theXappy
@thexappy.bsky.social
Mobile Security Researcher, Packets Inspector, .NET dev
Ever wondered what your modem really says to your SIM card?
I sniffed raw APDU traffic off the SIM pins, decoded the UART based on the ATR, and piped it into Wireshark.
Full guide: how to wire it, decode it, and see the bytes for yourself.
🔎💥📶
github.com/theXappy/tra...
I sniffed raw APDU traffic off the SIM pins, decoded the UART based on the ATR, and piped it into Wireshark.
Full guide: how to wire it, decode it, and see the bytes for yourself.
🔎💥📶
github.com/theXappy/tra...
May 3, 2025 at 6:33 AM
Ever wondered what your modem really says to your SIM card?
I sniffed raw APDU traffic off the SIM pins, decoded the UART based on the ATR, and piped it into Wireshark.
Full guide: how to wire it, decode it, and see the bytes for yourself.
🔎💥📶
github.com/theXappy/tra...
I sniffed raw APDU traffic off the SIM pins, decoded the UART based on the ATR, and piped it into Wireshark.
Full guide: how to wire it, decode it, and see the bytes for yourself.
🔎💥📶
github.com/theXappy/tra...
Wrote some Cursed C# today.
Made `Console.WriteLine` throw a `System.UnauthorizedAccessException`.
Made `Console.WriteLine` throw a `System.UnauthorizedAccessException`.
March 8, 2025 at 1:34 PM
Wrote some Cursed C# today.
Made `Console.WriteLine` throw a `System.UnauthorizedAccessException`.
Made `Console.WriteLine` throw a `System.UnauthorizedAccessException`.
It's not stalking if you call it OSINT
January 6, 2025 at 6:47 AM
It's not stalking if you call it OSINT
Microsoft got their sh*t together regarding PDB downloads.
Installed and used `dotnet-symbol` to fetch a PDB for SharedLibrary.dll and it wasn't a complete fiasco.
10/10
learn.microsoft.com/en-us/dotnet...
Installed and used `dotnet-symbol` to fetch a PDB for SharedLibrary.dll and it wasn't a complete fiasco.
10/10
learn.microsoft.com/en-us/dotnet...
dotnet-symbol diagnostic tool - .NET CLI - .NET
Learn how to install and use the dotnet-symbol CLI tool to download files required for debugging .NET dumps and minidumps.
learn.microsoft.com
December 21, 2024 at 8:51 PM
Microsoft got their sh*t together regarding PDB downloads.
Installed and used `dotnet-symbol` to fetch a PDB for SharedLibrary.dll and it wasn't a complete fiasco.
10/10
learn.microsoft.com/en-us/dotnet...
Installed and used `dotnet-symbol` to fetch a PDB for SharedLibrary.dll and it wasn't a complete fiasco.
10/10
learn.microsoft.com/en-us/dotnet...
TIL: If you "return a struct" from a C/++ function, and it's larger then 8 bytes, it becomes a by-ref argument.
Caller created an empty struct -> Passes pointer to the func, as the last arg -> func populated the pointed struct.
* at least for MSVC for x64
Caller created an empty struct -> Passes pointer to the func, as the last arg -> func populated the pointed struct.
* at least for MSVC for x64
December 5, 2024 at 5:28 PM
TIL: If you "return a struct" from a C/++ function, and it's larger then 8 bytes, it becomes a by-ref argument.
Caller created an empty struct -> Passes pointer to the func, as the last arg -> func populated the pointed struct.
* at least for MSVC for x64
Caller created an empty struct -> Passes pointer to the func, as the last arg -> func populated the pointed struct.
* at least for MSVC for x64
I LOVE reading the LLM's 4-paragraph sob story before it gives me the 3 lines of python code that print the current time in UTC-0.
November 27, 2024 at 5:22 PM
I LOVE reading the LLM's 4-paragraph sob story before it gives me the 3 lines of python code that print the current time in UTC-0.
That time I wrote a Wireshark dissector for Roccat KoneXTD
Damn I love reversing protocols
github.com/theXappy/Kon...
