n0ps

I've been pretty silent on this platform, but been working on some blog posts: n0psn0ps.github.io/2025/07/13/8kS… #mobilesecurity #ctf #ios Thanks @8kSec

@L0Psec 🙏🏼 thanks! Definitely sad to have a company unresponsive even with a dedicated form for communicating security issues.

@n0ps3 Really cool analysis! Sucks that they were unresponsive.

New blog post on reversing the QardioArm a Smart Blood Pulse Monitor: n0psn0ps.github.io/2025/02/13/Rev… #frida #mobilesecurity #bluetooth #cve

@malwrhunterteam Thanks for sharing. :)

Only ESET detected "HyperVPN.apk": 25979f5e1dd7fb7a03fcb7c3d6a85d1286199739254585b17ced93ca217930d6 From: https://vpn-for-you[.]com/ -> https://vpn-for-you[.]com/HyperVPN.apk

Looking for some weekend reading? I recently published a deep technical dive into *all* the new macOS malware of 2024 🍎🐛 The report covers: 💉 Infection vectors 💾 Persistence mechanisms 🔓 Capabilities & features 🛡️ Detection methods Check it out! 👇 objective-see.org/blog/blog_0x7D…

Lets check out the System Loco HGD4 Industrial Cellular connected GPS Tracker that you can get used for ~20€ Many useful parts inside that are "easy" hackable if you wanna take the route of making a custom firmware nRF52840 + more Video now online here: youtube.com/watch?v=-UQDqF…

Full custom firmware on the SR08 BLE Smart Ring goes Brrrrr... s.click.aliexpress.com/e/_op8fMC1 What a pain to develop for the DA14585 SoC🥲 but works! Demo Firmware allows OTA and a simple counter Source is available here: github.com/atc1441/ATC_SR… Flashing on your own risk!

1/11: Another day, another #backdoor! Our team started digging deep into the #macOS #malware sample (yet undetected on VirusTotal) shared by @bruce_k3tta, and surprisingly found out that it has the ability to execute arbitrary commands sent from C2 and capture screenshots.

New RE Blog Post: kandji.io/blog/kitty-ste… Potential stealer in the making, we named Purrglar: Targets Chrome/Exodus, uses Security Framework APIs for Keychain access attempt (prompts the user), and leverages curl APIs. Was fun, a lot of arm64 instruction coverage in the blog :)

Worried about a TikTok ban? Americans are now flocking to Xiaohongshu (REDnote), another Chinese app. Spoiler: Yes, it tracks its users. Time to dive in! ⬇️

@MasterMike88 Any chance that Frida works on iPadOS 18.0+ or still facing root process spawning issue?

palera1n works on iPadOS 18.2 beta 3. However, tvOS 18.2 beta 2 implements SSV Implications: - rootless should work without a palera1n update (but there’s no strap in palera1n loader currently) - rootful might work if you create a fakefs first, but that hasn’t been tested)

🚨🚨🚨Big Announcement! Introducing On-Demand Mobile Security Courses🚀 We’re thrilled to announce the start of pre-registration for our On-Demand Courses! At 8kSec Academy, you can advance your Mobile Security skills and earn certifications anytime, from anywhere🌍 Available Courses for Pre-Registration: ‣ Offensive Mobile Reversing and Exploitation (24Hrs of Content, 167 videos) ‣ Practical Mobile Application Exploitation (22Hrs of Content, 140 videos) ‣ Offensive iOS Internals (13Hrs of Content, 92 videos) ‣ Offensive Android Internals (10Hrs of Content, 69 videos) Enroll early and unlock exclusive benefits: 🔹Special Early Bird Pricing – the best rates available, exclusively for early registrants 🔹Extended 15-Month Access – enjoy an extra 3 months to learn at your own pace, with continuous course updates 📖Explore full course details and pre-register now: academy.8ksec.io 📚Learn more about the announcement here: 8ksec.io/on-demand-mobi… 🗓️Courses open for Pre-Registered Students on November 20, 2024. Secure your spot now and get ready to elevate your skills in #MobileSecurity, #Jailbreak, and #MobileExploitation. Follow @8ksec for more such updates.

@radareorg @bezjaje Excited for this one 🤙🏼

Welcome back! Now @bezjaje will be talking about #frida hooks on non jailbroken iOS devices. Hope you enjoy it! #r2con2024

Let's reverse engineer a machine learning app on iOS! The Hotdog app can detect hotdogs 🌭, is there a chance to change it into a pizza 🍕 detector app? youtu.be/e2kosWm2vag

❄️ Announcing the Advent Of Radare2! ❄️ Stay tuned for the 1st of December! radare.org/advent/

Stoked that there will be an Apple-themed Capture the Flag (CTF) event at #OBTS v7.0 🤗🏴‍☠️ Interested in participating (or submitting a challenge)?Register here: docs.google.com/forms/d/e/1FAI… And a big mahalo to @gutterchurl & @iamevltwin for putting together the CTF again! 🙏🏽

After my previous post, I recieved a few comments about ptrace! I was curious and decided to explore this new track. In the post: ➡️ I used ptrace to prevent debugger attaching my program ➡️ I dived into xnu sources to reverse-engineer ptrace ⬇️⬇️⬇️⬇️ tonygo.tech/2024/anti-debu…

After so much testing with different prompts and models, ended up wording a good query for decompiling with r2ai/decai. The first screenshot shows the result for: Claude3.5, Gpt4o and Qwen2.5 (local) for a password checking function in Swift.

@enovella_ @radareorg @RadareCorp Much FOMO

Lineup is insane! 🔥🧯 rada.re/con/2024/ See you there folks! 😎 #barcelona #radare2 @radareorg @RadareCorp

@philofishal A prophecy of Phillip K Dick.