Balancer Protocol (web3 Ethereum DeFi Protocol) got hacked due to a bug in their code allows attackers to steal +70M $ or 110M $ (as some news says) which is the biggest breach in the world till now
▲In my point of view (or a security researcher point of view), code reviewing -by security experts not for regular code bugs but for vulnerabilities- isn't a critical step to take nowadays not just a routine also internal pentesting -not for one time- is another crucial step to do
ⓘ The obvious classification of this vulnerability is A01:2021-Broken Access Control which is already categorized in OWASP top 10 as a growing issue
reference from CoinDesk: https://www.coindesk.com/markets/2025/11/03/balancer-hit-by-apparent-exploit-as-usd70m-in-crypto-moves-to-new-wallets
@reverseengineer101
▲In my point of view (or a security researcher point of view), code reviewing -by security experts not for regular code bugs but for vulnerabilities- isn't a critical step to take nowadays not just a routine also internal pentesting -not for one time- is another crucial step to do
ⓘ The obvious classification of this vulnerability is A01:2021-Broken Access Control which is already categorized in OWASP top 10 as a growing issue
reference from CoinDesk: https://www.coindesk.com/markets/2025/11/03/balancer-hit-by-apparent-exploit-as-usd70m-in-crypto-moves-to-new-wallets
@reverseengineer101
Coindesk
Balancer Hacked? Ethereum DeFi Powerhouse Sees $110M in Crypto Moved
The affected funds include 6,850 osETH, 6,590 WETH, and 4,260 wstETH, blockchain data analyzed by CoinDesk showed.
❤5✍2🤔1
DockMon
A comprehensive Docker container monitoring and management platform with real-time monitoring, intelligent auto-restart, multi-channel alerting, and complete event logging.
https://github.com/darthnorse/dockmon/
A comprehensive Docker container monitoring and management platform with real-time monitoring, intelligent auto-restart, multi-channel alerting, and complete event logging.
https://github.com/darthnorse/dockmon/
GitHub
GitHub - darthnorse/dockmon: DockMon - Modern Docker container monitoring with auto-restart and alerts
DockMon - Modern Docker container monitoring with auto-restart and alerts - darthnorse/dockmon
Tiktok android application RCE Vulnerability (local)
I know it's old but it worth to read and investigate
Explanation:
https://dphoeniixx.medium.com/practical-android-pentesting-a-case-study-on-tiktok-rce-4a82e79cc7c6
Orgininal report:
https://hackerone.com/reports/1065500
@reverseengineer101
I know it's old but it worth to read and investigate
Explanation:
https://dphoeniixx.medium.com/practical-android-pentesting-a-case-study-on-tiktok-rce-4a82e79cc7c6
Orgininal report:
https://hackerone.com/reports/1065500
@reverseengineer101
Medium
Practical Android Pentesting: A Case Study on TikTok RCE
From Universal XSS to native library hijacking: A comprehensive guide to Android exploitation using WebViews, Intent abuse, and Zip Slip.
❤8😴2
Forwarded from Android Security & Malware
LANDFALL: New Android commercial-grade spyware targeted Samsung Galaxy devices via a WhatsApp zero-click exploit in image parsing (CVE-2025-21042)
https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/
https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/
❤5👍4
OWASP TOP 10
The new release 2025
https://owasp.org/Top10/2025/0x00_2025-Introduction/
The new release 2025
If you don't know what is owasp top 10 then let's explain it, owasp is a foundation aims to help security researchers and companies/organizations to secure their products also to help devs to write a secure code to avoid vulnerable codes. Owasp also provides with some learning materials as the challenges we solved before here for android also they have a vulnerable web app called juice shop to learn web vulnerabilities. The owasp top 10 is a list published by owasp.org every few years about the most found vulnerabilities by security researchers during that period
https://owasp.org/Top10/2025/0x00_2025-Introduction/
❤3👏2👍1
Androguard for android applications analysis for vulnerabilities and more
https://github.com/androguard/androguard
https://github.com/androguard/androguard
GitHub
GitHub - androguard/androguard: Reverse engineering and pentesting for Android applications
Reverse engineering and pentesting for Android applications - GitHub - androguard/androguard: Reverse engineering and pentesting for Android applications
❤4
Many news here in Egypt about a cyber criminal called Abanoub Nady who was providing with Phishing-as-a-Service (PhaaS)
He did over 240 phishing domains for Microsoft only
The funny part, people are saying he is mostly the person who was sending phishing emails with the domain (rnicrosoft.com) "r + n"
Official Microsoft risk management article: https://www.microsoft.com/en-us/security/security-insider/risk-management/egypt-based-cybercriminal-suppliers-websites-seized
He did over 240 phishing domains for Microsoft only
The funny part, people are saying he is mostly the person who was sending phishing emails with the domain (rnicrosoft.com) "r + n"
Official Microsoft risk management article: https://www.microsoft.com/en-us/security/security-insider/risk-management/egypt-based-cybercriminal-suppliers-websites-seized
Microsoft
Microsoft Digital Crimes Unit Targets Cybercrime Key Player | Security Insider
Microsoft's Digital Crimes Unit (DCU) disrupted an Egypt-based phishing campaign by seizing phishing sites. Discover the details of this major operation.
