AWAKE
Android Wiki of Attacks, Knowledge & Exploits
How malware works, how attacks exploit the platform, how protections are broken. Built for analysts, reversers, pentesters, and threat intelligence researchers. Everything is offense-first.
Attack Techniques
How Android malware actually works. Techniques organized by attack surface with a kill chain and combination matrix.
Malware Families
Individual family write-ups covering capabilities, C2, campaigns, and code lineage. Searchable timeline from 2010 to present.
Packers & Protectors
Every major Android packer: how to identify it, how it protects, and how to unpack it. Comparison matrix and decision tree.
Reversing
Static analysis, dynamic analysis, hooking, patching, and network interception. Framework-specific workflows for Flutter, React Native, Unity, and more.
Permissions
Android permissions documented from an abuse perspective. What each unlocks, how malware uses it, and how they escalate.
Platform Security
Android security mechanisms from the offense side. Sandbox, SELinux, verified boot, keystore, Play Integrity -- what they protect and where they fail.
Grayware
The gray area between legitimate software and malware. Data brokers, ad fraud, stalkerware, predatory lending, and commercial surveillance.
Industry
The mobile security landscape. AV vendors, MDM providers, app security companies, and threat intelligence firms.
Where to Start
Malware Analyst
Start with the family catalog. The timeline gives historical context, and naming conventions helps map between vendor detection names. When a sample is packed, use the packer decision tree.
Reverse Engineer
Start with packer identification. For runtime work, hooking and patching cover the major approaches. The frameworks section documents each development framework's analysis workflow.
Pentester
Start with attack techniques -- organized by attack surface with a combination matrix. The permissions section documents what each permission unlocks and how escalation works in practice.
Threat Intelligence
Start with threat actors for MaaS operator attribution. The timeline tracks evolution from 2010 to present. Grayware covers the ecosystem between monetization and malware.