https://cocomelonc.github.io/macos/2025/06/25/malware-mac-3.html next post from my blog, low-level programming on macOS (Intel).
If you found this guide helpful and want to learn more, keep an eye out for upcoming posts where we'll dive into more complex topics, like creating persistent malware, evading detection, and hooking system calls.
twitter: https://x.com/cocomelonckz/status/1938452085885784303
#malware #hacking #research #maldev #blueteam #redteam #purpleteam #cybersecurity #blackhat #assembly #macos #apple #cybercrime
If you found this guide helpful and want to learn more, keep an eye out for upcoming posts where we'll dive into more complex topics, like creating persistent malware, evading detection, and hooking system calls.
twitter: https://x.com/cocomelonckz/status/1938452085885784303
#malware #hacking #research #maldev #blueteam #redteam #purpleteam #cybersecurity #blackhat #assembly #macos #apple #cybercrime
cocomelonc
MacOS hacking part 3: shellcoding. x86_64 assembly intro. Simple NASM examples
ο·½
β€13π₯3π2
Djuma Mubarak π I decided to buy a MacBook on M1 for research, everything I do for MacBook on Intel is outdated
#malware #cybersecurity #research #hacking #blackhat #book #cybercrime
#malware #cybersecurity #research #hacking #blackhat #book #cybercrime
β€15π€―3π―2π₯1
https://cocomelonc.github.io/malware/2025/07/01/malware-tricks-48.html next one from my blog. Simple but still used by #apt33 #apt37 #apt38 and #sandworm
Thanks to ANY.RUN for the API!
twitter: https://x.com/cocomelonckz/status/1940628624622985403
#malware #hacking #research #office #microsoft #malwaredev #malwareanalysis #redteam #blueteam #purpleteam #blackhat #ethicalhacking #programming #visualbasic #c #book #cpp
Thanks to ANY.RUN for the API!
twitter: https://x.com/cocomelonckz/status/1940628624622985403
#malware #hacking #research #office #microsoft #malwaredev #malwareanalysis #redteam #blueteam #purpleteam #blackhat #ethicalhacking #programming #visualbasic #c #book #cpp
cocomelonc
Malware development trick 48: leveraging Office macros for malware. Simple VBA example.
ο·½
β€9π1π1
https://cocomelonc.github.io/macos/2025/07/04/malware-mac-4.html next one from my blog. ASM code tested on Intel, C code tested on Intel and ARM (M1)
twitter: https://x.com/cocomelonckz/status/1942072393511424043
ο»Ώ#malware #hacking #programming #blackhat #redteam #blueteam #maldev #research #assembly #intel #arm #cybercrime #cybersecurity #apt
twitter: https://x.com/cocomelonckz/status/1942072393511424043
ο»Ώ#malware #hacking #programming #blackhat #redteam #blueteam #maldev #research #assembly #intel #arm #cybercrime #cybersecurity #apt
cocomelonc
MacOS hacking part 4: rev shells via x86_64 assembly. Simple NASM and C (Intel, ARM) examples
ο·½
β€9π2π₯1
https://cocomelonc.github.io/macos/2025/07/08/malware-mac-5.html next one from my blog. I decided it would be better to make a separate article for ARM/M1 assembly
twitter: https://x.com/cocomelonckz/status/1942805722070163614
#cybersecurity #hacking #malware #maldev #blackhat #ethicalhacking #purpleteam #research #book #infosec #programming #assembly #cpp #cybercrime #apt
twitter: https://x.com/cocomelonckz/status/1942805722070163614
#cybersecurity #hacking #malware #maldev #blackhat #ethicalhacking #purpleteam #research #book #infosec #programming #assembly #cpp #cybercrime #apt
cocomelonc
MacOS hacking part 5: shellcode running. Simple NASM and C (Intel) examples
ο·½
π₯5β€3π1
I wonder how difficult it is to program this with the most realistic physics?
