Zeyad_Azima

Just uploaded HopperSRK(Security Researchers Kit), It's a simple suite of hopper plugins i built to help in malware analysis and researching for vulnerabilities on macOS binaries. The Following are avaliable: - File Operations Analyzer: Detects file system operations including read/write operations, file permissions, and suspicious file access patterns. - XPC/IPC Communication Analyzer: Analyzes XPC service connections and inter-process communication patterns. - Network Operations Analyzer: Identifies network-related APIs, sockets, connections, and suspicious network activity. - Mach IPC Analyzer: Detects Mach port operations and low-level IPC mechanisms. - Keychain & Credential Analyzer: Identifies keychain access, credential theft attempts, and sensitive data access. - Process Injection Detector: Detects code injection techniques including dylib injection, task_for_pid abuse, and memory manipulation. - Anti-Analysis Detector: Identifies anti-debugging, anti-VM, and anti-analysis techniques. - Persistence Analyzer: Detects persistence mechanisms including LaunchAgents, LaunchDaemons, and startup items. - C2 Communication Analyzer: Identifies command & control communication patterns and beaconing behavior. - Rootkit Detector: Detects rootkit behavior including kernel extension loading and system call hooking. - Privilege Escalation Detector: Identifies privilege escalation attempts and authorization bypass techniques. - System Call Analyzer: Analyzes direct system calls and syscall patterns Github Link: https://t.co/rxbqCJgrc8 #malware #analysis #hacking #cybersecurity #reverse #hacker #exploitation #vulnerability

Exciting News! With 1k stars ⭐ on github Offensive Resources V4 is Now Live!, Last time I updated it was around 3 years ago. Offensive Resources V4 - a major upgrade from V3 with 1k stars ⭐ on github and extensive new content for cybersecurity professionals and researchers! > Everybody is welcome to contribute 🆕 What's New in V4? ✅ ATM Hacking ✅ Aircraft Hacking ✅ AI Hacking ✅ DevSecOps ✅ Linux Exploit Development ✅ Windows Exploit Development ✅ Android Exploit Development ✅ iOS Exploit Development ✅ Browser Exploitation ✅ Hypervisor Exploitation ✅ Drones Hacking ✅ MedTech Hacking ✅ CPU Exploitation ✅ GPU Exploitation ✅ macOS Exploitation ✅ Satellite Hacking ✅ Robots Hacking ✅ Vending Machine Hacking ✅ OSINT What You'll Find: • books & whitepapers • professional courses & certifications • hands-on labs & tools • GitHub resource collections and many more .... Access it now: https://t.co/L8KIWVgjNW GitHub: https://t.co/7Fkexsk02J Big thanks to the amazing contributors: Fady Moheb, Youssef Muhammad, and Omar Ahmed for their valuable input! اللَّهُمَّ انْفَعْنِي بِمَا عَلَّمْتَنِي، وَعَلِّمْنِي مَا يَنْفَعُنِي، وَزِدْنِي عِلْمًا #CyberSecurity #InfoSec #PenetrationTesting #EthicalHacking #RedTeam #BlueTeam #BugBounty #OffensiveSecurity #ExploitDevelopment #KernelExploitation #BrowserSecurity #MobileSecurity #OSINT #ThreatIntelligence #VulnerabilityResearch #ZeroDayResearch #HackingTools #SecurityResearch #CyberDefense #ApplicationSecurity #CloudSecurity #DevSecOps #AIHacking #IoTSecurity #ICS #SCADA #ATMSecurity #AviationSecurity #SpaceSecurity #RobotSecurity #MedicalDeviceSecurity #GPUSecurity #CPUSecurity #HypervisorSecurity #BrowserExploitation #LinuxSecurity #WindowsSecurity #macOSSecurity #iOSSecurity #AndroidSecurity #DroneSecurity #SatelliteSecurity #OpenSource #InfoSecCommunity #CyberSecurityAwareness #PenTesting #SecurityTools

Last year, I released my comprehensive notes for the Offensive Security Exploit Developer (OSED) course. Those notes were essentially a hands-on, step-by-step practical guide that walked users through the entire process of crafting exploits from scratch. It was designed to be a go-to reference for anyone diving into Windows-based exploit development, with detailed walkthroughs, code snippets, and troubleshooting tips to handle common pitfalls like ASLR bypasses, ROP chain construction, etc... Now, I've uploaded a new set of notes focused on the Offensive Security macOS Researcher (OSMR) course. However, Offensive Security OffSec has since discontinued that specific course from their lineup. That said, these OSMR notes aren't strictly tied to the cours, it's broader, evergreen resource tailored specifically for macOS Security Research in general. I personally rely on them heavily in my Vulnerability Research work, especially when dissecting and exploiting flaws in macOS applications. They're packed with exhaustive, step-by-step instructions that make complex topics accessible, even for those new to Apple ecosystem internals. they are extremely detailed and practical Every section includes real target, scripts, debugging tips, and fixes for issues you might face. It’s perfect if you are working on researching vulnerabilities on macOS or any macOS apps. Link: https://t.co/wMz5s0LshD #CyberSecurity #InfoSec #MacOSSecurity #Exploit #Exploitation #apple #ios #iphone #Development #Research #vulnerability #vulnerabilities #hackerone #bugbounty #VulnerabilityResearch #ExploitDevelopment #OffensiveSecurity #OSMR #OSED

I uploaded a blogpost on macOS x86_64 shellcoding that explores the fundamentals of writing shellcode on modern macOS systems. Note: it's very boooooring and full of details.  Topics include: - Lab setup and XNU source code navigation - Understanding syscall class routing mechanisms - Building functional shellcodes step-by-step - Extraction methods using objdump and otool - Testing shellcode with custom C loaders - Exercise: BindShell implementation Read the full blog: https://t.co/O59lyauzmj #CyberSecurity #OffensiveSecurity #ExploitDevelopment #InfoSec #SecurityResearch #macOS #Assembly #ReverseEngineering #RedTeam #PenetrationTesting #Shellcoding #macOS #x86_64 #XNU #BSD #LowLevel  #SecurityResearch #ExploitDev #osed #vulnerability #vulnerabilities #exploit #exploits #exploitation #development #c #coding #ide #vscode #kernel #xnu #nasm #gnu #hacking #hackers #hack

I just published a blog post about unpatchd Vulnerability, A Security Bypass which leads to RCE ( just found it ) in apache hugegraph server, fully working on the latest version and previous ones. You can read the research (Includes the PoC). Tested on live targets: Blog: https://t.co/mLkog32NWK PoC: https://t.co/UWAPCSqacQ #apache #vulnerabilty #zeroday #0day #exploit #rce #bug #bugs #hackerone #SoftwareDevelopment