I published an article how BlackByte evades EDR by removing kernel callbacks via abuse of vulnerable driver Rtcore64.sys. #reverseengineering #malware #infosec #windows #cybersecurity #blackbyte #ALPHV #sophos #ida #ransomware #endpoint.

🚨 RIFT Update:.We’ve boosted our compiler detection! 🛠️.Now with sharper insights into binaries built using GNU, MinGW, and MSVC toolchains. More enhancements are on the way—stay tuned! 🔍✨.#ReverseEngineering #MalwareAnalysis #RIFT #malware #msft.

RT @MalwareRE: Do you find analyzing Rust binaries/malware tedious and unpleasant? You’re not alone! If you’re attending #REcon this year,….

RT @herrcore: Unpacking VMProtect 3 (x64) 🤷‍♂️

Presenting "Unveiling RIFT: Advanced Pattern Matching for Rust Libraries" at RECON Montreal 2025!.Sharing research on discovering Rust dependencies in compiled binaries. See you there! 🚀.#RECON2025 #RustLang #ReverseEngineering.

The deep dive below into PebbleDash’s FakeTLS C2 protocol shows how North Korean APTs fake TLS handshakes and use hardcoded RC4 encryption to blend in with legit HTTPS traffic. #malware #infosec #reverseengineering #pebbledash #cybersecurity #windows.

RT @reconmtl: Recon CFP ends in less than 2 weeks on April 28. Prices for the training and conference increase on May 1st. Register now to….

RT @reconmtl:

🔍 Exploring Domain Generation Algorithms (DGAs) in Malware 🔍. Below is an article I wrote years ago, which explains the difference between seed based and dictionary based algorithms. #malware #infosec #cybersecurity #dga #dns.

RT @reconmtl: @hackingump1 will be presenting about "Unveiling RIFT: Advanced Pattern Matching for Rust Libraries" at Recon Montreal https:….

Symbolic Execution is powerful technique that explores all possible execution paths without actual inputs. An interesting display of this technique is below:. #malware #reverseengineering #cybersecurity #infosec #symbolicexecution.

Russia-Linked “BadPilot” Cyber Campaign Exposed 🚨. Microsoft has uncovered a multiyear global access operation executed by a sub group of Seashell Blizzard, a Russian nation state actor. #threatintel #cybersecurity #infosec #microsoft #mstic.

🚨 Secret Blizzard, a Russian nation-state actor exploits other hackers' infrastructure to evade detection & conduct espionage. 🔍 Learn more:. 🔗 Part I: 🔗 Part II: #CyberSecurity #ThreatIntelligence #malware #infosec.

🚀 MSTIC Uncovers STAR Blizzard Spear-Phishing Campaign Targeting WhatsApp Users. Microsoft has identified STAR Blizzard, a phishing campaign targeting WhatsApp accounts through social engineering. #threatintel #infosec #starblizzard #mstic.

🚨 Then vs. Now: The Evolution of DDoS Attacks 🚨. In 2016, Mirai's botnet caused chaos with a 1.2 Tbps DDoS attack(. Fast forward to 2025, and we’re now witnessing 5.6 Tbps attacks—nearly 5x the scale!. Mirai botnet was first.

Ever heard about "nanomites"? 🐞🖥️. By allowing a parent process to control its child, the technique can hinder reverse engineers from debugging a binary. #malware #cybersecurity #infosec #reverseengineering #nanomites.

The Process Environment Block (PEB) – A Hacker’s Playground?. More about PEB and how Lazarus/Diamond Sleet abused it in the past here:. #cybersecurity #malware #infosec #reverseengineering #peb #windows.

UPnP. convenience at a cost?. Universal Plug and Play (UPnP) was designed to make our tech lives easier by allowing devices to seamlessly communicate on a network. But did you know this protocol has been a major security risk for years?. From exposing devices to external threats.

RT @MalwareRE: The Microsoft Threat Intelligence Center (MSTIC) is looking for malware reverse engineers and security researchers to join o….

The second part of the frequent freeloader blog series is out! MSTIC shares how Secret Blizzard abused tools of other threat actors to attack Ukraine. #malware #cybersecurity #infosec #threatintelligence #microsoft #mstic #secretblizzard.

RT @hackingump1: Aqua Blizzard, a group likely acting on orders of Russia's Federal Security Service (FSB), abuse cloudflare services to sp….