Blog

How to systematically extract struct field offsets from Apple's stripped XNU kernelcache using static analysis alone.

A hands-on exploration of Pointer Authentication Codes (PAC) on iOS. We'll understand how PAC works at a deep level, explore how PAC signing can be triggered programmatically.

How does Predator spyware transform from running code into active surveillance? This technical deep-dive reverse-engineers the internal factory architecture that dynamically creates camera monitoring, VoIP interception, and keylogging modules through Unix socket commands revealing the infrastructure between exploitation and surveillance

A complete walkthrough of the 8ksec "FridaInTheMiddle" challenge: bypassing Frida detection, hooking Swift functions, and intercepting arguments on a jailbroken iPhone.

Deep dive into ptrace internals, from syscall to kernel implementation, understanding how it prevents debugger attachment and how to bypass it.

How to write an anti-debugging mechanism using fork and how to detect it!