XetraSec @xetrasec
Vulnerability Researcher | Exploit Developer | Low Level 0days Hunter /dev/null Joined June 2021-
Tweets2K
-
Followers96
-
Following484
-
Likes1K
The two bytes that make size matter: Reverse engineering Apple's iOS 0-click CVE-2025-43300 improved bounds checking fix, by Madimodi Diawara blog.quarkslab.com/patch-analysis…
My new article: "Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel"⚡️ I tell a bug collision story and introduce my pet project kernel-hack-drill, which helped me to exploit the hard bug that received @PwnieAwards 2025 a13xp0p0v.github.io/2025/09/02/ker…
The issue in WhatsApp seems to be a logic vulnerability and appears to target users who have iMessage turned off, in order to trigger the ImageIO vulnerability.
The issue in WhatsApp seems to be a logic vulnerability and appears to target users who have iMessage turned off, in order to trigger the ImageIO vulnerability.
CVE-2025-55177, an authorization bypass in WhatsApp on iOS and Mac, allowed attackers to force "content from arbitrary URL" to be rendered on a target’s device.. A zero-click vulnerability recently patched by Apple (CVE-2025-43300) was also used in the WhatsApp attack 👀
After wrestling with a mess of decompiled pseudocode, we wrote a short analysis of CVE-2025-43300. In a twist of irony, we also show how we stumbled on another DNG parsing bug that was supposed to be fixed a few months ago. github.com/DarkNavySecuri…
Quantum ROP. This is really cool technique and needs more attention. By @BSypmn and Yahav Rahom. phrack.org/issues/72/12_md
This post demonstrates how bugs aren't always what they seem, especially when working with a decompiled version of the code. Compiler optimization or decompiler artifacts can mask or "fix" high-level code issues. #Apple #macOS #iOS afine.com/reverse-engine…
🚨 New blog post: ELEGANTBOUNCER - Catch iOS 0-click exploits without having the samples. Features iOS backup forensics & messaging app scanning for iMessage, WhatsApp, Signal, Telegram & Viber attachments. 🔗 Link -> msuiche.com/posts/elegantb…
Exploit and mini writeup for CVE-2025-5419. github.com/mistymntncop/C…
While reproducing the iOS ITW CVE-2025-43300 (support.apple.com/en-us/124925), we accidentally triggered another old DNG image parsing vulnerability. The analysis is still ongoing.
Brief info and POC for this week's Apple 0click iOS 18.6.1 RCE bug CVE-2025-43300 github.com/b1n4r1b01/n-da…
New blog post just dropped! West Shepherd breaks down extending the Mythic Poseidon agent for ARM64 Dylib injection on Apple Silicon. Details include: ✅ Shellcode construction ✅ Memory allocation ✅ Runtime patching ✅ Thread creation Read more ⤵️ ghst.ly/41Nu4ED
New blog post: A journey in Android physical memory - writeup on exploiting recent GPU bug CVE-2025-21479 dawnslab.jd.com/android_gpu_at…
I diffed RawCamera on iOS 18.6.1 and 18.6.2 Here's full Diaphora diff: mediafire.com/file/e2yp7m27r… 18.6.1: 1DD8A36DC 18.6.2: 1DD8A3684 I'm concern that the exploit may using CGImageSource and CGImageSourceCreateImageAtIndex since it got removed on lastest version
You can now read my WASM->JS escape write-up online. Full PoC is included at the end of the article. phrack.org/issues/72/10_m…
You can now read my WASM->JS escape write-up online. Full PoC is included at the end of the article. phrack.org/issues/72/10_m…
Great Phrack 72 article on IOKit. I’ve already covered all of these topics in my training. phrack.org/issues/72/9_md… x.com/R00tkitSMM/sta…
Great Phrack 72 article on IOKit. I’ve already covered all of these topics in my training. phrack.org/issues/72/9_md… x.com/R00tkitSMM/sta…
As promised Blogpost is here! I find that a lot of the times people ask “how can researchers find complex bugs” This is my small contribution to show how the journey looked for me. I presented this content at hitcon last week! bughunters.google.com/blog/580034147…
Low-Cost and Comprehensive Non-textual Input Fuzzing with LLM-Synthesized Input Generators usenix.org/conference/use…
@theori_io's AIxCC CRS has already found dozens of 0day vulnerabilities, and we've barely scratched the surface! The best part: it's open source, so there's no secrets to hide (at least in the AIxCC version 😉)! So, how does our CRS actually find these 0days? 🧵
So, how did our #AIxCC finalist RoboDuck actually pull it off? 🦆 Building Effective LLM Agents - theori.io/blog/building-… 🦆 Exploring Traces - theori.io/blog/exploring… Check out the full details and real execution logs on how we designed an AI that can find and fix…
adam @xstudento
0 Followers 113 Following
Budpeaq @Budpeaq4584
13 Followers 292 Following
Ouwhausuq @Ouwhausuq7873
5 Followers 293 Following
Glule @Glule8498786
22 Followers 999 Following
Slierdeq @Slierdeq006640
20 Followers 936 Following
Greg Konopelski @GregKonope91624
69 Followers 3K Following
Upleroqhir @Upleroqhir751
53 Followers 2K Following
Fweahac @Fweahac8504285
73 Followers 1K Following
MalwareX @MalwareX532974
89 Followers 1K Following
BRIAN D BROWN @BRIANDBROWN7000
77 Followers 2K Following
Mohammed | مُحَم... @u0pattern_cs
3K Followers 1K Following Mobile Security R&D by day | Saudi nationalist politician by night, whose ambition is to see his country 🇸🇦 lead the region #the_saudi_cyber_arms_company_2035
Out Of The Box Securi... @OOTBconf
287 Followers 326 Following A one-day deep dive into unconventional hacks, creative exploits, and attacks! JKT - Feb 25th 2025 BKK - Aug 20th & 21st 2025
Mosaab_💬 @iSpotVulnz
2K Followers 2K Following Software Necromancer🗄️; Low Level Dweller 👾; lvl 28 ScriptKiddie 😁 ; VR w/ EMU TEAM; CTFs & RevEng tuts w/ @Purp1eC0 ;