a long time ago I taught children to program PC games and even wrote several 2D adventure games myself
Nostalgy #retrogames
a long time ago I taught children to program PC games and even wrote several 2D adventure games myself
Nostalgy #retrogames
β€20
https://cocomelonc.github.io/android/2025/07/13/malware-android-1.html next one from my blog. I want to see how is working the Android malware analysis(beta) feature in ANY.RUN
ANY.RUN says: βProcess communicates with Telegram (possibly using it as an attackerβs C2 server)" (T1102)
Many thanks to ANY.RUN for API β₯οΈ!
twitter: https://x.com/cocomelonckz/status/1944607736475373757
#hacking #research #malware #maldev #purpleteam #android #stealer #telegram #book #programming #cybersecurity
ANY.RUN says: βProcess communicates with Telegram (possibly using it as an attackerβs C2 server)" (T1102)
Many thanks to ANY.RUN for API β₯οΈ!
twitter: https://x.com/cocomelonckz/status/1944607736475373757
#hacking #research #malware #maldev #purpleteam #android #stealer #telegram #book #programming #cybersecurity
cocomelonc
Mobile malware development trick 1. Abuse Telegram Bot API. Simple Android (Java/Kotlin) stealer example.
ο·½
β€4π₯2π1
Hack.lu 2025 1 talk + 1 workshop, thank you for invitation again! β₯οΈ
https://x.com/cocomelonckz/status/1945495533885288463
#conferences #trainings #research #malware #hacking #programming #book #purpleteam #maldev #cybercrime #apt
https://x.com/cocomelonckz/status/1945495533885288463
#conferences #trainings #research #malware #hacking #programming #book #purpleteam #maldev #cybercrime #apt
β€6π1π1
https://cocomelonc.github.io/malware/2025/07/16/malware-cryptography-43.html next one from my blog. Mars is one of those βlegendary but nicheβ block ciphers you only see in CTFs, #crypto #research, or when someone wants to confuse the hell out of an analyst
Thanks to ANY.RUN for API β₯οΈ!
twitter: https://x.com/cocomelonckz/status/1945737232788144305
#hacking #malware #maldev #cryptography #research #programming #purpleteam #book
Thanks to ANY.RUN for API β₯οΈ!
twitter: https://x.com/cocomelonckz/status/1945737232788144305
#hacking #malware #maldev #cryptography #research #programming #purpleteam #book
cocomelonc
Malware and cryptography 43 - encrypt/decrypt payload via Mars cipher. Simple C example.
ο·½
β€7π1
https://cocomelonc.github.io/macos/2025/07/18/malware-mac-6.html next one from my blog. Everything works perfectly as expected =^..^=
But we have some caveats. Once we get to writing shellcode, we want to avoid any null-bytes. For this reason I will show you source code for this examples that does not contain any null-bytes in the next few blog posts.
twitter: https://x.com/cocomelonckz/status/1947148527546626306
#cybersecurity #hacking #malware #programming #apple #assembly #research #arm #m1 #maldev #shellcode #payload #redteam #blueteam #purpleteam
But we have some caveats. Once we get to writing shellcode, we want to avoid any null-bytes. For this reason I will show you source code for this examples that does not contain any null-bytes in the next few blog posts.
twitter: https://x.com/cocomelonckz/status/1947148527546626306
#cybersecurity #hacking #malware #programming #apple #assembly #research #arm #m1 #maldev #shellcode #payload #redteam #blueteam #purpleteam
cocomelonc
MacOS hacking part 6: Assebmly intro on ARM(M1). Simple NASM (M1) examples
ο·½
β€8π1π₯1
https://cocomelonc.github.io/android/2025/07/30/malware-android-2.html next one from my blog. Thanks to ANY.RUN for API! β₯οΈ
This is a practical case for educational purposes only.
twitter: https://x.com/cocomelonckz/status/1950391133705544102
#cybersecurity #hacking #malware #android #maldev #research #telegram #apt #purpleteam #redteam #blueteam #book #cybercrime #rat #trojan
This is a practical case for educational purposes only.
twitter: https://x.com/cocomelonckz/status/1950391133705544102
#cybersecurity #hacking #malware #android #maldev #research #telegram #apt #purpleteam #redteam #blueteam #book #cybercrime #rat #trojan
cocomelonc
Mobile malware development trick 2. Abuse Telegram Bot API: Contacts. Simple Android (Java/Kotlin) stealer example.
