✊

Lately I've been working in my very own binary lifter... As part of the documentation process, I decided to write a few words about my implementation of static recovery of a given function's control flow graph. Hope you enjoy it! https://t.co/4e1tBzWlYv

Additional info on the Fancy Bear kit being reported on. Cheers to @Laughing_Mantis for writing backdoors so good that APTs plagiarize it. https://t.co/4mBI2jNY34

My latest analysis of #XWORM's new delivery method just got published! You can read it at: https://t.co/FboSytSQS5

Our ongoing research about a drive-by compromise that affects even pre-installed versions of the application just had its first part released! You can read it at:

maiden :3

Graph Theory for Reverse Engineers Or “everything actually is a nail, you just need a bigger hammer”

https://t.co/azkRfvy4yk

CAPE Sandbox exposes an HTTP endpoint ( http://localhost:8000/browser_extension) used to log HTTP trafifc. You can detect CAPE by sending a dummy HTTP request to this endpoint and checking the response. You can then craft fake HTTP data and it’ll show up on VirusTotal.

SE resulting in substantial crypto theft. Initial payload was a very large (700mb+) .msi. Two new samples named, some oleview.exe sideloading fun as well. Little shoutout to @C5pider 's HavocFramework project. https://t.co/hYZwfwmEVk

https://t.co/kXjSUA6hDr

@0x6D6172636F @CryptDeriveKey

Spent the last week working on a tool to help the process of manually deobfuscating https://t.co/cGGEZvmPEp's output... https://t.co/2JGuJaytQ7

STOP DOING LISP

Here are the details about the AMD Signature verification vulnerability we worked on, Enjoy! https://t.co/b9CPWqIEzO

https://t.co/JE68XbHamM Our newest research project is finally public! We can load malicious microcode on Zen1-Zen4 CPUs!

Disassembly algorithms are often a trade-off. My new blog post analyzes linear sweep and recursive traversal, exploring their strengths and weaknesses in a self-built disassemblers. https://t.co/sUbGyyKFOY

I discuss the creation of Mergen, VM based obfuscations, and explore how compiler techniques are used for reverse engineering and deobfuscation. https://t.co/gAdlXoiX2J

1/8: Did someone just add #CTF code to the #AMOS stealer?.. After analysis of a yet undetected ‘lobsterstealer’ sample discovered by @suyog41, we found a few noticeable things that differentiate it from regular filegrabbers we’ve seen before.

We are making a new language to write specifications of an ISA called Mya. Based on the Mya specification, we will automatically generate an assembler and disassembler for the ISA. See: