Carbonara: The MediaTek exploit nobody served
https://shomy.is-a.dev/blog/article/serving-carbonara
Penumbra is a tool for interacting with Mediatek devices.
It provides flashing and readback capabilities, as well as bootloader unlocking and relocking on vulnerable devices: https://github.com/shomykohai/penumbra
https://shomy.is-a.dev/blog/article/serving-carbonara
Penumbra is a tool for interacting with Mediatek devices.
It provides flashing and readback capabilities, as well as bootloader unlocking and relocking on vulnerable devices: https://github.com/shomykohai/penumbra
❤12👍5
Analysing a Pegasus 0-click Exploit for iOS
Recreated the "Blastpass" iOS exploit in a faked target process, to understand the heap shaping strategy first-hand
https://youtu.be/0JFcDCW3Sis
Recreated the "Blastpass" iOS exploit in a faked target process, to understand the heap shaping strategy first-hand
https://youtu.be/0JFcDCW3Sis
YouTube
Analysing a Pegasus 0-click Exploit for iOS
Are you a security researcher or reverse engineer?
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individuals…
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individuals…
👍15❤8
Deep-C: Android Deep Link misconfiguration detector and exploitation tool
https://github.com/KishorBal/deep-C
https://github.com/KishorBal/deep-C
🔥15❤8👍3🎃2
Practical Mobile Traffic Interception
https://medium.com/@justmobilesec/practical-mobile-traffic-interception-1481e33d974e
https://medium.com/@justmobilesec/practical-mobile-traffic-interception-1481e33d974e
Medium
Practical Mobile Traffic Interception
TL;DR#1: The post will discuss a step-by-step guide of how mobile web traffic can be intercepted on current android and ios applications…
👍16
Sapsan Terminal: new AI‑powered HID noscripting tool that speeds up payload creation and handles the syntax for 15 supported devices (video test)
https://www.mobile-hacker.com/2026/02/03/sapsan-terminal-ai-powered-badusb-noscript-generator/
https://www.mobile-hacker.com/2026/02/03/sapsan-terminal-ai-powered-badusb-noscript-generator/
Mobile Hacker
Sapsan Terminal: AI-Powered BadUSB Script Generator - Mobile Hacker
Cybersecurity professionals and enthusiasts often rely on noscripting to automate tasks and execute penetration tests efficiently. Writing payloads manually for devices like Rubber Ducky, Evil Crow Cable, or Flipper Zero can be time-consuming and error-prone.…
👍10👏3❤1🤔1
FIRST Ever Online Mobile Hacking Conference
Free, worldwide online event bringing the mobile security community together for sessions on mobile hacking, AI, malware, forensics, live mobile‑focused CTF with prizes!
When: March 3 and 4, 2026
Register here: https://www.mobilehackinglab.com/mobile-hacking-conference-registration
Free, worldwide online event bringing the mobile security community together for sessions on mobile hacking, AI, malware, forensics, live mobile‑focused CTF with prizes!
When: March 3 and 4, 2026
Register here: https://www.mobilehackinglab.com/mobile-hacking-conference-registration
👍16
Inside a Multi-Stage Android Malware Campaign Leveraging RTO-Themed Social Engineering
https://www.seqrite.com/blog/inside-a-multi-stage-android-malware-campaign-leveraging-rto-themed-social-engineering/
https://www.seqrite.com/blog/inside-a-multi-stage-android-malware-campaign-leveraging-rto-themed-social-engineering/
Blogs on Information Technology, Network & Cybersecurity | Seqrite
Inside a Multi-Stage Android Malware Campaign Leveraging RTO-Themed Social Engineering
<p>In recent years, Android malware campaigns in India have increasingly abused the trust associated with government services and official digital platforms. By imitating well-known portals and leveraging social engineering through messaging applications…
👍10❤4
MobSF has Stored XSS via Manifest Analysis of uploaded APK (CVE-2026-24490 )
https://github.com/advisories/GHSA-8hf7-h89p-3pqj
https://github.com/advisories/GHSA-8hf7-h89p-3pqj
😁38❤1🤪1
Understanding and Experimenting with Apple's Pointer Authentication Codes (PAC) on iOS
https://blog.reversesociety.co/blog/2026/pointer-authentication-code-for-ios
https://blog.reversesociety.co/blog/2026/pointer-authentication-code-for-ios
🎃10👍2
Android Dynamic Class Dumper — dump all DEX files from running Android apps using Frida
https://github.com/TheQmaks/clsdumper
https://github.com/TheQmaks/clsdumper
GitHub
GitHub - TheQmaks/clsdumper: Android Dynamic Class Dumper — dump all DEX files from running Android apps using Frida
Android Dynamic Class Dumper — dump all DEX files from running Android apps using Frida - TheQmaks/clsdumper
❤14👍4💩2👎1💊1
IPATool: command line tool that allows to download iOS apps on the App Store
https://github.com/majd/ipatool
https://github.com/majd/ipatool
GitHub
GitHub - majd/ipatool: Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App…
Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App Store - majd/ipatool
❤18🔥5🤮2💩1