| Lab build + Frida 17 server/gadget | T1635 | CWE-1188 | references/environment-interception.md | - |
| Android 14/15 Conscrypt-APEX CA injection | T1521.001 | CWE-295 | references/environment-interception.md | scripts/android_ca_inject.sh |
| SSL/cert-pinning bypass (Java TM/OkHttp/native) | T1521.001 | CWE-295 | references/environment-interception.md | scripts/universal_unpin.js |
| Root detection bypass (RootBeer/native stat) | T1633.001 | CWE-693 | references/environment-interception.md | scripts/universal_unpin.js |
| Exported activity/service/receiver abuse | T1626.001 | CWE-926 | references/android-component-attacks.md | scripts/manifest_attack_surface.py |
| Content-provider SQLi / path traversal (CVE-2025-48609) | T1409 | CWE-22, CWE-89 | references/android-component-attacks.md | scripts/component_fuzz.sh |
| Task hijacking / StrandHogg / TapTrap (USENIX '25) | T1517 | CWE-1021 | references/android-component-attacks.md | scripts/manifest_attack_surface.py |
| Deep-link / intent-redirect / scheme hijack | T1635, T1577 | CWE-939 | references/webview-deeplink-exploitation.md | scripts/component_fuzz.sh |
| WebView JS-interface RCE + file:// theft | T1577 | CWE-749 | references/webview-deeplink-exploitation.md | scripts/component_fuzz.sh |
| OAuth custom-scheme callback interception | T1635 | CWE-940 | references/webview-deeplink-exploitation.md | - |
| Insecure storage (SharedPrefs/SQLite/external) | T1409 | CWE-312 | references/insecure-storage-crypto.md | scripts/manifest_attack_surface.py |
| Keystore/Keychain misuse + dumping | T1634 | CWE-522 | references/insecure-storage-crypto.md | scripts/ios_bypass_suite.js |
| Biometric bypass (BiometricPrompt/LAContext) | T1634 | CWE-287 | references/insecure-storage-crypto.md | scripts/ios_bypass_suite.js |
| iOS jailbreak + JB-detection bypass | T1635 | CWE-693 | references/ios-offensive.md | scripts/ios_bypass_suite.js |
| IPA decrypt / class-dump / URL-scheme abuse | T1409, T1635 | CWE-200 | references/ios-offensive.md | scripts/ios_bypass_suite.js |
| Flutter RE / reFlutter pinning bypass | T1521.001 | CWE-295 | references/crossplatform-re-instrumentation.md | scripts/hermes_triage.py |
| React Native Hermes bytecode decompile | T1640 | CWE-656 | references/crossplatform-re-instrumentation.md | scripts/hermes_triage.py |