😁7❤3
Forwarded from Android Security & Malware
Flutter SSL Bypass: How to Intercept HTTPS Traffic When all other Frida Scripts Fail
https://m4kr0x.medium.com/flutter-tls-bypass-how-to-intercept-https-traffic-when-all-other-frida-scripts-fail-bd3d04489088
https://m4kr0x.medium.com/flutter-tls-bypass-how-to-intercept-https-traffic-when-all-other-frida-scripts-fail-bd3d04489088
Medium
Flutter SSL Bypass: How to Intercept HTTPS Traffic When all other Frida Scripts Fail
In this article, I’ll walk you through my journey in intercepting HTTPS traffic from a APK based on Flutter during a pentesting engagement…
❤7🔥5👍2
Run full-fledged Linux Distros right on your Android device without rooting.
Official website: https://andronix.app/
Github: https://github.com/AndronixApp
Google play: https://play.google.com/store/apps/details?id=studio.com.techriz.andronix
Official website: https://andronix.app/
Github: https://github.com/AndronixApp
Google play: https://play.google.com/store/apps/details?id=studio.com.techriz.andronix
Andronix App
Install Linux distributions like Ubuntu, Debian, Manjaro and more on your un-rooted Android device.
❤3
Cyber news
TCM Security is running an AI chat bot hacking CTF on
https://ctf.tcmsecurity.com/
The winners are getting 50% discount of the certificates there
Happy hacking
It's easy to solve by the way,I already did it
@reverseengineer101
TCM Security is running an AI chat bot hacking CTF on
https://ctf.tcmsecurity.com/
The winners are getting 50% discount of the certificates there
Happy hacking
It's easy to solve by the way,
@reverseengineer101
❤4🔥3👍2
Cloudflare Turnsite is down so if your website or the website you regularly visit isn't working it's not your problem
Official source from cloudflare: https://www.cloudflarestatus.com/
Official source from cloudflare: https://www.cloudflarestatus.com/
Cloudflarestatus
Cloudflare Status
Welcome to Cloudflare's home for real-time and historical data on system performance.
❤6😢3
reverse engineering
After AWS outage problem many signs are saying that Azure is down in many places of the world, here in Egypt many people/companies claim that they are suffering with Azure services or they can't reach it There is an opinion says all tech companies should…
Well, it should be like this instead of Google's cloud
🤣7🤝6❤1
Gooey
Turn (almost) any Python command line program into a full GUI application with one line
https://github.com/chriskiehl/Gooey/
Turn (almost) any Python command line program into a full GUI application with one line
What is it?
Gooey converts your Console Applications into end-user-friendly GUI applications. It lets you focus on building robust, configurable programs in a familiar way, all without having to worry about how it will be presented to and interacted with by your average user.
https://github.com/chriskiehl/Gooey/
GitHub
GitHub - chriskiehl/Gooey: Turn (almost) any Python command line program into a full GUI application with one line
Turn (almost) any Python command line program into a full GUI application with one line - chriskiehl/Gooey
❤9
This media is not supported in your browser
VIEW IN TELEGRAM
The new Egyptian Nuclear Project
Built Egyptians and Russians on an Egyptian land
🇷🇺🇪🇬🇷🇺🇪🇬
Built Egyptians and Russians on an Egyptian land
🇷🇺🇪🇬🇷🇺🇪🇬
🔥7😱7❤4
New video uploaded !
Intigriti's month (Nov 2025) challenge full walk through
Watch on YouTube
https://youtu.be/ZNYxws_LtWs
Read the write-up on Medium
https://medium.com/@mohamedabozaid961/intigritis-1125-challenge-walk-through-3e3c391f7699
The pdf version is in comments below 👇
@reverseengineer101
Intigriti's month (Nov 2025) challenge full walk through
Watch on YouTube
https://youtu.be/ZNYxws_LtWs
Read the write-up on Medium
https://medium.com/@mohamedabozaid961/intigritis-1125-challenge-walk-through-3e3c391f7699
The pdf version is in comments below 👇
@reverseengineer101
YouTube
Intigriti's 1125 challenge full walk through #ctf #intigriti #challenge
intigriti's Nov 2025 challenge full walk through
You can find the full write up on the pinned comment
You can find the full write up on the pinned comment
👍4💯4🔥2❤1
Prompt injection
Nowadays AI security is crucial, you see most of the websites now add a chat bot based on an AI model and jail breaking it can really leak sensitive data
@reverseengineer101
Nowadays AI security is crucial, you see most of the websites now add a chat bot based on an AI model and jail breaking it can really leak sensitive data
@reverseengineer101
❤8