Original research
Deep-dive security research by NadSec. Exploit chain teardowns, malware reverse engineering, and threat intelligence writeups - all based on original work.
How I reverse-engineered 28 JavaScript modules recovered from b27.icu - a watering-hole domain serving a Safari exploit chain targeting iOS 16.0-17.2. Covers WebKit RCE, PAC bypass, JIT cage escape, and the PACDB rolling hash forgery algorithm.
6,596-line static reverse engineering of 16 recovered JavaScript modules. Full XOR string decryption, WebAssembly extraction, ARM64 gadget scanner reconstruction, and complete class taxonomy of every exploitation primitive.