Nad

@[email protected]
25 Followers
58 Following
57 Posts

Hacker (the good kind[mostly]). Breaking things, fixing them, then breaking them again. AI, robotics, honeypots, and whatever else keeps me up at night

github.com/Rat5ak
medium.com/@Nadsec
x.com/Nadsec11
bsky.app/profile/nadsec.online

Nad4d ago
When are people going to get realistic and accept that these AI agents effectively are holding zero days for every single piece of technology on Earth RN.
So many people in denial..
yall gonna find out over the next couple of month or so… (more likely the next couple of week)
NadMar 12
matteyeuxMar 9
After playing a bit with the coruna exploit chain, I dumped the kernel exploit and one of the implants in powerd
https://github.com/matteyeux/coruna
GitHub - matteyeux/coruna: deobfuscated JS and blobs from https://b27[.]icu, first attempt at using claude

deobfuscated JS and blobs from https://b27[.]icu, first attempt at using claude - matteyeux/coruna

GitHub
NadMar 12

Yall are gonna wanna listen to this one:

https://risky.biz/RBFEATURES5/

A ridiculously deep dive into the Coruna Exploits - Risky Business Media

Join James Wilson in this solo podcast as he takes a (ridiculously) deep dive into the Coruna exploit kit. James was a software engineer a [Read More]

NadMar 11

Found this bug on the weekend :)
https://curl.se/docs/CVE-2026-3805.html

Curl is cool. For the love of the game..

curl - use after free in SMB connection reuse - CVE-2026-3805

NadMar 9
Kernel Analysis now available for Coruna malware
Blog post and full technical analysis of the whole chain also updated significantly.
-Corrections made
https://www.nadsec.online/blog/coruna
https://www.nadsec.online/blog/coruna-technical-analysis
https://github.com/Rat5ak/CORUNA_IOS-MACOS_FULL_DUMP.git
https://www.nadsec.online/blog/coruna-kernel-exploit
Inside Coruna: Reverse Engineering a Nation-State iOS Exploit Kit | NadSec

Deep-dive into Coruna - a nation-state iOS exploit kit reverse-engineered from obfuscated JavaScript. WebKit RCE, PAC bypass, JIT cage escape.

NadMar 9
The vuln disclosures lately… straight sagacious.
NadMar 6

Reverse-engineered Coruna - a nation-state iOS exploit kit - from raw JavaScript. 28 modules, 500+ XOR strings decoded, 6,596-line teardown. PAC bypass, JIT cage escape, PACDB hash forgery.
https://www.nadsec.online/blog/coruna
https://www.nadsec.online/blog/coruna-technical-analysis
(technical analysis more interesting, read coruna blog post first, technical analysis looks better on github, link on-site)

-originally dumped by - https://github.com/matteyeux/coruna

Inside Coruna: Reverse Engineering a Nation-State iOS Exploit Kit | NadSec

Deep-dive into Coruna - a nation-state iOS exploit kit reverse-engineered from obfuscated JavaScript. WebKit RCE, PAC bypass, JIT cage escape.

NadMar 5
Finna drop this whole exploit chain for iOS and Mac.
NadMar 5
7 years in prison…
That’s all you get apparently.
NadMar 2

Syrian Gov Haked:
Live RN

https://x.com/sycbgov/status/2028424567845437487?s=20

nad (@Nadsec11) on X

Gotem

X (formerly Twitter)