Unrestrict the restricted mode for USB on iPhone. A first analysis The Citizen Lab #CVE-2025-24200 👉 blog.quarkslab.com/first-analysis…

macOS Malware Development (Part 2) : 0x00sec.org/t/macos-malwar… Part 1 : 0x00sec.org/t/macos-malwar… Executing Mach-Os In-Memory : 0x00sec.org/t/executing-ma… Ref : Inside a Hello World executable on OS X : adrummond.net/posts/macho The Mystery of Mach-O Object Structure :

🤩 GuidedHacking's Anti-Cheat Development Course 🚀 COMING SOON!!

Just released a short writeup for the A9 version of the Trigon exploit, which involves getting code execution on a coprocessor before exploiting the kernel - enjoy! alfiecg.uk/2025/07/16/Tri…

Thanks to a lot of work put in by Duncan Ogilvie 🍍, IDACode has finally gotten an official update again after 3 years of inactivity! It features stability improvements as well as IDA 9 compatibility improvements! Thanks a lot to everyone involved <3 github.com/ioncodes/idaco…

The 12th Annual Flare-On Challenge kicks off Sept 26 at 8PM EST! Reverse engineering pros, from Windows to Web3 (with a YARA twist), it's your time to shine. 🏆 Get ready → bit.ly/4ofb5g8 #FlareOn12

FLARE-On 12 is about to blow up your weekends: security.googlecloudcommunity.com/news-announcem… #flareon12

Community Write-Ups from 8kSec Mobile Security Battlegrounds Our free Mobile Security Labs have inspired some excellent technical deep dives. Below is a running list of community write-ups that detail their techniques, tooling, and exploitation steps. 🤖Android Labs 0xf0rk3b0mb

Devirtualizing VMProtect and Themida nac-l.github.io/2025/01/25/lif… #infosec #reverseengineering

We present appledb_rs, an open-source tool to analyze Apple IPSWs without storing full images. Extraction, indexing, API, and web interface to speed up your security research 🔍 🔗 Full article available here: synacktiv.com/en/publication… 📂 Source code: github.com/synacktiv/appl…

#flareon12 pre-register now at flare-on12.ctfd.io The puzzles are unleashed tomorrow.

Really enjoyed #flareon12 — especially challenges 7, 8, and the brutal but fun final challenge (9). 🧠🔥 Thanks to Mandiant (part of Google Cloud) for another amazing RE CTF. #CTF #ReverseEngineering #CyberSecurity

Tried out Harmony for the first time. It’s super handy for reverse engineering obfuscated C# binaries, especially when it comes to automation. I used to struggle automating steps in dnSpy, but Harmony made it seamless. Checkout my writeup on Securinets CTF kos0ng.gitbook.io/ctfs/write-up/…

When static analysis hits a wall, dynamic tracing with Frida’s Stalker API reveals what’s really happening at runtime. Learn to trace ARM instructions, filter for ldr/str, and see how obfuscated apps manipulate data: 🔗 8ksec.io/advanced-frida… #ReverseEngineering #AndroidSecurity

Just published my #flareon12 challenge 8 write-up Spent hours playing with Intel Pin (wrong path 😅), then switched to a bottom-up event-based approach using WinDbg TTD, x64dbg, ret-sync & IDA — felt like cracking old game trial licenses again 😄 🔗 reversethat.app/posts/flareon1…

After hours of Flutter AOT reversing, Dart object pool decoding & AES key derivation tracing, I became the first globally to crack DroidPass Full write-up reversethat.app/reverse-engine… #Android #AndroidSecurity #ReverseEngineering #CTF #Flutter #Dart #8ksec #DroidPass

Get your macOS 26.0 xnu CodeQL database (and compile_commands.json) here! 👩 ‍ github.com/blacktop/darwi…

A three part blog series by Jack Halon provides a great introduction into v8 and JS internals, compilation pipeline and ends with analyzing and exploiting CVE-2018-17463 a JIT vulnerability in Turbofan: jhalon.github.io/chrome-browser… jhalon.github.io/chrome-browser… jhalon.github.io/chrome-browser…

CSCG 2026 is live (until 01.05.)! 🥳 Jump in, solve challenges, learn something new, and climb the scoreboard. This year CSCG also serves as the OpenECSC for ECSC 2026 Germany. European Cybersecurity Challenge play.cscg.live