mhl, Author at Mobile Hacking Course

Tutorials and exploits for Android and iOS security professionals.

Mobile Pentesting

DarkSword: Inside the Six-Vulnerability iOS Exploit Kit Used by State-Sponsored Hackers

In March 2026, researchers at iVerify — Matthias Frielingsdorf and Mateusz Krzywicki — published their analysis of a…

Read →: DarkSword: Inside the Six-Vulnerability iOS Exploit Kit Used by State-Sponsored Hackers
Mobile Pentesting

Protected: Android Broadcast Receiver Security: Exploiting and Protecting Exported Receivers

There is no excerpt because this is a protected post.

Read →: Protected: Android Broadcast Receiver Security: Exploiting and Protecting Exported Receivers
CVE Analysis

CVE-2026-0047: Missing Permission Check in ActivityManagerService Enables Local Privilege Escalation

Deep technical analysis of CVE-2026-0047 — a missing permission check in Android ActivityManagerService that enables local privilege escalation…

Read →: CVE-2026-0047: Missing Permission Check in ActivityManagerService Enables Local Privilege Escalation
Exploit Development

Flutter App Penetration Testing: Bypass SSL and Find Vulnerabilities in Dart Apps

Flutter apps bypass standard Android proxy tools. Learn to intercept traffic with reFlutter, hook the Dart runtime with…

Read →: Flutter App Penetration Testing: Bypass SSL and Find Vulnerabilities in Dart Apps
Exploit Development

ADB (Android Debug Bridge): The Complete Security Researcher Reference

Every ADB command that matters for Android penetration testing — APK extraction, data forensics, component exploitation, log analysis,…

Read →: ADB (Android Debug Bridge): The Complete Security Researcher Reference
Exploit Development

Jadx and Apktool: Complete Android Reverse Engineering Guide 2026

Complete reverse engineering workflow using jadx for Java decompilation and Apktool for Smali patching — from APK to…

Read →: Jadx and Apktool: Complete Android Reverse Engineering Guide 2026
Exploit Development

Frida Advanced Techniques: Runtime Hooking, Crypto Extraction, and Anti-Detection Bypass

Go beyond the basics: extract cryptographic keys from live apps, hook native libraries, and bypass Frida detection mechanisms…

Read →: Frida Advanced Techniques: Runtime Hooking, Crypto Extraction, and Anti-Detection Bypass
Exploit Development

Complete Android Penetration Testing Checklist for 2026

A comprehensive, phase-by-phase Android pentest checklist covering static analysis, dynamic testing, business logic flaws, and the full OWASP…

Read →: Complete Android Penetration Testing Checklist for 2026
Exploit Development

Android Keystore and Cryptography: Finding and Exploiting Weak Implementations

A practical guide to identifying broken cryptography in Android apps — ECB mode, static IVs, hardcoded keys, and…

Read →: Android Keystore and Cryptography: Finding and Exploiting Weak Implementations
Exploit Development

Android Intent Security: Exploiting Exported Components and Deep Links

Learn how to find and exploit exported Activities, Content Providers, and deep link hijacking vulnerabilities in Android apps.…

Read →: Android Intent Security: Exploiting Exported Components and Deep Links