8kSec.io Android Challenges

61 words

1 minutes

8kSec.io Android Challenges

2025-09-01

My n00b Journey Through Android Security Challenges#

Welcome to my writeup series for the 8kSec.io Android Application Exploitation Challenges. As a n00bie in Android security, I’m documenting my journey through 11 vulnerable Android applications that cover everything from password managers to privacy tools. Each challenge teaches different exploitation techniques including reverse engineering, dynamic analysis, and vulnerability discovery. Will it be easy? :“D

8kSec.io Android Challenges

Challenge 01: FactsDroid

2025-09-08

Bypassing Flutter TLS pinning to intercept and manipulate network traffic in a fact-checking app.

375 words

2 minutes

Challenge 02: AndroPseudoProtect

2025-09-15

Exploiting IPC broadcast vulnerabilities to extract security tokens and bypass file encryption protection.

486 words

2 minutes

Challenge 03: AndroDialer

2025-09-22

Android Deep Link Vulnerability Analysis with hardcoded authentication tokens.

792 words

4 minutes

Challenge 04: DroidCave

2025-09-26

Android Content Provider SQL Injection Vulnerability Analysis with unprotected database access.

797 words

4 minutes

Challenge 05: BorderDroid

2025-10-07

Android Kiosk Mode Bypass: Multiple Attack Vectors Against PIN-Protected Lock Screen with HTTP endpoint exploitation and broadcast receiver vulnerabilities.

1731 words

9 minutes

Challenge 07: DroidView

2025-11-01

Silent Tor bypass and deanonymization in a ‘private’ Android browser via exported AIDL service abuse, dynamic receiver timing, and zero‑click WebView redirection.

1054 words

5 minutes

Challenge 08: DroidWars

2025-11-02

Arbitrary code execution via unsafe dynamic plugin loading from /sdcard using DexClassLoader; PoC shows static initializer RCE and in-app evidence verification.

1099 words

5 minutes

My n00b Journey Through Android Security Challenges