I wanted to understand what information is available in .pdb files, so I made a tool for it 🔎🪲 Welcome DiaSymbolView - a debug symbol hierarchy and properties viewer based on MSDIA: https://t.co/mSWAolfrFt

Yesterday I ran a livestream testing SessionHop - abusing specific COM objects to execute C2 actions in the context of other users. https://t.co/wj11CNGPtM However, no session enumeration. So I built SessionView, tool to identify sessions https://t.co/Fcdq63tuZ3 Video is on YT!

Starting 2026 with a new blog! I've really been enjoying my Windows on ARM machine - so my post is about interrupts for WoA. This includes x64/ARM differences, virtual interrupts, Hyper-V's synthetic controller, and Secure Kernel interrupts/intercepts https://t.co/HvSbtsCtGu

I publish the v1.1 of a little project I do whenever I have some free time ( and it's worth more than gold or PC memory 😆😆😆) https://t.co/pGaXuRlZnL https://t.co/OzoNe03FSa

IDA Reverse Engineering Step-by-Step Into Reverse Engineering: EXE Patreon Unlocked ❤️

110 ms delay....

We're about to hit ⭐100 stars on Github for https://t.co/cSbJE1n0oc, if you haven't already, go start and playing around with Sigma detection rules. https://t.co/jtVnnXtF2k

It's happening! Meet the Agentic Threat Hunting Framework (ATHF). Tired of copy-pasting the same hunt template over and over? Same. I built a framework designed for an AI-assisted future that adds structure, memory, and context to every hunt. https://t.co/bR1qS0HFvh

The #LOLRMM #Sysmon configuration has the DNS, Named Pipe and Network Connection Sections now done aswell. Feel free to check it out. @M_haggis @nas_bench @Kostastsale @cyb3rbuff @_josehelps @cyb3rops https://t.co/cNb0ypwXco

https://t.co/3XG1LjN5Ef

Ever wonder why we call them "Cmdlets" in PowerShell instead of just "Commands"? https://t.co/PTxB02yXmY #PowerShell

What a beautiful performance of "Une vie à t'aimer" from Clair Obscur: Expedition 33! Fun Fact: the game is the most-nominated game in the history of #TheGameAwards. @lornebalfe @expedition33 @sandfallgames @kepler_interact

⚡The team killed it on this end of the year release of ESCU 5.19! I'm so grateful to work with such talented and passionate people. @nas_bench, @raven_tait, @bareiss_patrick, @hackpsy, @rodsoto, @tccontre18, Lou Stella Release: https://t.co/smqTLl7Dfx Key highlights: 🐚

Splunk content release, ESCU 5.19 is here, and its one of our biggest releases of the year. 🌟6 New Analytic Stories 🔍31 New Analytics ⚙️71 Updated Analytics Key highlights from this release include - New Coverage for React2Shell, CVE-2025-33073 and Tuoni C2. - New Content to

Errybody screaming about React2Shell so we wanted to give ya something you haven't already heard😁 Here's a beast of a blog post on malware we've seen from post-exploitation, detailing a wild Linux backdoor and more -- all from the amazing & incredible @RussianPanda9xx & co.😎

This is a work in progress that will get updated as soon as finish a couple more things.

I have spent some time this past day to investigate NodeJS source code and how a typical process tree from a react/next.js app will look like. If you are building detections for React2Shell give this a read. as it'll help you identify the right strings to use to filter down FPs

Final part of the first wave of RPC is live, RPC part8. In this part, I explain how to use IDA to reverse RPC clients and servers, and I show the key structures and methods you need to extract all the important information during the reversing process. https://t.co/lgaE52Uc9P

I wanted to follow-up and let @M_haggis @nas_bench @Kostastsale @cyb3rbuff @_josehelps know that the Sysmon config for the LOLRMM framework is "effectively" complete for the primary areas of focus. I have intentions to add more filtering to it but it is. https://t.co/pjGhu9Q9c4

Full length reverse engineering with Invoke RE! Showcasing new iterations of the "Scavenger" malware, or what we saw as "ExoTickler" previously as a fake City Skylines 2 video game mod, now w/ more crypto/creds stealing and C2. Binary Ninja, x64dbg & more: https://t.co/AvW8A6lROO