<POSTS>

[ 2025-06-10 ] Verifying Android apps in VirusTotal with their hashes
Mini-tutorial to investigate lists of app hashes in Virus Total

[ 2025-06-06 ] Experiment 0x01: Write an exploit for Android (CVE-2024-31317) and try to detect it
In this write-up we write an exploit for Android 11, 12, 13 and 14 that exploits a _command injection_ in Zygote. Then, we try to find indicators that give away the exploit and we will do an MVT module test.

[ 2025-05-31 ] Experiment 0x00 - Exploring CVE-2024-0044 Traces
In this write-up we do our first exploration into Android exploitation using the CVE-2024-0044 vulnerability (a rare bypass of a command called run-as) and how to detect such exploitation.

°º¤ø,¸¸,ø¤º°`°º¤ø,¸,ø¤°º¤ø,¸¸,ø¤º°`°º¤ø,¸

Who are we?

We’re a digital security lab that investigates, builds, and shares defenses for social movements and communities in struggle. Our foundation: technical analysis with a human rights focus. We hack from the South.

What do we do?

Forensic analysis
Threat intelligence & monitoring
Offensive security & reverse engineering
Participatory research with technical and non-technical communities

°º¤ø,¸¸,ø¤º°`°º¤ø,¸,ø¤°º¤ø,¸¸,ø¤º°`°º¤ø,¸

Contact

We’re always happy to receive feedback, questions, or anything else at:

contacto [at] zoquelabs.xyz

PGP key:

—–BEGIN PGP PUBLIC KEY BLOCK—–

mDMEaDtgnhYJKwYBBAHaRw8BAQdA39uvPE00Z3qGS7fZQxc4bjoHbshAcnE2yAkm FSjq55S0I3pvcXVlIGxhYnMgPGNvbnRhY3RvQHpvcXVlbGFicy54eXo+iJkEExYK AEEWIQRVfUdNorNADj433nr/hEmixMo4oQUCaDtgngIbAwUJBaOagAULCQgHAgIi AgYVCgkICwIEFgIDAQIeBwIXgAAKCRD/hEmixMo4oSIjAP9IOl8qVSACTEOZxDtY zYyD3dZT/pRRkdzaEc4uSO8VzQEAwGP96vWve+Ywm8T8zwUg1FG9ofmxCjRffor+ RKx+PwO4OARoO2CeEgorBgEEAZdVAQUBAQdAFewaqftKEiP1zLCKaX2iVtxgCYa/ gB7F63ElnnSB81IDAQgHiH4EGBYKACYWIQRVfUdNorNADj433nr/hEmixMo4oQUC aDtgngIbDAUJBaOagAAKCRD/hEmixMo4ocRkAQDNr/zkhuqgONisg8iP53xm1aj5 ZwIJszg9MW5OP7Z7SwEAxzsO/Bh/8POFUgsQg1NtQ8m4f0d02ube00P57nMa8g2Y MwRoO2JeFgkrBgEEAdpHDwEBB0B7RJ44EQ+KONZFcIO75idKIK3R9cXHIqbFeaxA CZFqbrQ4Wm9xdWVMYWJzICh6b3F1ZSBsYWJzIGNvbnRhY3RvKSA8Y29udGFjdG9A em9xdWVsYWJzLnh5ej6IkwQTFgoAOxYhBKWSYKcdKuSynZwjscPo0Q0t/jaFBQJo O2JeAhsDBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEMPo0Q0t/jaFDWUB AM9vHTB6YGVWzxz+Q2mf0rXYEvLxWg/o25YPWL355nG2AQDBg9NRAcW1rl4SHDNF gXyprCgxGWiHuhful0CUX18MBbg4BGg7Yl4SCisGAQQBl1UBBQEBB0CGiVwz9tCY xxaCEDzS1Psu2saEzTbO2e4SWmr4pM3AfAMBCAeIeAQYFgoAIBYhBKWSYKcdKuSy nZwjscPo0Q0t/jaFBQJoO2JeAhsMAAoJEMPo0Q0t/jaFBioA/jQcRTDgGeWvLbr2 koGvk4ql/oc1dnGIxLOVV1GQZcxxAQCgAV0GAoeZ2aHqgo065pk+63YGYPm371rn iIVja+KNCQ== =X9yd —–END PGP PUBLIC KEY BLOCK—–