∞

My methodology for finding 0Days in iOS applications. Read here: linkedin.com/pulse/how-i-fu… #retweet #ios #fuzzing #0day #vulnerablityresearch #frida #aflplusplus #reverseengineering

LeakBase admin "Chucky" was arrested. For those unfamiliar, LeakBase was this big ass fuck off website which sold, traded, auctioned, and freely distributed stolen data from compromised websites or companies. LeakBase audience was primarily Eastern European. Despite the wide spread identify theft, credit card fraud, extortion, initial access brokering, and money laundering that "Chucky" enabled, he was a nice guy. I used to send silly pictures of kitty cats to him.

- XZ utils backdoor: found by guy debugging 200ms latency - LiteLLM hack: found by guy debugging oom issue These could have been the most impactful compromises ever. Forget security vendors, weaponize your engineers’ autism.

iOS 18.6.1, iOS 18.6.2 - iOS 0-click CVE-2025-43300 Reverse engineering of Apple's iOS 0-click CVE-2025-43300: 2 bytes that make size matter The vulnerability seems to be located in the ImageIO.framework. Frameworks and functionalities are implemented blog.quarkslab.com/patch-analysis…

1. Defense contractor L3Harris created iPhone spyware ("Coruna") for the U.S. government. 2. 3. Now it's in the hands of a Chinese cybercrime group. I'm curious about #2. #selection-647.0-655.78" target="_blank" rel="nofollow noopener">archive.is/h9OYm#selectio…

Looks like opa334 has extracted the kernel exploit github.com/opa334/darkswo…

I'm reverse-engineering DarkSword and found that it supports 26 iPhone models with only 34,000 offsets. That's crazy.

Just saying it is technically possible to get /var/mobile+MobileGestalt read/write and 3 app limit bypass using DarkSword kernel exploits, given the leaked fullchain showed that it managed to inject JavaScript into plenty of system processes. No eta on these though.

Got kernel R/W on an iPad mini 6th gen running iOS 18.6.2 using the in the wild exploit chain darksword

Apple confirms mass web attacks. Says to get new iPhones. support.apple.com/en-us/126776

More (truncated) DarkSword findings I scraped together — C2 hardcoded in plaintext, anti-forensics routine that unlinks 22 temp files after stealing keychains/WiFi passwords, and a real GPU crash log from in-the-wild exploitation

The co-founder of one of America's biggest AI companies just got arrested by the FBI. His name is Wally Liaw and he co-founded Super Micro Computer in 1993. He sat on the board and he personally held $464 million in company stock. And prosecutors say he spent the last two years secretly shipping America's most powerful AI chips straight to China. Not one shipment but a systematic, coordinated operation. The scheme ran through a Southeast Asian shell company. Fake documents, fake buyers, and servers repackaged mid-route to conceal their true destination. When US compliance auditors showed up to inspect the warehouses, the real servers were already gone. They had been replaced with fake "dummy" servers built specifically to fool inspectors. In just three weeks in spring 2025, they shipped $510 million worth of restricted Nvidia hardware. $2.5 billion in banned AI servers delivered to China and here's where it gets darker. This isn't just one rogue executive. A documentary crew already found the underground network months ago, GPU smugglers stripping chips out of banned graphics cards, modifying them in garages, shipping them one by one across borders. A US based buyer was caught in Arizona meeting a contact in a Prius, testing GPUs in a car, with a spare license plate in the trunk. Street-level smugglers, shell companies in Southeast Asia, and now a co-founder with board access and a $464M stake. It's the same black market but just operating at every level simultaneously. The US has spent years trying to cut China off from the chips that power military AI, surveillance, and weapons systems. Liaw and his co-conspirators allegedly made that effort meaningless from the inside. He faces up to 20 years under the Export Control Reform Act plus additional charges for smuggling and defrauding the United States. One of his co-conspirators is still a fugitive and SMCI stock dropped nearly 15% after hours. The company itself says it wasn't named in the indictment. But the co-founder who built it, sat on its board, and ran business development was apparently running something else entirely on the side.

For everyone crypto-drained between July and now running an iPhone: the Coruna and DarkSword multi 0-day exploit kits timelines might explain some things. Apple iOS security isn't a walled garden anymore, its a silent sieve with PR working harder than security these days.

Fuzzer for 5G NR attacks against Qualcomm and MediaTek modems github.com/asset-group/5g…

Reverse engineering undocumented Windows Kernel features to work with the EDR TLDR; Reverse engineering Windows internals: because sometimes the best way to fix a problem is to take the operating system apart. fluxsec.red/reverse-engine…

For anyone dealing with RASP protected apps, frida-strace is now your first step. Trace the syscalls, find what the app checks, hook those specific functions, bypass. No more guessing. Frida 17.8.0+, kernel 6.1+ required. #Frida #MobileSecurity #AppSec

I heard this was used by Russia years ago at LAX.

There’s no way you can get on social media and not become a misogynist

This divorce is taking longer to finalize than the wedding took to plan. 💔 never again.

Coruna exploit is only useful for devices on older iOS versions. That means iOS 13-17 devices are ALL vulnerable to these powerful exploits for a jailbreak. A total of 23 exploits chained together. If you have locked devices with a passcode, we need a A12+ bootrom exploit. Otherwise we cannot pull activation tickets for iCloud bypass without updating. Also what WOULD be helpful is a SELF erase iOS exploit for devices that are passcode locked. Without it, passcode locked devices on these vulnerable versions are useless. iOS devices A12+ iOS 26.2+ we are still working on exploits. Some parts are working but it’s not complete by any means. Just sit and wait. I would honestly just wipe the passcode locked devices and leave them on iOS 26.2 for now and leave them in a drawer. This year I’m sure we will release A12 iOS 26.2+ We want 100% success

Static Analysis for Windows Kernel Drivers using disassembly, symbolic execution,taint and Z3 to auto discover kernel vuln maps IOCTL , killer , ppl bypass surface, tracks user input to sensitive APIs, discovers ROP/JOP gadgets, and can even generate PoC exploits & fuzzers