Sophia Shahnami
Chatting with my friend Ole André over video somehow always turns into a cinematic side quest. He lives in the middle of nowhere in Norway, so naturally we ended up revisiting the night he drove half an hour into the city, across fjords and sheep-filled darkness, for one mission only: chicken korma. He picked up…
Sophia Shahnami
Someone tried to phish me through a Whois relay. I don’t even have a contact form on my site, so they had to crawl in through the back window like a drunk raccoon. The message pitched “business opportunities” from a domain that looked like it was registered on a borrowed phone in a parking lot.…
Sophia Shahnami
SOC pipelines look sophisticated on architecture diagrams, but in reality they behave more like a collection of enthusiastic components trying their best under questionable conditions. Everyone wants reliable detections, but most teams still test with one or two replayed incidents and a quiet hope that nothing unexpected happens. Foundation models finally give SOCs something better…
Sophia Shahnami
People often ask how large language models actually work. Vendors explain it with sleek diagrams, and academics explain it with equations that should probably come with a wellness check. The truth is simpler and significantly less elegant. An LLM is, at its core, a trillion-parameter anxiety ball duct-taped to matrix multiplication and trained by grad…
Sophia Shahnami
Mobile systems behave like jazz improv, and machine learning keeps trying to make sense of the rhythm. Sprinkle in some syscall traces, binder transactions, and the occasional permission check, and you end up with a training set that looks less like engineered telemetry and more like a mood board. The models still try their best.…
Sophia Shahnami
SELinux is the one part of a mobile system that acts like it already knows the whole story and would prefer no surprises. Every process shows up politely, and SELinux immediately checks IDs, reads the policy file like a rulebook, and decides if the request fits its idea of proper behavior. It is not spontaneous.…
Sophia Shahnami
Mobile systems have a way of producing behavior that feels both deliberate and slightly improvised, as if each subsystem is solving the problem it was given along with two or three extra problems no one asked for. A simple event like opening an app can become a miniature symphony of binder calls, cached intents, and…
Sophia Shahnami
Reverse engineering mobile systems eventually teaches you that code behaves more like a set of polite guidelines than binding instructions. You instrument one unremarkable routine and the runtime responds by activating binder paths, scheduler branches, and JIT transitions that look suspiciously like improvisation. A minor permission check can light up peripheral services as if the…
Sophia Shahnami
Modern mobile platforms emit increasingly fine-grained execution signals from binder transactions, kernel tracepoints, JIT transitions, memory residency changes, and short-lived permission boundaries. As these subsystems interact, they produce high-entropy behavioral patterns that do not map cleanly to older static or signature-driven models. Instead of treating these patterns as noise, newer research views them as a…