Method
Security Research 2026: Android, Linux, ESP32, OffSec
A living collection of security research notes covering Android internals, Linux kernel hardening, ESP32 firmware analysis, and offensive security techniques.
Research areas
This document captures ongoing security research across four domains. Each section links to the relevant tools, PoCs, and writeups.
Android internals
Current focus areas:
- eBPF-based root detection — how Google’s kernel-level detection works and methods for bypassing it (see the Android Root tutorial)
- KernelSU internals — kernel patching without modifying system partitions
- Frida gadget injection — hooking non-debuggable apps via LD_PRELOAD
Key repo: android-reverse-engineering
Linux kernel hardening
Research into CIS benchmarks and kernel parameter hardening:
kernel.kptr_restrict=2— hide kernel pointerskernel.dmesg_restrict=1— restrict dmesgnet.core.bpf_jit_enable=0— disable BPF JITkernel.unprivileged_bpf_disabled=1— restrict BPF to root
Key repo: linux-hardening
ESP32 firmware security
The ESP32 ecosystem has unique attack surfaces:
- OTA update interception — capturing and modifying over-the-air firmware updates
- Flash encryption bypass — side-channel attacks on ESP32 flash encryption
- Bluetooth Low Energy sniffing — passive BLE packet capture with the ESP32’s built-in radio
Key repo: awesome-esp32-security
Offensive security methodology
Tools and techniques in active use:
- AI-assisted recon — using local LLMs to parse scan data and prioritize targets (see the AI Pentesting Pipeline method)
- Chain-based reporting — structuring findings as attack chains rather than isolated CVEs (see the Red Team Methodology)
- Automated PoC generation — template-based exploit scaffolding
Repositories
| Repo | Focus | Stars |
|---|---|---|
| security-research | Central research log | ★1 |
| cve-pocs | CVE proof-of-concepts | ★1 |
| pypentest-ai | AI-powered pentesting | ★0 |