#reverseengineering #reversing #wireshark
Damn I love reversing protocols
github.com/theXappy/Kon...
#reverseengineering #reversing #wireshark
November 22, 2024 at 10:52 AM
That time I wrote a Wireshark dissector for Roccat KoneXTD
Damn I love reversing protocols
github.com/theXappy/Kon...
#reverseengineering #reversing #wireshark
Damn I love reversing protocols
github.com/theXappy/Kon...
#reverseengineering #reversing #wireshark
Someone had to make a decision between "liability vs impossible-to-fix issues when your customers each try to set up the on-prem infra" and they chose the one which actually allowed them to run a business.
My story abt the implications of this. NSO exec Ramon Eshkar testified: NSO “secured the WhatsApp accounts used by Pegasus for customer installations … + set up + controlled all server infrastructure used to implant Pegasus + deliver the exfiltrated data" to customers
therecord.media/nso-group-wh...
therecord.media/nso-group-wh...
Testimony from NSO Group raises questions about its culpability for spyware abuses
Recently released court documents appear to show that spyware maker NSO Group plays a greater role in loading its surveillance tools onto targets' devices than previously understood.
therecord.media
November 19, 2024 at 7:08 PM
Someone had to make a decision between "liability vs impossible-to-fix issues when your customers each try to set up the on-prem infra" and they chose the one which actually allowed them to run a business.
Oopsec
Oh, I never posted my gotofail story on here.
Early 2014, someone came to me about a catastrophic vulnerability in Apple's TLS implementation.
I shit you not, they'd overheard someone at a bar drunkenly bragging about how they were going to sell it to a FVEY intelligence agency for six figures.
Early 2014, someone came to me about a catastrophic vulnerability in Apple's TLS implementation.
I shit you not, they'd overheard someone at a bar drunkenly bragging about how they were going to sell it to a FVEY intelligence agency for six figures.
November 18, 2024 at 11:24 AM
Oopsec
Reposted by theXappy
NEW: WhatsApp forced a judge to release previously non-public court documents, which include a ton of details on how NSO's spyware works.
The documents show how NSO targeted WhatsApp, citing depositions from NSO employees, and more.
Here are the biggest revelations.
techcrunch.com/2024/11/15/n...
The documents show how NSO targeted WhatsApp, citing depositions from NSO employees, and more.
Here are the biggest revelations.
techcrunch.com/2024/11/15/n...
NSO Group admits cutting off 10 customers because they abused its Pegasus spyware, say unsealed court documents | TechCrunch
Newly unsealed documents brought by a WhatsApp lawsuit shows NSO Group's spyware, Pegasus, was used to hack as many as "tens of thousands” of devices.
techcrunch.com
November 15, 2024 at 8:58 PM
NEW: WhatsApp forced a judge to release previously non-public court documents, which include a ton of details on how NSO's spyware works.
The documents show how NSO targeted WhatsApp, citing depositions from NSO employees, and more.
Here are the biggest revelations.
techcrunch.com/2024/11/15/n...
The documents show how NSO targeted WhatsApp, citing depositions from NSO employees, and more.
Here are the biggest revelations.
techcrunch.com/2024/11/15/n...
I really dislike debugging for "which line is giving this UI element focus?"
November 15, 2024 at 4:18 PM
I really dislike debugging for "which line is giving this UI element focus?"
Reposted by theXappy
One of the topics that came up at BlueHat last week was around apps. Lots of good information was covered that will be posted at www.microsoft.com/bluehat/. Until then here are some resources for you to check out. /1
BlueHat | Microsoft
Microsoft BlueHat - Bringing offensive and defensive cyber security professionals together to address modern threats.
www.microsoft.com
November 8, 2024 at 4:35 PM
One of the topics that came up at BlueHat last week was around apps. Lots of good information was covered that will be posted at www.microsoft.com/bluehat/. Until then here are some resources for you to check out. /1
Obligatory "Hello, World"
November 10, 2024 at 6:39 PM
Obligatory "Hello, World"