My new article using HexRays IDA. to deal with obfuscated code. comercial like VmProtect and OpenSource like Alcatraz:.

Is anyone hiring for a reverse engineering role focused on malware analysis and detection engineering(with 5 years on this field)? I'm currently looking for my first international job opportunity. Please DM me!.

Source Code:.

My new article, "Writing a Full Windows ARM64 Debugger for Reverse Engineering," covers the topic in detail, including its internals and the core differences between Windows on Intel and ARM64:.

It's great to be part of this with the Maldec Labs team.

I'm happy to publish an exclusive version of my article on #H2HC such a great event.

Brazil is like a comedy play.

That's my PoC(I've been forced to publish, after the disclosure timeline), sorry for that. please blacklist this driver to avoid problems.

Microsoft allows drivers with DRM (such as VmProtect) to be signed merely by submitting a PDB, without verifying it. Additionally, basic anti-rootkit checks are performed, but various cheat and anti-cheat companies end up breaking compatibility due to the lack of proper control.

You can check the result final result and a cool stuff here:.

My new article. completely reversing the implementation of Gamespy from 2000-2004, reverse-engineering EA and Bungie games on original collector's editions to create our own emulator of the protocol used by it and play:.

RT @0xor0ne: Analysis of code mutations performed by VM Protect and Alcatraz obfuscation tools by João Vitor (@Keowu) . .

Também disponível em português para quem preferir ler no meu idioma nativo.

What week guys, what week. but let's analysing some obfuscation stuff to avoid depression. see ya.

"Do not say's PROCESS runs". There are a myth about it. Process itself don't run. thread runs every process has one thread. remember the real definition on windows kernel is that process are a container(that encapsulate a code with one thread). without that Kernel just delete it.

It seems that the original account of the VmProtect creator, Ivan, is gradually posting source code slightly different from the leak that occurred with the tool last year. We can see that he made some commits 6 hours ago, publishing his own source code.

RT @Unit42_Intel: #APT #AgonizingSerpens (aka #Agrius) has upgraded their capabilities. Analyzing a series of cyberattacks targeting #Israe….

My project is able to detect syscall calls from a process (by installing an instrumentation callback) and retrieves their name, I also provided a way to detect this feature in any operating system process, I hope you like it.

I decided to publish an article analyzing and explaining every detail of the WintaPix malware, originally disclosed by @Fortinet. My article aims to explain each aspect of the driver comprehensively and, of course, provide the complete source code.