Well, I am proud enough and happy to say I got my first ACE (Arbitrary Code Execution)
It started with only exposed debugging point then I was able to execute JS over a Sandbox then I managed to escape it and if you are asking how the answer is I found another vulnerability which is prototype pollution and I was able to invoke some native JS as well like the constructor (like react2shell
Finally what I want to say that wasn't an easy thing to do I passed more than three days just trying and failing and trying. Nothing comes easy as you think
@reverseengineer101
It started with only exposed debugging point then I was able to execute JS over a Sandbox then I managed to escape it and if you are asking how the answer is I found another vulnerability which is prototype pollution and I was able to invoke some native JS as well like the constructor (like react2shell
constructor.constructor but mine is not the same vulnerability) this gave me the ability to explore some internals, I trying to leverage it more now maybe to get the full RCE (Remote Code Execution)Finally what I want to say that wasn't an easy thing to do I passed more than three days just trying and failing and trying. Nothing comes easy as you think
@reverseengineer101
🔥11❤🔥6❤5
reverse engineering
New video uploaded ! Intigriti's month (Nov 2025) challenge full walk through Watch on YouTube https://youtu.be/ZNYxws_LtWs Read the write-up on Medium https://medium.com/@mohamedabozaid961/intigritis-1125-challenge-walk-through-3e3c391f7699 The pdf version…
My write (M0habozaid) up got the third place in best write ups
https://bugology.intigriti.io/intigriti-monthly-challenges/1125
https://bugology.intigriti.io/intigriti-monthly-challenges/1125
🔥10❤9👍3❤🔥2
Forwarded from Fly Dragon Fly
Reverse Engineering
Android Internals Review
Setup Environments
Developer Options
Android Debug Bridge
Android Applications Structure
Dalvik Virtual Machine
Android Application Decompiling
Android Manifest
Permissions
Activities
Application Subclass
Intents
Broadcast Receivers
Services
Content Provider
Application Signing
Master Key vulnerability
Dex2jar
JADX-GUI
Androguard
Introduction To Smali
Dalvik Opcodes Cheatsheet
Smali File Structure
Control Flows Statements In Smali
Rooting Detection
Classes & Objects In Smali
Exception Handling In Smali
Debugging
Traffic Interception Theory in Android
How HTTPS Work?
Certificate Pinning
Certificate Pinning Bypass Methods
What is Frida?
Hooking Theory
Hands On Frida
Working with Objects/Instances
Manipulating UI Thread Using Frida
Hooking NDK Libraries
Overwriting C/C++ Method Using Frida
Analyzing C/C++ Library Using Ghidra
Frida without Root
Frida Scripts
Please open Telegram to view this post
VIEW IN TELEGRAM
Secure's Notion on Notion
Android Internals Review | Notion
Let’s briefly examine Android’s architecture from the bottom up. This figure show how’s a simplified representation of the Android stack.
❤13👍5🔥2
Meta posts the way you can use to intercept the traffic in Facebook (mobile app)
https://bugbounty.meta.com/learn/articles/mitmproxy-burp-tls13-workaround
https://bugbounty.meta.com/learn/articles/mitmproxy-burp-tls13-workaround
Meta
Intercepting Facebook Mobile Traffic with mitmproxy and Burp | Meta Bug Bounty
Step by step guide for security researchers using mitmproxy as an upstream proxy to downgrade TLS 1.3 traffic and intercept Facebook mobile traffic in Burp.