ο·½
β€8π₯3π2
https://cocomelonc.github.io/macos/2025/08/02/malware-mac-7.html next one from my blog. This code shows that ultra-minimal #linux #shellcode still works on #macOS Sonoma, which is both surprising and #educational.
Want the same for ARM64 M1/M2 shellcode? It will be in the next posts of this macOS hacking series.
twitter: https://x.com/cocomelonckz/status/1952222369050771695
#hacking #blackhat #purpleteam #research #macos #apple #malware #apt #cybercrime #book #redteam #blueteam #cybersecurity #programming
Want the same for ARM64 M1/M2 shellcode? It will be in the next posts of this macOS hacking series.
twitter: https://x.com/cocomelonckz/status/1952222369050771695
#hacking #blackhat #purpleteam #research #macos #apple #malware #apt #cybercrime #book #redteam #blueteam #cybersecurity #programming
cocomelonc
MacOS hacking part 7: Minimal Linux-style shellcode on macOS (Intel). Simple NASM (Intel) and C examples
ο·½
β€8π₯3π1
Still grinding on the new book - this time with a different publisher, since the last one basically ghosted me. Asked them for almost two months to just create a GitHub repo, but apparently that was too much to handle. So yeah, switched gears. β€οΈ
π₯9β€8π2
https://cocomelonc.github.io/macos/2025/08/10/malware-mac-8.html next one from my blog. no exploits here - just clean mechanics you can reuse in #redteam and #blueteam practice/ #exercises.
twitter: https://x.com/cocomelonckz/status/1954762366396105161
#cybersecurity #hacking #malware #macos #apple #programming #research #purpleteam #maldev #malwareanalysis #arm #intel
twitter: https://x.com/cocomelonckz/status/1954762366396105161
#cybersecurity #hacking #malware #macos #apple #programming #research #purpleteam #maldev #malwareanalysis #arm #intel
cocomelonc
MacOS hacking part 8: dlopen() code loading + finding target PIDs. Simple C (Intel, ARM) examples
ο·½
β€13
https://cocomelonc.github.io/malware/2025/08/11/malware-tricks-49.html next one from my blog. Interaction with the Azure cloud is recognized as legitimate behavior and this is the main problem! Pwn! =^..^=
twitter: https://x.com/cocomelonckz/status/1955512821422403742
any.run task: https://app.any.run/tasks/5ad3bf05-f2c3-48d0-8552-7a988b536ad8
Thanks to any.run for API! β₯οΈ
#hacking #malware #stealer #azure #microsoft #cybersecurity #purpleteam #research #apt #cybercrime #blackhat #maldev #apt
twitter: https://x.com/cocomelonckz/status/1955512821422403742
any.run task: https://app.any.run/tasks/5ad3bf05-f2c3-48d0-8552-7a988b536ad8
Thanks to any.run for API! β₯οΈ
#hacking #malware #stealer #azure #microsoft #cybersecurity #purpleteam #research #apt #cybercrime #blackhat #maldev #apt
cocomelonc
Malware development trick 49: abusing Azure DevOps REST API for covert data channels. Simple C examples.
ο·½
β€5π4π₯2π1
https://cocomelonc.github.io/malware/2025/08/15/malware-tricks-50.html next one from my blog. tLab #technologies company recently discovered one of the first in #Kazakhstan in interesting #phishing campaign aimed at one of the clients.
twitter: https://x.com/cocomelonckz/status/1957321542322286805
Thanks tLab for the API! β₯οΈ
#hacking #research #malware #programming #purpleteam #maldev #cybercrime #apt #microsoft
twitter: https://x.com/cocomelonckz/status/1957321542322286805
Thanks tLab for the API! β₯οΈ
#hacking #research #malware #programming #purpleteam #maldev #cybercrime #apt #microsoft
cocomelonc
Malware development trick 50: phishing attack using a fake login page with Telegram exfiltration. Simple Javascript example.
ο·½
1β€11π1