Lior Keshet @LiorKesh - Twitter Profile

Pinned Tweet

11 months ago

We broke commercial root detection in Android apps 🔓📲 We targeted sensitive apps - finance, security, government - which use commercial protections. We got them running on rooted devices. That gave us full control to modify app behavior however we wanted. 👇

3

20

10

13

7K

Lior Keshet @LiorKesh

2 months ago

Our team participates in public bug bounty programs to sharpen our vulnerability research skills. We recently looked at Firedancer, a blockchain validator client, and found a remotely triggerable vulnerability. https://t.co/7hi19uyWDB

0

5

4

3

210

LiorKesh retweeted

Immunefi

@immunefi

2 months ago

Congrats to security researcher Liork (@LucidBitLabs) for earning $50,000 from a blockchain/dlt High vulnerability. They're now ranked 83rd on the all-time leaderboard. Pledge IMU behind them so that when they find new bugs and increase their rank, you both get IMU rewards. https://t.co/ZOO3mHfEwp

immunefi's tweet photo. Congrats to security researcher Liork (@LucidBitLabs) for earning $50,000 from a blockchain/dlt High vulnerability.

They're now ranked 83rd on the all-time leaderboard.

Pledge IMU behind them so that when they find new bugs and increase their rank, you both get IMU rewards.

https://t.co/ZOO3mHfEwp

7

196

19

16

7K

Lior Keshet @LiorKesh

3 months ago

3/ A second vulnerability

0

81

Who to follow

Gal Z

@0xgalz

Security Researcher. Reverse Engineering 💙 Vulnerability Research 💜 Embedded 🤖 C++🤩 OS Internals 🤍 Sewing🧵 Classical Music🎼 Opinions are my own.

Kyle Cucci

@d4rksystem

Threat Research @proofpoint | Author of "Evasive Malware" @nostarch | Talks about cybercrime, threat intel, and malware stuff.

Tal Be'ery

@TalBeerySec

Security Research Manager. Co-Founder, CTO @ZenGo. Advisor @ZeroNetworks. x-VP Research Aorato, acq by @Microsoft. 10 times @BlackHatEvents speaker.

Lior Keshet @LiorKesh

3 months ago

1/ Our team at @LucidBitLabs recently audited a crypto wallet app. We found 2 impactful vulnerabilities 👇

1

4

2

0

563

Lior Keshet @LiorKesh

3 months ago

4/ Read the full post here - https://t.co/j8sY1gmGpS

1

0

1

105

Lior Keshet @LiorKesh

4 months ago

@LucidBitLabs @k33p_R3AL

0

18

LiorKesh retweeted

LucidBitLabs @LucidBitLabs

4 months ago

We audited a mobile crypto wallet and found impactful vulnerabilities. Check out the research here - https://t.co/yYL5LmZeMi

1

6

2

516

LiorKesh retweeted

Immunefi

@immunefi

6 months ago

Incredible. Security researcher Liork (@LucidBitLabs) just earned $100,000 for their first ever report on Immunefi. Oh, and this report earned Liork some pretty big Hunt Points, too.

immunefi's tweet photo. Incredible.

Security researcher Liork (@LucidBitLabs) just earned $100,000 for their first ever report on Immunefi.

Oh, and this report earned Liork some pretty big Hunt Points, too. https://t.co/eei2aAz7VB

5

232

11

29

11K

Lior Keshet @LiorKesh

11 months ago

@nyamabites The module is custom for the specific apps we targeted, so it isn't generally useful. Due to legal concerns, we are not able to share it

1

0

159

Lior Keshet @LiorKesh

11 months ago

We broke commercial root detection in Android apps 🔓📲 We targeted sensitive apps - finance, security, government - which use commercial protections. We got them running on rooted devices. That gave us full control to modify app behavior however we wanted. 👇

3

20

10

13

7K

Lior Keshet @LiorKesh

11 months ago

Finally, we built a persistent module, and got the apps cleanly running on the rooted device across reboots, updates, reinstalls - no adb needed. Read the full writeup here - https://t.co/eOVV5MpVUc

0

13

6

10

662

Lior Keshet @LiorKesh

11 months ago

We reverse-engineered the apps, bypassing anti research protections. We pinpointed critical 'decision points' in which the app determines whether its safe to run or not. By hooking these points, we got the apps running happily on rooted devices

1

5

2

0

574

LiorKesh retweeted

Denis Laskov 🇮🇱

@it4sec

11 months ago

DJI drone security analysis: reverse engineering communication, firmware extraction, and fuzzing for vulnerabilities. 𖥂🎮 ၊၊||၊ 💥 More details on: LinkedIn: https://t.co/162VDMNzmc Substack: https://t.co/EPVwWcPRfJ

it4sec's tweet photo. DJI drone security analysis: reverse engineering communication, firmware extraction, and fuzzing for vulnerabilities. 𖥂🎮 ၊၊||၊ 💥

More details on:
LinkedIn: https://t.co/162VDMNzmc
Substack: https://t.co/EPVwWcPRfJ https://t.co/BRpmP1EXWC

15

756

138

514

41K

Lior Keshet @LiorKesh

11 months ago

At @LucidBitLabs, we broke commercial root detection in apps with top-tier app protections in place (RASP). Full write up - https://t.co/eOVV5MpVUc

0

7

5

4

1K

LiorKesh retweeted

Dataflow Security

@dfsec_com

about 1 year ago

Our new blog post is live: https://t.co/8bikPTaZfn

2

263

84

86

60K

LiorKesh retweeted

offensivecon

@offensive_con

about 1 year ago

#OffensiveCon25 videos are now up! https://t.co/aRzmXS7iPA

9

415

171

161

115K

LiorKesh retweeted

J @Morpheus______

about 1 year ago

"DisARMing" code - an exploration into systems programming, #debugging & #reverseEngineering on #Linux/#Android/#Darwin and #Aarch64! 510+ pages #book in COLOR(!) https://t.co/IJdPuGsVAa for details, because there's more to detail than the margins of a Twitter message can hold.

Morpheus______'s tweet photo. "DisARMing" code - an exploration into systems programming, #debugging & #reverseEngineering on #Linux/#Android/#Darwin and #Aarch64! 510+ pages #book in COLOR(!)

https://t.co/IJdPuGsVAa for details, because there's more to detail than the margins of a Twitter message can hold. https://t.co/GnwiF7uTUR

6

228

56

95

17K

Lior Keshet

@LiorKesh

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users