I repropose my notes about x86, Linux and virtualization in a single text file (~2500 lines only) for my fellow students in Sapienza. gist.githubusercontent.com/andreafioraldi…

First part of a research on Windows Defender main driver - WdFilter n4r1b.netlify.com/en/posts/2020/…

If you are interested in developing hypervisors as UEFI modules, MiniVisor is for you: github.com/tandasat/MiniV… Also Bruce Dang and I are offering a 5-day class on the development of hypervisor, including UEFI version, in October. See details at gracefulbits.regfox.com/hypervisor-dev…

Check out my post on Extracting and Diffing Windows Patches in 2020 wumb0.in/extracting-and… Let me know what you think

The slides for the talk "Speedpwning VMware Workstation" we did with Bruno at Ekoparty are online :)

If you are into CFI, CFG and XFG, you may like this: I wrote a blog post about how the MSVC compiler generates XFG function prototype hashes blog.quarkslab.com/how-the-mvsc-c…

VMProtect 2 - Detailed Analysis of the Virtual Machine Architecture by IDontCode back.engineering/17/05/2021/#pr…

It has taken several months and hundreds of hours of research to get to this point where semantically accurate static devirtualization of VMProtect 2 protected binaries is possible. A few hundred more hours to go! LLVM Optimization passes are the TODO! githacks.org/-/snippets/45

WinAPi Search - Search a single or multiple binary PE files by Win32 function name. dennisbabkin.com/winapisearch/

Latest VS 17.9 (Preview) IDE feature delivered by our team: Memory Layout visualization for C++ classes/structs/unions: devblogs.microsoft.com/visualstudio/s… #cpp #cplusplus

The Windows Registry Adventure #4: Hives and the registry layout googleprojectzero.blogspot.com/2024/10/the-wi…

I spent the last month reverse engineering Call of Duty's anti-cheat! Blog post here: ssno.cc/posts/reversin…

Dug into Riot Vanguard's kernel driver's dispatch table hooks. The article took an unexpected turn half way through, as I found some not yet documented stuff, such as the complete list of system calls hooked by the driver. Article link: archie-osu.github.io/2025/04/11/van…

There is no significant difference up until January 2025, except for the additional step of encrypting the .dcl file before it is decrypted and its contents logged to the kernel log. TrendMicro Anti-Malware Solution Platform White-list process. gist.github.com/anghiammk/8d1c…

The hacker is presumed to be Chinese, not North Korean. docs.google.com/document/d/16Z…

Founding - a generator that will create a loader encrypted or obfuscated with different execution types #redteam github.com/SenSecurity/Fo…

Really looking forward to this! I will be doing a demo about previous work I did a few months ago on examining VTL 0 <-> VTL 1 communication and showcasing the two associated tools, SkBridge (to manually invoke secure calls) and Vtl1Mon (monitoring them)! connormcgarr.github.io/secure-calls-a…

Sharing for those who haven’t seen this announcement! Should be a great stream with the legend Pavel Yosifovich! EDR internals and Rust, say no more, take my money!! youtube.com/live/HtyQZBLzK… #cyber #blueteam #windowsinternals #redteam #cybersecurity #infosec #winternals

Just shipped a WinDbg x64 extension that turns live disassembly into verified pseudocode via LLM — chunked multi-pass analysis, in-process HTTP, mock fallback, and a verification pass that cross-checks LLM output against original analysis facts. github.com/kernullist/win…