8kSec

🚨Our newest blog on Android SELinux Internals Part II is out! Read it here: 8ksec.io/android-selinu… In this one, we take a look at SELinux domains, AVC denial parsing, and policy modification with Magisk, KernelSU & APatch for exploit testing on Android. It covers everything from seapp_contexts to building persistent Magisk modules for security research. #MobileSecurity #AndroidSecurity #InfoSec

Kernel patch diffing, pulling kernelcaches from IPSWs, decompiling KEXTs, and reading bug-fix diffs to understand iOS internals is a workflow we teach end-to-end in our Offensive iOS Internals course. Check out the syllabus here academy.8ksec.io/course/offensi…

Patch-diffing CVE-2024-23265 in the AppleDiskImages2 KEXT, the entire iOS kernel fix is one added equality check: 8ksec.io/patch-diffing-… The methodology covers every function in the KEXT. ipsw pulls kernelcaches from iOS 17.3.1 and 17.4, ipsw's symbolicator names the functions, a Ghidra script dumps every decompiled function, and Meld diffs the pair. One function comes back changed. Before: it returned -1 as if it were a valid pointer. After: one added clause if (lVar4 != 0 && lVar4 != -1). Reachable from userland via IOUserClient::externalMethod. Follow @8kSec for more such iOS kernel research.

Uninitialized memory bugs – stack reuse, freed-but-stale heap, info leaks that turn into pointer leaks – are bread-and-butter primitives for mobile platform exploitation. Our Offensive Mobile Reversing and Exploitation course covers buffer overflows, ROP, PAC bypasses, and kernel-level exploitation across iOS and Android. Includes OMSE certification: academy.8ksec.io/course/offensi…

Exploiting an uninitialized stack variable on ARM64: 8ksec.io/arm64-reversin… Function one() writes locals and returns. The bytes remain. Function two() allocates the same frame and reads uninitialized locals, recovering previous values. If the data is a pointer or size field, this becomes a primitive for leaking or influencing memory. Follow @8kSec for more practical security content

Move past app layer security. This training explores mobile systems down to the kernel 🔥 5 days left to get the early bird rate 📍 @BlackHatEvents USA 2026 | Aug 1-4, Las Vegas | Offensive Mobile Reversing and Exploitation for iOS and Android by @8kSec What's covered across 4 days: - iOS 26 internals: SPTM, TXM, PAC, PAN, PPL, MTE - Android kernel: RKP, SELinux, Binder IPC, boot image analysis - ARM64 static + dynamic analysis: Ghidra, Hopper, IDA Pro, Frida - Real malware: crypto wallet stealers, accessibility malwares, fresh 2026 samples - AI + MCP servers for reversing and forensic analysis - Exploit dev: UaF, heap overflow, anti-debugging bypass - Audit iOS and Android apps for security vulnerabilities Includes Corellium access and the OMSE certification. → #black-hat-2026-edition-of-offensive-mobile-reversing-and-exploitation-for-ios-and-android-50461" target="_blank" rel="nofollow noopener">blackhat.com/us-26/training… #BHUSA

@Mindlaess_ @ShielderSec Congratulations Mattia! We are glad you liked the course. Looking forward to all the cool things you’ll do with the knowledge.

Well that was a ride! Happy to share that I've been awarded with the OMSE certificate after successfully completing the "Offensive Mobile Security Expert" course and exam by @8kSec . Thanks to @ShielderSec for this training opportunity and to @8kSec for their top-notch content!

Move past app layer security and learn more interesting content like this in our course that covers iOS and Android Internals at academy.8ksec.io/course/offensi…

🚨Our newest blog on Android SELinux Internals Part II is out! Read it here: 8ksec.io/android-selinu… In this one, we take a look at SELinux domains, AVC denial parsing, and policy modification with Magisk, KernelSU & APatch for exploit testing on Android. It covers everything from seapp_contexts to building persistent Magisk modules for security research. #MobileSecurity #AndroidSecurity #InfoSec

Writing your own shellcode is the kind of hands-on primitive that builds real intuition for ARM64 exploitation. Try it yourself in our free ARM Exploitation Challenges – stack smashing, heap corruption, ROP chains, and shellcode construction on ARM64: academy.8ksec.io/course/arm-exp…

Writing an ARM64 bind shell that chains six syscalls without a single null byte: 8ksec.io/arm64-reversin… x0 is shared on ARM64, it's the syscall return register and the first-argument register. The socket fd can't stay in x0 across six calls, so it parks in x4 and reloads when needed. Then the null-byte constraint kicks in. LDR pulls from the literal pool, MOV #0 encodes zero, SVC 0 introduces a null byte in the immediate. Fixes: ADR, MOV xzr, SVC #0x1337. 144 bytes, same chain, no zeros. Check out the series at 8ksec.io/arm-64-reversi…

Take AI security further in our Practical AI Security course. Attacks, defenses, and applications across LLMs and AI agents: academy.8ksec.io/course/practic…

We’ve reviewed hundreds of submissions for 8kSec Battlegrounds. But we haven’t reviewed yours yet 🧐 8kSec Battlegrounds offers free mobile and AI security labs designed to challenge your skills across different difficulty levels. ‣ Hands-on scenarios. ‣ Progressive challenges. ‣ Certificate upon successful completion. Ready to test your skills? 8ksec.io/battle/ Keep learning with @8kSec. Follow us for more security resources!

Practice iOS app exploitation hands-on in our Practical Mobile Application Exploitation course. Full iOS and Android app attack curriculum: academy.8ksec.io/course/practic…

iOS Deep Link Attacks: In this blog, we explore techniques to identify and exploit iOS deep link vulnerabilities, including phishing, insufficient URL validation, HTML injection, and CSRF- 8ksec.io/ios-deeplink-a… Follow @8kSec for more hands-on security content

Build exploits yourself in our free ARM Exploitation Challenges. Stack smashing, heap corruption, ROP chains on ARM64: academy.8ksec.io/course/arm-exp…

Bypass NX on ARM64 and execute your shellcode using mprotect(). Check out the full blog here: 8ksec.io/arm64-reversin… Follow @8kSec for more practical security content

URL scheme exploitation is one of the topics we cover in our Offensive iOS Internals course. 6 modules from iOS architecture and kernel internals through Frida instrumentation and vulnerability research: academy.8ksec.io/course/offensi…

This blog covers how to identify deep link attack surface in iOS apps, URL schemes, Universal Links, and techniques for finding them without source code: 8ksec.io/ios-deeplink-a… Follow @8kSec for more mobile security research

Building ROP chains is a core skill for mobile platform exploitation. Our Offensive Mobile Reversing and Exploitation course covers buffer overflows, ROP, PAC bypasses, and kernel-level security mechanisms across both iOS and Android. Includes OMSE certification: academy.8ksec.io/course/offensi…

This blog walks through building a ROP chain on ARM64: 8ksec.io/arm64-reversin… In this one, we overflow a gets() buffer, calculate the ASLR slide from a leaked address, then chain two gadgets: chain1 loads "nc -l 4000" into memory, chain2 calls system(). Full payload construction walkthrough. Keep learning with @8kSec. Follow us for more such content!