JudyJohnson @h2vq5GXy4UD4ZWq
70 Followers 1K Following
Tearteen @TearteeniBXK
118 Followers 6K Following
Sosuke Uchiha @Sosuke_Uchiha_
0 Followers 2K Following Admiration is the emotion furthest away from comprehension.
Lorenzo Franceschi-Bi... @lorenzofb
52K Followers 3K Following Senior reporter @TechCrunch, writing a book on Hacking Team and the industry of government spyware. ☎️ +1 917 257 1382
user @HeRo48847866457
8 Followers 298 Following
Infosec @infosec_com_br
380 Followers 4K Following
0n3 @0n315
120 Followers 1K Following
Ojaswi Kumar Mishra�... @0xojaxwi
74 Followers 2K Following Old-school Malware & Offensive Security REsearcher | ⚡Kernel Pwner⚡
kaanezder @kaanezder
811 Followers 941 Following physics & low level stuff a.k.a aventador (daily account @psyduccckkkk)
Josh @Jblk1337
0 Followers 472 Following
Cs Shankar @csshankar121
25 Followers 2K Following
Cathy @cathy_anderson_
323 Followers 3K Following
0xLite@Ha @AzyzChayeb
886 Followers 7K Following
akash_offsec @akashoffsec
385 Followers 2K Following Security Researcher🧑💻 | Bug Hunter | Penetration Tester
soaphorn seuo @soaphornseuo
3K Followers 7K Following
shivraj patil @shivrajpat73824
0 Followers 18 Following
CamillePollitt @R52v81h6HQdrQ96
74 Followers 7K Following
Naman Devnani @naman_devnani
417 Followers 7K Following Security Researcher | Purple Team | Bug Hunter | CTF Player | Science & Tech Enthusiast | R&D | All-Source Intelligence | CAP | DCSP | TTIA | BCDE | COL
Jacqueline @b_jacqueline19
243 Followers 3K Following
The Coffee Guy @T_CoffeeGuy
279 Followers 3K Following Café-adicto, Jazz,Blues,Bossa Nova. Café de todos los sabores y tamaños. Cortometrajes,Teatro,Cultura y Valores.☕
David F. Riggins @7angelspublish
154 Followers 651 Following ☆ There are some people who, if they don't already know, you can't tell 'em. ○Yogi Berra○
DarrylThurber @DarrylThur84224
49 Followers 2K Following
B Jashwanth Goud @goud_jashw24139
4 Followers 73 Following
Alison @gabealison87
228 Followers 3K Following
DARKNAVY @DarkNavyOrg
2K Followers 50 Following Cybersecurity enthusiasts from DARKNAVY. Achieve, Analyze, Attack *Oops.
DawnSecurityLab @dawnseclab
1K Followers 6 Following Dawn Security Lab focusing on system & iOT security https://t.co/H2vUNhaVd0
Tim Becker @tjbecker_
2K Followers 349 Following Security Researcher at @theori_io. Flag capturer at @PlaidCTF. Cryptography enjoyer.
PagedOut @pagedout_zine
5K Followers 9 Following Paged Out! is a free magazine about programming, hacking, security hacking, retro computers, modern computers, electronics, demoscene, and other amazing topics.
Pakistan Observer @PakObsOfficial
15K Followers 11 Following An Independent Media Group covering Defense, Security, and Conflict related Topics from South Asia & Middle East region.
Iran Observer @IranObserver0
705K Followers 140 Following ☫ || Iran News || Geopolitics || non-state affiliated ||
Rei Kawa @kawarei0
506 Followers 215 Following
M1n@Cris @minacrissDev_
5K Followers 7K Following iCloud OFF Exploit by SN owner, First iCloud Bypass(Wifi+GSM), iCloud Relock exploit, iOS Programmer ||
Hossein Lotfi @hosselot
6K Followers 60 Following Vulnerability researcher at ZDI (views are my own). Check #hosselot_tips for vulnerability research tips. 'A machine never faults. It reflects human's faults.'
