Stavro Xhardha
@apksherlock.bsky.social
Android developer by day, pentester by night.
Good morning to you all
May 10, 2025 at 7:15 AM
Good morning to you all
Before all this vibe coding noise, a vibe coder was called a code monkey.
April 16, 2025 at 6:59 PM
Before all this vibe coding noise, a vibe coder was called a code monkey.
Testing components in isolation has never actually been my favorite part, whether while developing software or when conducting a penetration test. Read more at
blog.apksherlock.com/easy-dynamic...
blog.apksherlock.com/easy-dynamic...
Easy Dynamic Analysis for Android with Drozer
Drozer is one of the first tools I reach for once an .apk qualifies as the system under test. At its core, it’s just ADB commands, Package Manager queries,
blog.apksherlock.com
April 10, 2025 at 7:39 PM
Testing components in isolation has never actually been my favorite part, whether while developing software or when conducting a penetration test. Read more at
blog.apksherlock.com/easy-dynamic...
blog.apksherlock.com/easy-dynamic...
I was trying to trick an API to give me premium features and this is what the server gave me back.
March 23, 2025 at 9:38 PM
I was trying to trick an API to give me premium features and this is what the server gave me back.
Let's hack a mobile game in Android: The famous 2048. Read more here:
#hacking #mobile #android
blog.apksherlock.com/lets-hack-a-...
#hacking #mobile #android
blog.apksherlock.com/lets-hack-a-...
Let's hack a Mobile Game
Games are probably the number one reason why I became a programmer. Although I have never worked in a game company before, the most intriguing part for me was finding a way to win easily, as I was way too lazy to discipline myself to become a real to...
blog.apksherlock.com
March 16, 2025 at 10:22 PM
Let's hack a mobile game in Android: The famous 2048. Read more here:
#hacking #mobile #android
blog.apksherlock.com/lets-hack-a-...
#hacking #mobile #android
blog.apksherlock.com/lets-hack-a-...
Reposted by Stavro Xhardha
Games don't know how to end anymore nowadays. Devs want you to keep playing them forever. You know how games used to end when I was a kid? We did everything there was to do, there was a climactic last level, and then the credits rolled, and it was just done. And then we did it all again but as Luigi
March 10, 2025 at 4:40 PM
Games don't know how to end anymore nowadays. Devs want you to keep playing them forever. You know how games used to end when I was a kid? We did everything there was to do, there was a climactic last level, and then the credits rolled, and it was just done. And then we did it all again but as Luigi
I released a new blog post today:
The Sneaky Middleman: When Activities Become Your Backdoor to Providers
The Sneaky Middleman: When Activities Become Your Backdoor to Providers
#android #cybersecurity
blog.apksherlock.com/the-sneaky-m...
The Sneaky Middleman: When Activities Become Your Backdoor to Providers
The Sneaky Middleman: When Activities Become Your Backdoor to Providers
#android #cybersecurity
blog.apksherlock.com/the-sneaky-m...
The Sneaky Middleman: When Activities Become Backdoors to Providers
It is not uncommon for content providers to be unexported in inter-process communication (IPC), as the data they manage is often intended to remain internal
blog.apksherlock.com
February 2, 2025 at 6:26 PM
I released a new blog post today:
The Sneaky Middleman: When Activities Become Your Backdoor to Providers
The Sneaky Middleman: When Activities Become Your Backdoor to Providers
#android #cybersecurity
blog.apksherlock.com/the-sneaky-m...
The Sneaky Middleman: When Activities Become Your Backdoor to Providers
The Sneaky Middleman: When Activities Become Your Backdoor to Providers
#android #cybersecurity
blog.apksherlock.com/the-sneaky-m...
Reposted by Stavro Xhardha
There he is
The Setup Wizard
The Setup Wizard
January 24, 2025 at 7:32 AM
There he is
The Setup Wizard
The Setup Wizard
Fun fact: Some Apk decompilers recognise the qualified `this` expressions in Kotlin as leaked email addresses.
January 20, 2025 at 8:46 PM
Fun fact: Some Apk decompilers recognise the qualified `this` expressions in Kotlin as leaked email addresses.
Reverse engineering Android apps built with React Native. Read my latest blog post.
#mobilesecurity
apksherlock.com/2024/12/22/r...
#mobilesecurity
apksherlock.com/2024/12/22/r...
Reverse Engineering React Native Apps
Cross-platform frameworks are becoming increasingly popular. For mobile apps that do not require extensive interaction with hardware and primarily focus on accessing data sources or interacting wit…
apksherlock.com
December 23, 2024 at 2:50 PM
Reverse engineering Android apps built with React Native. Read my latest blog post.
#mobilesecurity
apksherlock.com/2024/12/22/r...
#mobilesecurity
apksherlock.com/2024/12/22/r...
My whole childhood in one single picture. It was just fun. You would just buy the game and just play it with all the features included.
Now you have to:
Buy the game.
Buy features.
Buy skins.
Buy themes.
Buy levels.
All these in subscriptions.
Now you have to:
Buy the game.
Buy features.
Buy skins.
Buy themes.
Buy levels.
All these in subscriptions.
December 9, 2024 at 8:07 AM
My whole childhood in one single picture. It was just fun. You would just buy the game and just play it with all the features included.
Now you have to:
Buy the game.
Buy features.
Buy skins.
Buy themes.
Buy levels.
All these in subscriptions.
Now you have to:
Buy the game.
Buy features.
Buy skins.
Buy themes.
Buy levels.
All these in subscriptions.
I released a new article: #Android apps as reconnaissance tools.
You can read it here:
apksherlock.com/2024/11/29/a...
You can read it here:
apksherlock.com/2024/11/29/a...
Android apps as reconnaissance tools.
When targeting[1] a web surface—whether it’s a web application or a web server API—gathering intelligence and information is a crucial step before constructing payloads for any identified vulnerabi…
apksherlock.com
November 30, 2024 at 7:34 AM
I released a new article: #Android apps as reconnaissance tools.
You can read it here:
apksherlock.com/2024/11/29/a...
You can read it here:
apksherlock.com/2024/11/29/a...
Like he messed up Twitter. Sure
November 24, 2024 at 7:44 PM
Like he messed up Twitter. Sure
It's 1995 and Angela (played by Sandra Bullock) is freaking out because of a software company pretending to sell antiviruses to the Wall Street business. They know everything about her: Past relationships, parents origins, her birthday, her address and even what she used to smoke.
Welcome to 2024.
Welcome to 2024.
November 24, 2024 at 6:35 PM
It's 1995 and Angela (played by Sandra Bullock) is freaking out because of a software company pretending to sell antiviruses to the Wall Street business. They know everything about her: Past relationships, parents origins, her birthday, her address and even what she used to smoke.
Welcome to 2024.
Welcome to 2024.
Hi everyone. New at Bluesky.
Looking forward to connecting with software engineers, security researchers and pentesters, especially in the field of Android and Automotive.
#cybersecurity
#software_engineering
#android
Looking forward to connecting with software engineers, security researchers and pentesters, especially in the field of Android and Automotive.
#cybersecurity
#software_engineering
#android
November 21, 2024 at 6:42 PM
Hi everyone. New at Bluesky.
Looking forward to connecting with software engineers, security researchers and pentesters, especially in the field of Android and Automotive.
#cybersecurity
#software_engineering
#android
Looking forward to connecting with software engineers, security researchers and pentesters, especially in the field of Android and Automotive.
#cybersecurity
#software_engineering
#android