Hassan Mostafa

Bypass #Instagram SSL Certificate Pinning for #iOS cyclon3.com/Bypass-Instagr… #MobileSecurity #iOSsecurity #ReverseEngineering #Hacking #Cybersecurity #InfoSec #Pentest #Bugbountytips #Bugbountytip #Reversetips #Writeup

RASPIRE (@raspire_) is building app security at AI speed. As AI accelerates mobile attacks, their platform protects Android and iOS apps from fraud, reverse engineering, and API abuse with zero code changes. They're already securing apps used by 20M+ people across banking, fintech, and healthcare. Congrats on the launch, @EzV01d & @hsanmost! ycombinator.com/launches/QgY-r…

Today, we're launching SHIELD 2.0. A major update to the RASPIRE XTD platform, with significant improvements across protection, visibility, and response for Android and iOS applications. See what's new in SHIELD 2.0 and how it protects apps in production: raspire.com/blog/introduci… #RASPIRE #SHIELD2 #Cybersecurity #AppSecurity #MobileSecurity

A 5-part complete series of on ARM64 exploitation and reversing by @8kSec Part1: 8ksec.io/arm64-reversin… Part2: 8ksec.io/arm64-reversin… Part3: 8ksec.io/arm64-reversin… Part4: 8ksec.io/arm64-reversin… Part5: 8ksec.io/arm64-reversin… @mobilesecurity_

🚨NEW REPORT: NSO Group’s #Pegasus #Spyware returns in 2022 with a trio of iOS 15 and iOS 16 zero-click exploit chains. The report finds NSO group clients deployed exploits against civil society members including two human right defenders in #Mexico citizenlab.ca/2023/04/nso-gr…

Here are some of the presentations I found the most interesting within the macOS/iOS Kernel Security research space in 2022! 🧵 alexplaskett.github.io/macos-ios-secu…

I'm happy to publish the second part of the series about iOS (de)Obfuscation and RASP protections. romainthomas.fr/post/22-09-ios… In particular, it introduces a new technique to "hook" syscalls on AArch64 based on 'gum_memory_patch_code' from @fridadotre

Here is the first blog post about RASP analysis on iOS and some design weaknesses: romainthomas.fr/post/22-08-sin… Note: This is an **ephemeral** blog post, so feel free to grab a copy here: dl.romainthomas.fr Enjoy!

Excited to publish my writeup of a novel iOS in-the-wild exploit: The curious case of the fake Carrier .app: googleprojectzero.blogspot.com/2022/06/curiou…

How to reverse and exploit iOS binaries, part 2 😈 Read my step-by-step TUTORIAL on exploiting arm64 via: > buffer overflow attack > rop chain I also built another cute binary for u to hacky hack 💕 inversecos.com/2022/06/guide-…

It's not everyday new iOS malware is uncovered 👾📲🍎 In our latest (guest) blog post, Taha Karim (@lordx64), details how attackers are targeting iOS web3 users via malicious profiles & trojanized iOS apps: objective-see.org/blog/blog_0x6F… 😱

I've created an awesome list of iOS application security and penetration testing. I hope this helps people to learn more about #iOSsecurity. Your contributions are always welcome! github.com/Cy-clon3/aweso… #MobileSecurity #Cybersecurity #InfoSec #Bugbountytips #Bugbountytip

We released version 1.2 of the OWASP MSTG! As this is the first release after a while, there are quite a few changes. More details in our release notes: github.com/OWASP/owasp-ms… ✅ Download it ✅ Use it ✅ Give feedback via Github Issues Thank you to all of our supporters!

Stop what you're doing and read this. This leak is going to be the story of the year: (LINK: theguardian.com/world/2021/jul…)

Here is the blog post about the anti-jailbreak, anti-Frida, anti-debug used in PokemonGO (featuring @fridadotre and @LIEF_project). romainthomas.fr/post/21-07-pok…

Apple have fixed three issues reported by Project Zero that were being actively exploited in the wild. CVE-2020-27930 (RCE), CVE-2020-27950 (memory leak), and CVE-2020-27932 (kernel privilege escalation). The security bulletin is available here: support.apple.com/en-us/HT211929

New writeup: "We Hacked Apple for 3 Months: Here’s What We Found" Featuring... @bbuerhaus, @NahamSec, @erbbysam, and @_StaticFlow_ samcurry.net/hacking-apple

Zero-day in Sign in with Apple - bounty $100k bhavukjain.com/blog/2020/05/3…

Return of the iOS sandbox escape: lightspeed's back in the race!! The XNU bug @JohnCool__ described last year was reintroduced and is still exploitable in the last version of iOS, as shown by @unc0verTeam: synacktiv.com/posts/exploit/…

Apple just released the list of CVEs that were patched on iOS 13.5, including an official confirmation that the #MailDemon vulnerabilities were patched. The full list of security issues addressed on iOS 13.5 is available at: support.apple.com/de-de/HT211168

#unc0ver v5.0.0 will be the first 0day jailbreak released since iOS 8! Every other jailbreak released since iOS 9 used 1day exploits that were either patched in the next beta version or the hardware. This will be a big milestone for jailbreaking.