Recon https://t.co/UdlFWJkDYg Conference: June 19 to 21 2026. More announcements coming soon.

SignToolEx, a code-signing tool that enables the use of expired certificates for executable signing operations. https://t.co/XZenT5JtHC

Reversing Microsoft Defender's signatures for evasion. Deep dive into VDM guts - a gzip-compressed files with no encryption to evade entire signatures with just 1 byte change. A research by RETooling crew (@DrCh40s && @t0nvi). Nicely done, chaps! Post: https://t.co/jpjmDl10f9

https://t.co/2Aahro6ZuF

Announcing our second RE//verse Keynote, Laurie Kirk! Laurie is a researcher at Google specializing Reverse Engineering, deobfuscation, and decompilation. She runs a YouTube channel (@LaurieWired) that covers all sorts of in-depth research topics on reverse engineering, low level

Just posted a write-up on a DC hang traced to a deadlock inside LSASS. I break down call stacks, the blocked threads, and how doing LDAP work in DllMain triggered the issue.

Big thanks to #Hexacon for hosting our MalOpSec training and for the outstanding hospitality and top-notch conference! @t0nvi and I are attending the conference if you’re around and want to chat about adversary emulation or access operations, feel free to stop by and say hi! 👋

🚨 Rhadamanthys v0.9.2 is here! What’s new in this multi-layered stealer’s latest evolution? We break down the updates, tactics, and what defenders need to know. Dive into our blog for the full analysis. https://t.co/b5SL8bWR81

FuzzingLabs and @Pat_Ventuzelo are quickly becoming global leaders in offensive security. Since I was a kid, I've been passionate about hacking, finding bugs, creating exploits, and diving deep into how systems work. Now, it’s a dream come true to be working on the frontier of

#ESETresearch’s Matthieu Faou and Zoltán Rusnák will present at Labscon 2025 @labscon_io: “Gamaredon x Turla: Unveiling a 2025 Espionage Alliance Targeting Ukraine”. Join them in Scottsdale, September 19 at 11:00 AM MST. 1/3

Analysis of Windows Secure Kernel security bugs. https://t.co/eZ77DTgHAo

Better socket handle visibility coming soon to @SystemInformer 🔥 When viewing a process handle table, SI will recognize files under \Device\Afd and retrieve information about their state, protocol, addresses, and more. Also works on Bluetooth and Hyper-V sockets 🤩

#APT28 Espionage Tool Provides Backdoor Access to Microsoft Outlook https://t.co/zOXG0PVuNz

Finally, we will unveil the details behind CVE-2025-6198, a BMC-related security issue that allows attackers to directly “bring your own vulnerable firmware image". https://t.co/rV8HhqLbnR

Today I am releasing a new blog post on VSM "secure calls" + the SkBridge project to manually issue them!! This blog talks about how VTL 0 requests the services of VTL 1 and outlines common secure call patterns!!! Blog: https://t.co/xzB1s7HoPO SkBridge: https://t.co/0zO0E1L4Sy

@_RastaMouse To clarify because I realized I forgot an important detail: you can still call the API from Medium IL in recent windows 11 but the Object field leaking a kernel address will be 0 unless the caller has SeDebugPrivilege enabled.

[Research] CVE-2025-24985: Windows Fast FAT Driver RCE Vulnerability https://t.co/N0ttHnqTe1 The vulnerability was caused by the ability to control five variables within the VHD file that determine the number of clusters.

I'm happy to finally release NovaHypervisor! NovaHypervisor is a defensive hypervisor with the goal of protecting AV/EDR vendors and crucial kernel structures that are currently uncovered by VBS and PatchGuard. Full explanation below 1/6. https://t.co/BGszXQ0Oi6

"SecureBoot bypass for UEFI-compatible firmware based on Insyde H2O" Part 1: https://t.co/MoDNwdg3kK Part 2: https://t.co/3PDIf4yxEo #cybersecurity #uefi

Excellent blog post exploring the re-implementation of APT41 Scatterbrain's obfuscation for adversary emulation https://t.co/831xfyZ6Vu #malware #infosec