Chaithu @ant4g0nist
2K Followers 252 Following Founder || Vulnerability Research || fuzzing artist || 🦀 + security
Dillon Franke @dillon_franke
1K Followers 398 Following Fuzzing, MacOS, vuln research @Google. Jesus Follower
Jack Rhysider 🏴... @JackRhysider
164K Followers 4K Following Creator of @DarknetDiaries. Tell me a good hacker story. 💻🔦⤵️🐰🕳️ Discord: https://t.co/qxanMuJ5X2
deepsec.cc @deepsec_cc
254 Followers 0 Following
Kiprey @Kipreyyy
959 Followers 57 Following Web3 Sec researcher & Hacking for fun. DM in discord @kipreyyy. Blackhat USA 23&24 Asia 25 Speaker / 2023-2024 Top Chrome VRP Researcher / Zer0con 24 Speaker.
sakura @eternalsakura13
8K Followers 190 Following Lead Security Researcher @zellic_io. 2022-2024 Top 3 Chrome VRP. 2023 Top 2 Facebook Whitehat. 2025 MSRC MVRs 9th. BlackHat Asia/USA & Zer0Con speaker.
Trail of Bits @trailofbits
35K Followers 255 Following We help secure the world’s most targeted organizations and products. We combine security research with an attacker mentality to reduce risk and fortify code.
AJ @justandrijana
598 Followers 402 Following Janai researcher. AJ around the world. RCEPECT. CEO of SAFA Team.
Out Of The Box Securi... @OOTBconf
287 Followers 326 Following A one-day deep dive into unconventional hacks, creative exploits, and attacks! JKT - Feb 25th 2025 BKK - Aug 20th & 21st 2025
Donncha Ó Cearbhaill @DonnchaC
6K Followers 5K Following Head of Security Lab at @AmnestyTech - Hunting spyware and unlawful surveillance targeting civil society (He/Him) - Fedi: @[email protected]
eShard @eshard
2K Followers 332 Following Beyond testing tools, solutions that deliver expertise. 🌐 Chip & binary security testing https://t.co/1dUvkjLR8L https://t.co/BCMLXCF49H
TheRealClarity @imnotclarity
620 Followers 32 Following Sometimes maybe good sometimes maybe shit jailbreak developer
rev.ng @_revng
5K Followers 4 Following Building the next generation decompiler. Binary analysis is a dish best served static.
ZygoSec @ZygoSec
1K Followers 1 Following Education platform for acquiring skills in modern vulnerability research & software exploitation
SinSinology @SinSinology
13K Followers 674 Following Pwn2Own 20{22,23,24,24.5,25,25.5}, i look for 0-Days but i find N-Days & i chase oranges 🍊
Lorenzo Franceschi-Bi... @lorenzofb
52K Followers 3K Following Senior reporter @TechCrunch, writing a book on Hacking Team and the industry of government spyware. ☎️ +1 917 257 1382
RE//verse @REverseConf
3K Followers 26 Following A conference for all things in the reverse engineering universe... https://t.co/X54VHq2eD4
Eclypsium @eclypsium
2K Followers 211 Following A supply chain security platform that builds trust in every device.
Qrious Secure @qriousec
1K Followers 3 Following Debugger is main vehicle to satisfy our boundless Qriousity. A non-profit 🇻🇳 hackers' club driven by passion.
LaurieWired @lauriewired
98K Followers 294 Following researcher @google; serial complexity unpacker; https://t.co/Vl1seeNgYK ex @ msft & aerospace
Huy Nguyen @Little_34306
17K Followers 281 Following i do nothing, others platform: https://t.co/qY3jaBjkDn
Jack Maginnes 🏴... @_stigward
1K Followers 598 Following Professional bug creator and side-project abandoner | @exploitsclub | prev VR w/ @interruptlabs
jonpalmisc @jonpalmisc
702 Followers 293 Following iOS exploits, (de)compilers, etc. — https://t.co/Tdx9Z5i1Ks
Gyorgy Miru (Gym) @gymiru
670 Followers 284 Following In kernel space no one can hear you scream! The Android kernel guy at SAFA Team, proud @SpamAndHex dropout. We are hiring: https://t.co/UPcIOeusrM
CODE BLUE @codeblue_jp
6K Followers 625 Following CODE BLUE 2025: International cybersecurity conference 📆 Training: 11/16-17 |Conference: 11/18-19 📢 参加登録受付中!Now Accepting Registrations! HP https://t.co/blERauRf35
kaanezder @kaanezder
811 Followers 941 Following physics & low level stuff a.k.a aventador (daily account @psyduccckkkk)
binerdd @binerdd
1K Followers 977 Following Jaewon Min, Senior Vulnerability Researcher; These are my views not my employers. @[email protected]
Carl Smith @cffsmith
1K Followers 706 Following Security @Google; @FluxFingers/@Sauercl0ud; previously V8 Security, Intern {Project Zero, @XI_Research}. Personal account. https://t.co/w9zosKSHdh on Bluesky.Trends for United States
You might like
