Alena Skliarova

Protecting Android Application Resources with Runtime Resource Overlay

Wed, 19 Nov 2025 00:00:00 +0000

In this talk, I explore Runtime Resource Overlay (RRO), an often overlooked yet powerful mechanism in the Android operating system that allows applications to dynamically modify their own resources — as well as those of other apps — at runtime without recompilation. I analyze the significant potential RRO holds for safeguarding application resources, such as storing data in an encrypted form and decrypting it on the fly. This dynamic resource substitution drastically complicates reverse engineering efforts, making mobile apps far more resilient to analysis.

SAST for the beginners. Open-source vulnerability detection tools for C/C++

Thu, 01 Dec 2022 00:00:00 +0000

A beginner-friendly overview of open-source Static Application Security Testing (SAST) tools for identifying vulnerabilities and enhancing code quality in C/C++ projects

Symbolic execution in Ghidra with angr

Thu, 01 Oct 2020 00:00:00 +0000

An overview of AngryGhidra, a Ghidra plugin that bridges the GUI with Angr symbolic execution engine to automate binary analysis and crackme solving without writing a single line of code

Decompilation eBPF in Ghidra

Wed, 25 Sep 2019 00:00:00 +0000

A practical guide to implementing eBPF processor support in Ghidra using Sleigh, enabling reverse engineers to disassemble and decompile eBPF bytecode

Pwned on the Road: How Car-UI-Lib Vulnerability Put Android Automotive Users at Risk

Fri, 21 Nov 2025 00:00:00 +0000

Your in-car screen is meant to show the truth — but what if it doesn’t?

This talk explores a vulnerability in car-ui-lib that affects Android Automotive system apps, specifically impacting users with rotary controllers. The vulnerability allows attackers to manipulate content on the car’s infotainment system.

A Life-Threatening Bug: A Vulnerability in Android OS That Cuts Off Users in Critical Situations

Thu, 21 Aug 2025 00:00:00 +0000

This talk analyzes weaknesses in the Android permission model and uncovers flaws in the global restriction policy that can disrupt vital system features like emergency calls. It dives deep under the hood of the operating system to demonstrate this vulnerability in action.

Resource Overlay Attacks on Android Applications

Wed, 23 Jul 2025 00:00:00 +0000

This talk explores how attackers exploit the Android Runtime Resource Overlay (RRO) mechanism to dynamically alter application resources. By overriding resources at runtime, malicious actors can change an app’s appearance and behavior on the fly, manipulating the user experience to trick users into unintended actions.

The session also analyzes the specific security risks for app developers and highlights effective mitigation strategies to defend against these attacks.

From idea to CVE: How to Find Vulnerabilities in Android

Thu, 10 Apr 2025 00:00:00 +0000

In this talk, I break down how to discover security vulnerabilities in the Android operating system and provide practical recommendations on where to start, how to choose a target, and which methods and tools to use. I share key insights into what to focus on during the research process and cover the essential components required to craft a high-quality technical report.

Additionally, I walk through the entire lifecycle of a vulnerability — from its initial discovery to CVE assignment and final publication in the Android Security Bulletin. I also share the technical details of several patched vulnerabilities that I personally uncovered in Android OS, making this session ideal for anyone interested in Android security and looking to dive into mobile bug hunting.

My Journey in Google Bug Bounty

Wed, 13 Nov 2024 00:00:00 +0000

This talk offers a candid reflection on a personal bug bounty journey, recapping both successful high-severity reports and instructive failures. It analyzes common mistakes made by bug hunters and provides a firsthand look into how the Android Vulnerability Reward Program works.

Discovered CVEs in Android OS

Mon, 01 Jan 0001 00:00:00 +0000

2026

Android Security Bulletin	CVE ID
March	CVE-2025-48644 CVE-2026-0015

2025

Android Security Bulletin	CVE ID
December	CVE-2025-48589 CVE-2025-48590 CVE-2025-48607
September	CVE-2025-48537 CVE-2025-48552 CVE-2025-48559
June	CVE-2025-26463 CVE-2025-26449
May	CVE-2025-26423 CVE-2025-26429
April	CVE-2025-22431

2024

Android Security Bulletin	CVE ID
November	CVE-2024-43083
October	CVE-2024-40674
April	CVE-2024-0026 CVE-2024-0027 CVE-2024-23712 CVE-2024-23713

2023

Android Security Bulletin	CVE ID
October	CVE-2023-21252 CVE-2023-21348 CVE-2023-21350
July	CVE-2023-21240 CVE-2023-21243
June	CVE-2023-21143

My projects on GitHub

Mon, 01 Jan 0001 00:00:00 +0000

Ghidra

Contributions to Ghidra, the NSA’s reverse engineering framework

AngryGhidra

Use Angr from Ghidra for symbolic execution

GhidraEmu

A native Pcode emulator for Ghidra

eBPF-for-Ghidra

eBPF processor module for Ghidra
(merged upstream in May 2023)