Offensive Security Trainings and Services. OnDemand Mobile Security & AI Security Courses - academy.8ksec.io. Linkedin: @8ksec
Joined August 2022
- Tweets 666
- Following 542
- Followers 3,505
- Likes 316
441 Photos and videos
🚨🚨Our newest blog on Android SELinux Internals Part III is out! Read it here: 8ksec.io/android-selinux-int…. In this one, we look at Six kernel-level techniques to disable SELinux. Five real exploit chains, and we talk about which vendor protections actually work and which don't. #MobileSecurity #AndroidSecurity #InfoSec #Cybersecurity
1
13
62
2,521
Twelve free iOS application exploitation labs. Frida detection, runtime swizzling, GPS spoofing, SSL bypass. Built like real hardened apps, not toy CTFs: academy.8ksec.io/course/ios-…
Follow @8kSec for more mobile pentest training
2
24
996
Turning a stock Android 15 emulator into a rooted, Frida-ready pentest target. No physical device, no jailbroken loaner. Read the full blog: 8ksec.io/rooting-an-android-…
Follow @8kSec for more mobile pentest tooling.
1
10
41
2,029
Our Practical Mobile Application Exploitation course (CMSE certification) covers the full app-side attack surface. This includes deep link exploitation, IPC, WebViews, Frida-driven runtime analysis, and more:
academy.8ksec.io/course/prac…
276
This blog walks through an integer overflow on ARM64 where the bounds check is correct, the strcpy is correct, and its still exploitable!
The overflow happens because of a type cast between validation and copy logic.
Full walkthrough in the post: 8ksec.io/arm64-reversing-and…
Follow @8kSec for more hands-on security content
1
13
55
2,949
Build such exploits yourself in our free ARM Exploitation Challenges: academy.8ksec.io/course/arm-…
1
4
331
🚨🚨Our newest blog on Android SELinux Internals Part III is out! Read it here: 8ksec.io/android-selinux-int…. In this one, we look at Six kernel-level techniques to disable SELinux. Five real exploit chains, and we talk about which vendor protections actually work and which don't. #MobileSecurity #AndroidSecurity #InfoSec #Cybersecurity
1
13
62
2,521
Want to go even deeper into Mobile OS internals? Our Offensive Android Internals course covers Android internals, kernel security, SELinux, exploitation, and real-world offensive research techniques in depth. Check it out: academy.8ksec.io/course/offe…
4
337
11 free hands-on Android exploitation labs. Each is a vulnerable APK with a real-world attack class.
Labs include:
→ Bypass kiosk-mode without the wipe
→ Reverse a Flutter password vault statically
→ Make unauthorized calls without permissions
Plus 7 more.
academy.8ksec.io/course/andr…
Follow @8kSec for more such resources.
7
34
1,456
This blog walks through bypassing ASLR and NX on ARM64 with two bugs that only work together. One leaks a memory address. The other turns that address into a shell. Either alone is harmless.
Full walkthrough: 8ksec.io/arm64-reversing-and…
Follow @8kSec for more practical security content
1
5
32
1,718
Chaining info leaks with memory corruption is core to bypassing modern ARM64 mitigations. We cover ARM64 exploitation end-to-end, ASLR/NX bypasses, ROP, heap and stack corruption in our Offensive Mobile Reversing and Exploitation course.
academy.8ksec.io/course/offe…
1
491
7 days left for early bird pricing.
đź“Ť RomHack 2026 | Sept 28 - Oct 1, Rome | Offensive Mobile Reversing and Exploitation for iOS and Android by @8kSec
What's covered across 4 days:
- iOS 26 internals: SPTM, TXM, PAC, PAN, PPL, MTE
- Android kernel: RKP, SELinux, Binder IPC, boot image analysis
- ARM64 static dynamic analysis: Ghidra, Hopper, IDA Pro, Frida
- Real malware: crypto wallet stealers, accessibility malwares, fresh 2026 samples
- AI MCP servers for reversing and forensic analysis
- Exploit dev: UaF, heap overflow, anti-debugging bypass
- Audit iOS and Android apps for security vulnerabilities
Includes Corellium access and the OMSE certification.
Early bird ends soon. Seats are limited.
