Notes from hacking, breaking, and building. Written down in case they're useful to someone, someday.

A full walkthrough of Beetle, the open-source mobile SAST platform I built — running it with Docker, the scan workflow, every panel in the interface, and how the unpacking, detection, taint, and attack-chain engines actually work.

A full walkthrough — running it with Docker, the scan workflow, every panel in the interface, and how the unpacking, detection, taint, and attack-chain engines work under the hood.
Pattern-scanning ssl_verify_peer_cert across architectures, then emitting a Frida hook that actually works — including QUIC/HTTP3 targets.
One email per post. Mobile security research, bug bounty findings, and tool releases. No newsletter filler.