❤5👏2
Tiny XSS Payloads
In case of your target is vulnerable to xss but you have some limitations due to the WAF or filtering you can try them and you can costumize them as well
tinyxss.terjanq.me
Shared by @reverseengineer101
From intigriti on X (formally Twitter)
In case of your target is vulnerable to xss but you have some limitations due to the WAF or filtering you can try them and you can costumize them as well
tinyxss.terjanq.me
Shared by @reverseengineer101
From intigriti on X (formally Twitter)
🔥2❤1
Forwarded from Darksec
CVE-2026-21858 + CVE-2025-68613: n8n Ni8mare - Full Chain Exploit
Unauthenticated to Root RCE:
- LFI via Content-Type confusion
- Read /proc/self/environ to find HOME
- Steal encryption key + database
- Forge admin JWT token
- Expression injection sandbox bypass
- RCE as root
CVSS 10.0
https://github.com/Chocapikk/CVE-2026-21858
Unauthenticated to Root RCE:
- LFI via Content-Type confusion
- Read /proc/self/environ to find HOME
- Steal encryption key + database
- Forge admin JWT token
- Expression injection sandbox bypass
- RCE as root
CVSS 10.0
https://github.com/Chocapikk/CVE-2026-21858
GitHub
GitHub - Chocapikk/CVE-2026-21858: n8n Ni8mare - Unauthenticated Arbitrary File Read to RCE Chain (CVSS 10.0)
n8n Ni8mare - Unauthenticated Arbitrary File Read to RCE Chain (CVSS 10.0) - Chocapikk/CVE-2026-21858
❤🔥5🔥4🥰1
Well Discord seems to be banned in Egypt 🇪🇬
Unfortunately as everything has a good side it has a bad one as well 😔
https://eg.downdetector.com/status/discord/
Unfortunately as everything has a good side it has a bad one as well 😔
https://eg.downdetector.com/status/discord/
❤7
This media is not supported in your browser
VIEW IN TELEGRAM
Be careful ! about what you are clicking these days
Don't click any usernames from untrusted sources because one click can expose your IP address to the attackers servers via a fake proxy initialized before by the attacker
Shared from https://www.facebook.com/Sir.MaTrix
@reverseengineer101
Don't click any usernames from untrusted sources because one click can expose your IP address to the attackers servers via a fake proxy initialized before by the attacker
Shared from https://www.facebook.com/Sir.MaTrix
@reverseengineer101
⚡5❤4👍4👨💻2
reverse engineering
Be careful ! about what you are clicking these days Don't click any usernames from untrusted sources because one click can expose your IP address to the attackers servers via a fake proxy initialized before by the attacker Shared from https://www.faceboo…
The Proof of Concept (PoC)
https://github.com/g0vguy/Telegram_1-Click_Vulnerability
Thanks for RHine for sharing ❤️
https://github.com/g0vguy/Telegram_1-Click_Vulnerability
Thanks for RHine for sharing ❤️
GitHub
GitHub - g0vguy/Telegram_1-Click_Vulnerability: A proof-of-concept exploit for Telegram's proxy validation vulnerability that leaks…
A proof-of-concept exploit for Telegram's proxy validation vulnerability that leaks users' real IP addresses, bypassing VPNs and proxy settings. - g0vguy/Telegram_1-Click_Vulnerability
❤6👏3😁1🤬1
Claude AI is down
After what we saw from cloudflare at the end of 2025 will Claude be the same 😂
As some people say DaaS (Downtime As A Service)
Be updated on https://status.claude.com/
After what we saw from cloudflare at the end of 2025 will Claude be the same 😂
Be updated on https://status.claude.com/
❤6😁5👎1
This must be a joke 😂
How to say our app can be a Trojan without saying 😁
Anyway that is why I always advise you not to install anything on your device
I don't have any personal issues with the app manufacture, but I had say my opinion from a security perspective
#stay_safe_stay_secure
@reverseengineer101
How to say our app can be a Trojan without saying 😁
Anyway that is why I always advise you not to install anything on your device
I don't have any personal issues with the app manufacture, but I had say my opinion from a security perspective
#stay_safe_stay_secure
@reverseengineer101
❤7😁2
HackerAI is now available on Mac, Linux, and Windows.
hackerai.co/download
Github
https://github.com/hackerai-tech/hackerai
Shared by @reverseengineer101
hackerai.co/download
Github
https://github.com/hackerai-tech/hackerai
Shared by @reverseengineer101
hackerai.co
Download HackerAI Desktop | HackerAI
Download HackerAI desktop app for macOS, Windows, and Linux. AI-powered penetration testing at your fingertips.
❤9👎2