Dimitri Os (@Ch0pin) / X

Dimitri Os

2,238 posts

Dimitri Os

@Ch0pin

Senior Security Researcher @Microsoft | Android Security Obsessed | Pwn2Own 2025 | Side projects → github.com/Ch0pin

Dalvik

linkedin.com/in/valsamaras/

Joined August 2017

Following

4,985

Followers

Dimitri Os
@Ch0pin
Oct 9, 2025
Triaging a vulnerability...
23K
Dimitri Os
@Ch0pin
Apr 11, 2021
Bypassing root detection , certificate pinning using github.com/Ch0pin/medusa anti_debug and unpinner modules @Einstais @mobilesecurity_
00:00
Dimitri Os
@Ch0pin
Oct 26, 2025
There are countless tutorials, blog posts, and workshops on how to exploit a vulnerability. What’s missing is the thought process — how you approach a target, form hypotheses, and ultimately discover a bug. That mindset can’t be fully taught; you have to develop it yourself ;)
13K
Dimitri Os
@Ch0pin
Dec 16, 2022
Heap exploitation techniques for humans: House of Spirit: valsamaras.medium.com/the-toddlers-i… House of Lore: valsamaras.medium.com/the-toddlers-i… FastBin dup to stack: valsamaras.medium.com/the-toddlers-i… FastBin Dup Consolidate: valsamaras.medium.com/the-toddlers-i… Unsafe Unlink: valsamaras.medium.com/the-toddlers-i…
The toddler’s introduction to Heap Exploitation, House of Spirit(Part 4.4)
From infosecwriteups.com
19K
Dimitri Os
@Ch0pin
Aug 21, 2023
!Brilliant! post by Quarkslab on fuzzing Android Native libraries using Afl++'s Frida mode: blog.quarkslab.com/android-greybo…
19K
Dimitri Os
@Ch0pin
Aug 4, 2022
ARM 64 Assembly Series — Data Processing (Part 2)
ARM 64 Assembly Series — Data Processing (Part 2)
From link.medium.com
Dimitri Os
@Ch0pin
Feb 27, 2023
JSON CSRF with method override
How I exploit the JSON CSRF with method override technique
From infosecwriteups.com
8.1K
Dimitri Os
@Ch0pin
Oct 30, 2024
Its hard to keep track with changes in Android, this helps a lot:
GitHub - balazsgerlei/AndroidSecurityEvolution: Significant security enchancements of recent major...
From github.com
7.2K
Dimitri Os
@Ch0pin
Oct 22, 2025
Gave up my weekends to prep for Pwn2Own — totally worth it! Together with the legend @Yogehi, we won the Remote/Mobile category, achieving code execution via a chain of 5 vulnerabilities. Grateful we found it before the bad guys did 😉
TrendAI Zero Day Initiative
@thezdi
Oct 22, 2025
It's confirmed! Ken Gannon / 伊藤剣 (@yogehi) of Mobile Hacking Lab, and Dimitrios Valsamaras (@Ch0pin) of Summoning Team (@SummoningTeam) used five different bugs to exploit the #Samsung Galaxy S25. They earn $50,000 and 5 Master of Pwn points. #Pwn2Own
16K
Dimitri Os
@Ch0pin
Apr 24, 2025
The level of ignorance in mobile pentesting is reaching alarming levels.
17K
Dimitri Os
@Ch0pin
Nov 29, 2023
Interested about: ARM 64 Assembly, Linux Binary Exploitation, Heap exploitation, Android Security ?? check this out:
GitHub - Ch0pin/related_work: Slides and videos from my public speeches / conferences
From github.com
12K
Dimitri Os
@Ch0pin
Oct 3, 2025
❌ Wrong: “Victim must install a malicious app” ✅ Right: “Any 3rd-party app can exploit it” Legit apps (e.g. Chrome) can be abused as gadgets, turning complex bugs into 1-click exploits. No excuse to leave it unfixed.
ndevtk.github.io
Android web attack surface
The following is a writeup for some Android specific chromium behaviors.
12K
Dimitri Os
@Ch0pin
Nov 8, 2023
Road to fuzzing android applications Creating JVM instances:
Creating and using JVM instances in Android C/C++ applications
From valsamaras.medium.com
15K
Dimitri Os
@Ch0pin
May 4, 2023
(CVE-2022-47757) Two clicks to RCE for more than 1B users: cve.mitre.org/cgi-bin/cvenam…
17K