→ romhack.io/training/2026/off…
1
5
28
2,007
Patch-diffing CVE-2024-23265 in the AppleDiskImages2 KEXT, the entire iOS kernel fix is one added equality check:
8ksec.io/patch-diffing-ios-k…
The methodology covers every function in the KEXT. ipsw pulls kernelcaches from iOS 17.3.1 and 17.4, ipsw's symbolicator names the functions, a Ghidra script dumps every decompiled function, and Meld diffs the pair. One function comes back changed.
Before: it returned -1 as if it were a valid pointer.
After: one added clause if (lVar4 != 0 && lVar4 != -1). Reachable from userland via IOUserClient::externalMethod.
Follow @8kSec for more such iOS kernel research.
2
13
67
4,513
Kernel patch diffing, pulling kernelcaches from IPSWs, decompiling KEXTs, and reading bug-fix diffs to understand iOS internals is a workflow we teach end-to-end in our Offensive iOS Internals course. Check out the syllabus here
academy.8ksec.io/course/offe…
1
286
Exploiting an uninitialized stack variable on ARM64:
8ksec.io/arm64-reversing-and…
Function one() writes locals and returns. The bytes remain.
Function two() allocates the same frame and reads uninitialized locals, recovering previous values.
If the data is a pointer or size field, this becomes a primitive for leaking or influencing memory.
Follow @8kSec for more practical security content
1
11
58
2,627
Uninitialized memory bugs – stack reuse, freed-but-stale heap, info leaks that turn into pointer leaks – are bread-and-butter primitives for mobile platform exploitation. Our Offensive Mobile Reversing and
Exploitation course covers buffer overflows, ROP, PAC bypasses, and kernel-level exploitation across iOS and Android. Includes OMSE certification:
academy.8ksec.io/course/offe…
1
249
Move past app layer security. This training explores mobile systems down to the kernel 🔥 5 days left to get the early bird rate
đź“Ť @BlackHatEvents USA 2026 | Aug 1-4, Las Vegas | Offensive Mobile Reversing and Exploitation for iOS and Android by @8kSec
What's covered across 4 days:
- iOS 26 internals: SPTM, TXM, PAC, PAN, PPL, MTE
- Android kernel: RKP, SELinux, Binder IPC, boot image analysis
- ARM64 static dynamic analysis: Ghidra, Hopper, IDA Pro, Frida
- Real malware: crypto wallet stealers, accessibility malwares, fresh 2026 samples
- AI MCP servers for reversing and forensic analysis
- Exploit dev: UaF, heap overflow, anti-debugging bypass
- Audit iOS and Android apps for security vulnerabilities
Includes Corellium access and the OMSE certification.
→ blackhat.com/us-26/training/… #BHUSA
7
17
2,851
🚨Our newest blog on Android SELinux Internals Part II is out! Read it here: 8ksec.io/android-selinux-int…
In this one, we take a look at SELinux domains, AVC denial parsing, and policy modification with Magisk, KernelSU & APatch for exploit testing on Android. It covers everything from seapp_contexts to building persistent Magisk modules for security research. #MobileSecurity #AndroidSecurity #InfoSec
1
8
37
1,923
Move past app layer security and learn more interesting content like this in our course that covers iOS and Android Internals at academy.8ksec.io/course/offe…
3
239
Writing an ARM64 bind shell that chains six syscalls without a single null byte: 8ksec.io/arm64-reversing-and…
x0 is shared on ARM64, it's the syscall return register and the first-argument register. The socket fd can't stay in x0 across six calls, so it parks in x4 and reloads when needed.
Then the null-byte constraint kicks in. LDR pulls from the literal pool, MOV #0 encodes zero, SVC 0 introduces a null byte in the immediate.
Fixes: ADR, MOV xzr, SVC #0x1337.
144 bytes, same chain, no zeros.
Check out the series at 8ksec.io/arm-64-reversing-an…
1
16
65
3,060
Writing your own shellcode is the kind of hands-on primitive that builds real intuition for ARM64 exploitation. Try it yourself in our free ARM Exploitation Challenges – stack smashing, heap corruption, ROP chains, and shellcode construction on ARM64:
academy.8ksec.io/course/arm-…
1
206