Tricta

@_tricta

⚙️ Low Level | 🏴‍☠️ New Pirate

Joined September 2025

55 Following

9 Followers

7 Posts

_tricta retweeted

cr3ghost

@cr3ghost

1 day ago

3-part series on a 0-click exploit chain targeting Pixel 9, from RCE in mediacodec to kernel LPE. Part 1: https://t.co/QzVc7XLhsq Part 2: https://t.co/lYDyhfpVmd Part 3: https://t.co/lLHyUABqBm Research by @natashenka and @__sethJenkins #infosec

cr3ghost's tweet photo. 3-part series on a 0-click exploit chain targeting Pixel 9, from RCE in mediacodec to kernel LPE.

Part 1:
https://t.co/QzVc7XLhsq

Part 2:
https://t.co/lYDyhfpVmd

Part 3:
https://t.co/lLHyUABqBm

Research by @natashenka and @__sethJenkins

#infosec https://t.co/LDSXiHiJPt

_tricta retweeted

Hakai Offsec

@HakaiOffsec

10 days ago

Today, live from South Korea, we have a presentation by Hakai, with João Pedro Tricta. Zygote is Android’s first process and the template for every app. Its privileged position makes it ideal for system-level injection that can bypass SELinux restrictions. This talk breaks down the end-to-end injection chain, from loader stages to Zygote and process-spawn propagation, then demos my own native and Dalvik (DEX) hooking approach as an alternative to attach-based tools and for research into bypassing RASP protections. João Pedro Tricta is a 20-year-old Brazilian security researcher, malware developer, and Client Applications Squad Leader at Hakai Offensive Security. Passionate about Sysinternals, reverse engineering, low-level internals, and client-side applications, he lives deep in debuggers and disassemblers. When he’s not coding or breaking things, he’s gaming, hanging out with cats, and eating an unreasonable amount of pizza. Linkedin: https://t.co/f8sZrTrhVb Instagram: @_tricta Data 28/05/2026 - Horário de Brasília 22:45h Agenda: https://t.co/sFbSTfquT7

HakaiOffsec's tweet photo. Today, live from South Korea, we have a presentation by Hakai, with João Pedro Tricta.

Zygote is Android’s first process and the template for every app. Its privileged position makes it ideal for system-level injection that can bypass SELinux restrictions.
This talk breaks down the end-to-end injection chain, from loader stages to Zygote and process-spawn propagation, then demos my own native and Dalvik (DEX) hooking approach as an alternative to attach-based tools and for research into bypassing RASP protections.

João Pedro Tricta is a 20-year-old Brazilian security researcher, malware developer, and Client Applications Squad Leader at Hakai Offensive Security. Passionate about Sysinternals, reverse engineering, low-level internals, and client-side applications, he lives deep in debuggers and disassemblers. When he’s not coding or breaking things, he’s gaming, hanging out with cats, and eating an unreasonable amount of pizza.

Linkedin: https://t.co/f8sZrTrhVb
Instagram: @_tricta

Data 28/05/2026 - Horário de Brasília 22:45h
Agenda: https://t.co/sFbSTfquT7

_tricta retweeted

TyphoonCon🌪️

@typhooncon

4 months ago

We’re excited to announce the first confirmed speaker for TyphoonCon 2026! João Pedro (aka Tricta) will be joining us in Seoul to share insights, research, and real-world experience in The Age of Zygote Injection talk. https://t.co/PoZ3UlXgeh

typhooncon's tweet photo. We’re excited to announce the first confirmed speaker for TyphoonCon 2026!
João Pedro (aka Tricta) will be joining us in Seoul to share insights, research, and real-world experience in The Age of Zygote Injection talk.

https://t.co/PoZ3UlXgeh https://t.co/KfhScWOjRq

886

Tricta @_tricta

7 months ago

Big thanks for trying it out and sharing it around, really appreciate it! This keeps things moving, and I’ve got some really cool stuff coming soon!

Tricta @_tricta

8 months ago

Wow man!! Thanks so much for spreading the solution and giving it a try, really means a lot! We’ve got some cool stuff coming soon, and everyone’s welcome to jump in!

Mobile Hacker @androidmalware2

8 months ago

New Android BEERUS framework for dynamic analysis & reverse engineering BEERUS brings Frida auto-injection, sandbox exfiltration, memory dumps, Magisk integration and more for on device app analysis by @HakaiOffsec #AndroidSecurity #Frida #ReverseEngineering #MalwareAnalysis

androidmalware2's tweet photo. New Android BEERUS framework for dynamic analysis & reverse engineering
BEERUS brings Frida auto-injection, sandbox exfiltration, memory dumps, Magisk integration and more for on device app analysis by @HakaiOffsec
#AndroidSecurity #Frida #ReverseEngineering #MalwareAnalysis https://t.co/BVrgV1Odip

583

358

31K

211

_tricta retweeted

trish

@TrisH0x2A

8 months ago

You don’t “print” in C. You ask the kernel to do it. printf("hi") → calls write() → invokes syscall interrupt → kernel writes to stdout.

956

163

66K

_tricta retweeted

Hakai Offsec

@HakaiOffsec

9 months ago

O Beerus Framework é uma ferramenta ofensiva mobile desenvolvida para facilitar todo o processo de pentest em dispositivos Android. Com uma interface unificada diretamente no dispositivo, o Beerus permite realizar desde a instrumentação de aplicações de forma built-in no dispositivo com Frida Core, exfiltração de dados do sandbox, memory dumping, proxying, controle de módulos Magisk, manipulação de propriedades e muito mais. Construído sobre Frida e Magisk, o Beerus é modular, extensível e projetado para testes em dispositivos com root, otimizando tarefas comuns de pentest e habilitando automações a partir de um único app. Neste paper, exploramos as principais funcionalidades do framework, com foco especial em algumas delas. A proposta não é detalhar exaustivamente seu funcionamento, mas oferecer uma visão ampla do que ele abrange e do que é capaz. Lembrando que o Beerus Framework já está disponível para download diretamente no repositório oficial no GitHub. https://t.co/GHATbcgHVF Autores: Tricta e Daniel Franca Lima

HakaiOffsec's tweet photo. O Beerus Framework é uma ferramenta ofensiva mobile desenvolvida para facilitar todo o processo de pentest em dispositivos Android.

Com uma interface unificada diretamente no dispositivo, o Beerus permite realizar desde a instrumentação de aplicações de forma built-in no dispositivo com Frida Core, exfiltração de dados do sandbox, memory dumping, proxying, controle de módulos Magisk, manipulação de propriedades e muito mais.
Construído sobre Frida e Magisk, o Beerus é modular, extensível e projetado para testes em dispositivos com root, otimizando tarefas comuns de pentest e habilitando automações a partir de um único app.

Neste paper, exploramos as principais funcionalidades do framework, com foco especial em algumas delas. A proposta não é detalhar exaustivamente seu funcionamento, mas oferecer uma visão ampla do que ele abrange e do que é capaz.
Lembrando que o Beerus Framework já está disponível para download diretamente no repositório oficial no GitHub.
https://t.co/GHATbcgHVF

Autores: Tricta e Daniel Franca Lima

286

Tricta

@_tricta

Last Seen Users on Sotwe

Trends for you

Most Popular Users