This project is a technical resource and set of utilities designed to assist in unlocking the bootloader on Xiaomi devices. It provides a combination of guides, account qualification tools, and exam simulators to help users obtain the necessary permissions for device modification. The toolkit includes an interactive bootloader unlock exam simulator and a comprehensive database of correct responses and historical answer archives. These resources are used to study for and pass the official qualification tests required for unlocking. The project also provides utilities to detect account restric
how2heap is an educational resource and technical testbed for learning heap-based vulnerabilities and memory allocator internals. It provides a collection of source code examples and binaries that serve as a laboratory for studying memory corruption techniques specifically targeting the glibc malloc implementation. The project focuses on the development of exploit primitives, such as tcache poisoning and double frees, to redirect program execution. It includes a suite of implementations for bypassing memory protections and manipulating heap metadata to achieve arbitrary memory writes. The fr
This project is a collection of malware analysis reports and decompiled code focused on a backdoor embedded within an Android application. It serves as a study of Android APK malware, documenting the specific code patterns used for unauthorized data access and system security bypasses. The research focuses on dynamic bytecode loading and the execution of remote files to implement persistence. It specifically analyzes mechanisms for downloading and running remote Dalvik Executable files to change application behavior without updating the installed package. The analysis covers several security
Exphub is a CVE exploit script library and enterprise software vulnerability suite designed to verify and exploit known security flaws in server environments such as WebLogic, Struts2, Tomcat, and JBoss. It functions as a remote code execution toolkit and a web shell deployment framework for triggering unauthorized command execution and establishing persistent access on remote systems. The project includes specialized utilities for internal network reconnaissance, specifically using server-side request forgery to scan for open ports and services. It further provides mechanisms for bypassing a