Had a great time presenting at @reconmtl this weekend - always amazing meeting everyone and sharing research 🙌. For those that missed the conference, or just want to review my WhatsApp work, feel free to read the slides here & hmu if you have questions!.

RT @clearbluejar: new blog post, new tool 👀. Unlock project-wide, multi-binary analysis with pyghidra-mcp, a headless Ghidra MCP server for….

What do you want to know?.

RT @clearbluejar: First time in Ibiza for #OBTS 🌴☀️ and couldn’t be more stoked! Honored to be speaking alongside some brilliant researcher….

RT @alfiecg_dev: Just released a short writeup for the A9 version of the Trigon exploit, which involves getting code execution on a coproce….

RT @exploitsclub: EXTRA EXTRA 📣📰 #79 OUT NOW!. WhatsApp bugs from @datalocaltmp. @immortalp0ny finds a 20 year old….

Fired up to see everyone in beautiful Montreal for @reconmtl 2025 - attend my talk to hear about my research on WhatsApp. Might have a surprise 4th bug make an appearance 👀

RT @thatjiaozi: Oh hey! That’s my bug 👀 .

RT @phwd_: Respect and blessings 🙇.And big ❤️ to my good friend, a true homie Luke (@datalocaltmp) he is a real OG for the amount of conten….

Thrilled to be speaking at @reconmtl 2025 for the 20th anniversary!. My talk is "Call, Crash, Repeat: Hacking WhatsApp" and covers my reverse engineering efforts and the bugs I've found in deeplink handling, PJSIP usage, and XMPP signalling. Hope you find it interesting 🥳

Enjoying the Tokyo skyline with my mate courtesy of my friends at @BugBountyArg and @ekoparty - beautiful day to be a hacker!

On vacay in Taipei and I heard TSMC engineers place these chips (乖乖) next to their computers for good luck. Hoping they boost my odds of getting this talk on WhatsApp bugs past the CFP stage!

Focused on iOS research rn - pleasently surprised to see that user data persists when downgrading apps with TrollStore. i.e. Find bug in v7 - app auto updates to v8 - force downgrade to v7.0 with TrollStore - user data persists. For when you forget to turn off updates . 🤦‍♂️.

Since AFL++ is making random permutations, can I claim these bug bounties as tax free lottery winnings?.

Tested GhidraMCP for RE on stripped binaries - specifically the URL validation functions in Messenger (see my EkoParty talk). It reached the same conclusions in under a minute - may have took me a moment longer 👀. S/O @lauriewired for the awesome tool -

RT @lauriewired: Just built an MCP for Ghidra. Now basically any LLM (Claude, Gemini, local. ) can Reverse Engineer malware for you. Wit….

RT @clearbluejar: Wrapped up an incredible time teaching #PatchDiffingInTheDark in Austin, TX with @_ringzer0 ! The city didn’t disappoint—….

RT @signalapp: Right now there are a lot of new eyes on Signal, and not all of them are familiar with secure messaging and its nuances. Whi….

RT @0xcc: 0xCC 2025 tickets are now available! 🎉✨. We're a free technical training conference by women, for women in or interested in cyber….

RT @vxunderground: Yesterday I became acquainted with a young and passionate person who, for the past 2 years, has been documenting RATs (i….

RT @0xcc: Have you heard about our travel grant program? . It aims to support students, those starting out, returning to work and other int….