Lior Keshet

We broke commercial root detection in Android apps 🔓📲 We targeted sensitive apps - finance, security, government - which use commercial protections. We got them running on rooted devices. That gave us full control to modify app behavior however we wanted. 👇

DJI drone security analysis: reverse engineering communication, firmware extraction, and fuzzing for vulnerabilities. 𖥂🎮 ၊၊||၊ 💥 More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/dji-drone-se…

At @LucidBitLabs, we broke commercial root detection in apps with top-tier app protections in place (RASP). Full write up - lucidbitlabs.com/blog/commercia…

Hacker tries to restore lost internet connection: reverse engineers the modem and hacks into ISP network. ☎️ 🌐🔬🔨 More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/hacker-tries…

Our new blog post is live: blog.dfsec.com/ios/2025/05/30…

#OffensiveCon25 videos are now up! youtube.com/playlist?list=…

"DisARMing" code - an exploration into systems programming, #debugging & #reverseEngineering on #Linux/#Android/#Darwin and #Aarch64! 510+ pages #book in COLOR(!) NewDebuggingBook.com for details, because there's more to detail than the margins of a Twitter message can hold.

New attack MO for #Android #Malware #Banker abusing #WebView to attack any #Bank with no special permission need 🤯 Amazing research by @ShaharTavor FYI @malwrhunterteam @mobilesecurity_ @AndroidPolice A View Into Web(View) Attacks in Android securityintelligence.com/posts/view-int…

NAVY FEDERAL CREDIT UNION SITE PHISHED #novoShield's @LiorKeshet detected & reported - today - a phishing site hosted on @Princeton University's domain that attacks @NavyFederal Credit Union users. novoShield users remain safe! Read about it at novoshield.com/navy-federal-c…

The code for the tool we presented at @deepsec. Now it’s open source!!!

Finally, The blog is out, proving that when it comes to cloud security, MFA is not a silver bullet. Technical Deep Dive: Vulnerabilities Bypass Multi-Factor Authentication for Microsoft 365 | Proofpoint US proofpoint.com/us/blog/cloud-… via @Proofpoint

Sending a shoutout to the awesome reverse engineer who dissected #goznym when it emerged. His name is .@LiorKesh and I miss working with him!

#GozNym Closure Comes in the Shape of a Europol and DOJ Arrest Operation: securityintelligence.com/posts/goznym-c… | #cybercrime

The wait is over! Registration & schedule for #BlueHatIL 2019 are now live. Places are limited, register today! bluehatil.com

We have uploaded slides from POC2018:) Thank you everyone for your support and interests! Be noticed that some slides are not disclosed as requested by speakers powerofcommunity.net/2018.htm

Our #defcon26 talk, "Turning Deception Outside-In: Tricking Attackers with OSINT", was just uploaded to youtube. check it out. @hadar0x @tomkahana1 youtu.be/VKwBlKoh8fE

We opensourced most of the Google CTF 2018 Finals challenges: github.com/google/google-…