Zhassulan Zhussupov
Malware Researcher, Threat Hunter, ANY.RUN, @cocomelonckz
Cybersecurity enthusiast, author, speaker and mathematician. Author of popular books:
MD MZ Malware Development Book (Github, 2022, 2024)
MALWILD: Malware in the Wild Book (Github, 2023)
Malware Development for Ethical Hackers Book: (Packt, 2024)
AIYA Mobile Malware Development Book (Github, 2025)
Malware Development for Ethical Hackers 2nd edition (Packt, 2026, in progress)
Author and tech reviewer at Packt.
Co founder of various cybersecurity research labs, author of many cybersecurity blogs, HVCK magazine
Malpedia contributor
Speaker at MCTTP, BlackHat, DEFCON, Security BSides, Arab Security Conference, Hack.lu, Standoff, etc conferences
talks & Q&A
Revenge AI and NSO-Generation Mobile Spyware Architecture
Description:
Advanced mobile spyware has crossed a new threshold. A modular, cross-platform implant recovered from compromised iOS and Android devices represents a qualitative leap over prior NSO/Candiru-generation tooling. It does not merely exploit a single vulnerability: it orchestrates a full five-phase kill chain from zero-click media parser exploitation through kernel R/W primitive establishment, dylib/.so injection, stealth persistence, and AI-augmented polymorphic exfiltration - all within the trust boundary of a messaging application.
This talk presents the full reverse-engineered architecture of NSO-based on forensic artifacts, memory dumps, disassembled payloads, and C2 telemetry. We dissect the dual-platform exploit chain (iOS CoreGraphics heap overflow + ARM64 ROP; Android Image Codec OOB write + SELinux bypass), the modular C/Rust/ObjC/Kotlin polyglot implant core, and the first documented evidence of an LLM-integrated C2 server performing server-side dynamic exploit variant generation - a development with profound implications for the future of evasion-by-design.
