I have been slowly writing the next articles:

1. MAS 08: Introduction to MacOS malware analysis.
2. ER 03: macOS/iOS (part 01)
3. MAS 09: Shellcode Analysis
4. ER 04: Browsers or Hypervisors (part 01)
5. RE 05: Hypervisors or Browsers (part 01)

MAS 09 will be the last article

In some situations during vulnerability research I've found functions flagged as functions of no return, so it may be useful to remember how to identify them and, eventually, fix problems. This picture is just a quick review.

#idapro #vulnerability #reverseengineering

In some situations during vulnerability research I've found functions flagged as functions of no return, so it may be useful to remember how to identify them and, eventually, fix problems. This picture is just a quick review.

#idapro #vulnerability #reverseengineering

If IDA UI hangs on you, this hack plugin might be able to save the day: github.com/0xeb/allthings…

𝕘 𝕥 𝕨 𝕪 Jay-sun? Ru Campbell I wrote a whole blog post on the awfulness of RDP NLA + PKU2U which is one of the ways you can connect with an Entra ID account in RDP. It's possible to make it work, but it's just... ugh. awakecoding.com/posts/rdp-nla-…

✍️🇻🇳 My quick note how to decrypt strings and configuration of #Qakbot #Qbot version 5.0

kienmanowar.wordpress.com/2024/04/24/qui…

For people asking me if I will publish a new version of Malwoverview, the answer is YES, and more details will be released in the coming weeks. Even if I am forever away from malware analysis, I will maintain the project.

github.com/alexandreborge…

#malware #threathunting

I'm thrilled to announce that I'll be presenting a previously-unnamed vulnerability class at BlueHat IL.

Oh, and I'll be dropping 0day. Be sure to stop by, learn something new, pwn the kernel, and have a coffee. It should be a good time.
microsoftrnd.co.il/bluehatil/conf…

DTrace on 64-bit Windows (amd64/arm64). It was one of the most impressive features of Solaris OS, it was ported to macOS and is being improved on Windows. DTrace is useful for vulnerability research and performance/tuning.

#windows #dtrace

Join me tomorrow on the Off By One Security stream with special guest Pavel Yosifovich Pavel Yosifovich for a session on Windows Device Drivers Internals, ...and Some Additional Reversing! 19-April at 11AM PT. Looking forward to this one!

youtube.com/watch?v=7Trgnw…

People ask why I haven't spoken at conferences in the last four years. In fact, my decision was made in 2022 for several reasons:

1. Due to the nature of my work (Windows/Hypervisors/Browsers exploitation), I cannot comment or present anything (and it isn't recommended).

2. The

There is still time to register for my new hands-on debugging class next month!
I’m not likely to teach this class again soon so if you want to take it, now is your chance 😊

Josh Stroschein | The Cyber Yeti Thanks for using PEbear! I know it is an old video, so it makes sense that you remap it this way. Just FYI, now the same thing can be done just by one click: youtube.com/watch?v=9Cqq44…

Antoine Cailliau Alexandre Dulaunoy @[email protected] Florian Roth Only executable files or any file format?
There are some datasets for specific formats, for example PDF:
corp.digitalcorpora.org/corpora/files/…
For MS Office: decalage.info/fr/download_ms…
Caveat: those datasets may contain some malicious files.
I'd be interested to find datasets for other formats.

Shout out to Andrea Allievi for building SkTool. The easiest way to find out what Hypervisor / secure kernel features are enabled on a system

We’ve recently introduced IDA 8.4, but have you noticed that it comes with a built-in tool for generating FLIRT signatures from a current database? Read more about the makesig plugin 🌐 hex-rays.com/blog/an-overvi…

#idapro #makesig

✍️🇻🇳My quick note about techniques employed by the threat actor in the phishing email to distribute #WarZoneRAT via #DBatLoader .
kienmanowar.wordpress.com/2024/04/09/qui…

I've got it today, so I can show how it looks IRL 😊. I think the print and overall quality is good. I believe some of you got it too. Are you happy from how it came out?