<POSTS>

[ 2025-09-26 ] Experiment 0x02: Threat Intelligence: Seeking Seeker
In this write-up we explore the use of Censys and Shodan to find malicious infrastructure. We focus on a program called Seeker that uses phishing to capture the location of devices (and the people who own them). Then we organize everything in colander and export STIX2 rules with the collected IOCs and use them in MVT.

[ 2025-06-10 ] Verifying Android apps in VirusTotal with their hashes
Mini-tutorial to investigate lists of app hashes in Virus Total

[ 2025-06-06 ] Experiment 0x01: Write an exploit for Android (CVE-2024-31317) and try to detect it
In this write-up we write an exploit for Android 11, 12, 13 and 14 that exploits a _command injection_ in Zygote. Then, we try to find indicators that give away the exploit and we will do an MVT module test.

[ 2025-05-31 ] Experiment 0x00 - Exploring CVE-2024-0044 Traces
In this write-up we do our first exploration into Android exploitation using the CVE-2024-0044 vulnerability (a rare bypass of a command called run-as) and how to detect such exploitation.

°º¤ø,¸¸,ø¤º°`°º¤ø,¸,ø¤°º¤ø,¸¸,ø¤º°`°º¤ø,¸

Who are we?

We’re a digital security lab that investigates, builds, and shares defenses for social movements and communities in struggle. Our foundation: technical analysis with a human rights and intersectionality approach. We hack from the South.

What do we do?

Forensic analysis
Threat intelligence & monitoring
Offensive security & reverse engineering
Participatory research with technical and non-technical communities

°º¤ø,¸¸,ø¤º°`°º¤ø,¸,ø¤°º¤ø,¸¸,ø¤º°`°º¤ø,¸

Contact

We’re always happy to receive feedback, questions, or anything else at:

contacto [at] zoquelabs.xyz

PGP key:

—–BEGIN PGP PUBLIC KEY BLOCK—–

mDMEaDtgnhYJKwYBBAHaRw8BAQdA39uvPE00Z3qGS7fZQxc4bjoHbshAcnE2yAkm FSjq55S0I3pvcXVlIGxhYnMgPGNvbnRhY3RvQHpvcXVlbGFicy54eXo+iJkEExYK AEEWIQRVfUdNorNADj433nr/hEmixMo4oQUCaDtgngIbAwUJBaOagAULCQgHAgIi AgYVCgkICwIEFgIDAQIeBwIXgAAKCRD/hEmixMo4oSIjAP9IOl8qVSACTEOZxDtY zYyD3dZT/pRRkdzaEc4uSO8VzQEAwGP96vWve+Ywm8T8zwUg1FG9ofmxCjRffor+ RKx+PwO4OARoO2CeEgorBgEEAZdVAQUBAQdAFewaqftKEiP1zLCKaX2iVtxgCYa/ gB7F63ElnnSB81IDAQgHiH4EGBYKACYWIQRVfUdNorNADj433nr/hEmixMo4oQUC aDtgngIbDAUJBaOagAAKCRD/hEmixMo4ocRkAQDNr/zkhuqgONisg8iP53xm1aj5 ZwIJszg9MW5OP7Z7SwEAxzsO/Bh/8POFUgsQg1NtQ8m4f0d02ube00P57nMa8g2Y MwRoO2JeFgkrBgEEAdpHDwEBB0B7RJ44EQ+KONZFcIO75idKIK3R9cXHIqbFeaxA CZFqbrQ4Wm9xdWVMYWJzICh6b3F1ZSBsYWJzIGNvbnRhY3RvKSA8Y29udGFjdG9A em9xdWVsYWJzLnh5ej6IkwQTFgoAOxYhBKWSYKcdKuSynZwjscPo0Q0t/jaFBQJo O2JeAhsDBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEMPo0Q0t/jaFDWUB AM9vHTB6YGVWzxz+Q2mf0rXYEvLxWg/o25YPWL355nG2AQDBg9NRAcW1rl4SHDNF gXyprCgxGWiHuhful0CUX18MBbg4BGg7Yl4SCisGAQQBl1UBBQEBB0CGiVwz9tCY xxaCEDzS1Psu2saEzTbO2e4SWmr4pM3AfAMBCAeIeAQYFgoAIBYhBKWSYKcdKuSy nZwjscPo0Q0t/jaFBQJoO2JeAhsMAAoJEMPo0Q0t/jaFBioA/jQcRTDgGeWvLbr2 koGvk4ql/oc1dnGIxLOVV1GQZcxxAQCgAV0GAoeZ2aHqgo065pk+63YGYPm371rn iIVja+KNCQ== =X9yd —–END PGP PUBLIC KEY BLOCK—–