Advanced Android Hacking course

Road To Pwn2own

In this course, Ken Gannon, a multi-year Pwn2Own winner and a Pwnie award winner, shows how competitors approach the challenge of Pwn2Own.

On 22 October 2025, Ken secured another Pwn2Own win, marking his second year in a row successfully owning Samsung’s flagship, the Galaxy 25.

Write your awesome label here.
In this course you'll see the mindset, techniques, and strategies behind turning small flaws into full mobile device compromises.

You will then practice those exact steps on interactive mobile devices and specially created labs that recreates the longest Pwn2Own bug chain.
Write your awesome label here.


Learn hands-on techniques to find and exploit and chain multiple vulnerabilities in Android Applications to fully compromise devices.

Empty space, drag to resize

Key Takeaways

Exploit Chaining
Learn how to find logic bugs that can compromise a device
Exploitation
Build Remote Exploits by chaining multiple vulnerabilities
Device Compromise
Learn to compromise devices remotely
Empty space, drag to resize

Whats Included

Unlimited Exam
Unlimited Exam Attempts
Mentorship 
1:1 Video Call Sessions
Life-Time Access
Lifetime course material access, including updates
Device Access  
Mobile Devices access 
Cloud Devices
Cloud Devices and Offline VM's
Learn to use AI
Leverage Djini AI to find Bugs

Pwn2Own Success Stories

Competing in Pwn2Own has its challenges. It has its ups and downs, as well as its successes and failures.

Ken's first step into his Pwn2Own journey was learning about the bugs taught in this course. Now, he is hoping that by teaching you about these bugs, you will also be inspired to take your first steps into the fun, and brutal, world of Pwn2Own!
Write your awesome label here.

Created by

Ken Gannon

Head of Vulnerability Research - Mobile Hacking Lab
I’m a security researcher with over a decade of experience, specializing in mobile application security. Throughout my career, I’ve uncovered critical vulnerabilities and contributed to advancing mobile security research. Some highlights include:

Published several CVEs in mobile applications
Recognized as a Top 10 bug bounty contributor in the Samsung Bug Bounty program (2021)
Successfully hacked the Xiaomi 13 Pro at Pwn2Own 2023
Successfully hacked the Samsung S24 at Pwn2Own 2024
Successfully hacked the Samsung S25 at Pwn2Own 2025 (NEW)

I bring this real-world experience into my courses, turning complex mobile exploitation techniques into hands-on, practical learning for security professionals.

Chained bugs

complex Exploit chains

Videos

Course Lessons

In 2017, MWR InfoSecurity successfully hacked the Samsung Galaxy S8. The exploit chain linked 8 bugs and 3 Android OS features, combining 11 different links! This chain currently holds the record for the most amount of bugs used in a single exploit chain for Pwn2Own!

First, you will learn the bugs used for "Phase 1" of the exploit chain, which lead to the ability to write arbitrary files to the Android file system. This took advantage of a Path Traversal vulnerability in one of the vulnerable applications.

Second, you will learn the bugs used for "Phase 2" of the exploit chain, which could force the device to install arbitrary applications, as well as force reboot the device.

Finally, you will learn how both phases were combined together, which resulted in compromising the device all through a single click in the user's browser. Additionally, you will learn about how it was possible to easily exfiltrate sensitive data, such as your pictures, to an attacker controlled server using this bug chain.

During this course, you will learn the code behind each bug, as well as being guided through reverse engineering each bug. After that, you will learn to exploit each bug in our lab environment.

By the end of the course, you will be actively programming your own version of the bug chain, which will compromise our test device, replicating the experience of competing in Pwn2Own!

Free course sample

Write your awesome label here.
Guaranteed Security using one of the most advanced encrypted systems on the market.
The information in this page is being processed and encrypted securely using industry-leading encryption and fraud prevention tools.