- IOS Application security – Setting up a mobile pentesting platform
- Collection of the most common vulnerabilities found in iOS applications
- IOS_Application_Security_Testing_Cheat_Sheet
- OWASP iOS Basic Security Testing
- Dynamic analysis of iOS apps w/o Jailbreak
- iOS Application Injection
- Low-Hanging Apples: Hunting Credentials and Secrets in iOS Apps
- Checkra1n Era - series
- BFU Extraction: Forensic Analysis of Locked and Disabled iPhones
- HowTo-decrypt-Signal.sqlite-for-IOS
- Can I Jailbreak?
- How to Extract Screen Time Passcodes and Voice Memos from iCloud
- Reverse Engineering Swift Apps
- Mettle your iOS with FRIDA
- A run-time approach for pentesting iOS applications
- iOS Internals vol 2
- Understanding usbmux and the iOS lockdown service
- A Deep Dive into iOS Code Signing
- AirDoS: remotely render any nearby iPhone or iPad unusable
- How to access and traverse a #checkra1n jailbroken iPhone File system using SSH