Both Intel SDM v86 and Instruction Set Extensions Programming Reference v56 are out. intel.com/sdm SDM updates are minor. The other adds proper virtualization of IA32_SPEC_CTRL (on top of mask/shadow added before).

can someone help me with this math

1/8: Did someone just add #CTF code to the #AMOS stealer?.. After analysis of a yet undetected ‘lobsterstealer’ sample discovered by Yogesh Londhe, we found a few noticeable things that differentiate it from regular filegrabbers we’ve seen before.

For the hardcore reverse engineers and malware analysts out there, my ex-colleague just dropped a deep dive into 'Scatterbrain,' the obfuscator behind PoisonPlug malware. If you're into long technical breakdowns, this one's worth a read. cloud.google.com/blog/topics/th…

I discuss the creation of Mergen, VM based obfuscations, and explore how compiler techniques are used for reverse engineering and deobfuscation. nac-l.github.io/2025/01/25/lif…

Disassembly algorithms are often a trade-off. My new blog post analyzes linear sweep and recursive traversal, exploring their strengths and weaknesses in a self-built disassemblers. nicolo.dev/en/blog/disass…

github.com/google/securit… Our newest research project is finally public! We can load malicious microcode on Zen1-Zen4 CPUs!

Here are the details about the AMD Signature verification vulnerability we worked on, Enjoy! bughunters.google.com/blog/542484235…

STOP DOING LISP

Spent the last week working on a tool to help the process of manually deobfuscating obfuscator.io's output... github.com/estr3llas/clr-…

смех estrellas

SE resulting in substantial crypto theft. Initial payload was a very large (700mb+) .msi. Two new samples named, some oleview.exe sideloading fun as well. Little shoutout to 5pider 's HavocFramework project. kroll.com/en/insights/pu…

CAPE Sandbox exposes an HTTP endpoint (http://localhost:8000/browser_extension) used to log HTTP trafifc. You can detect CAPE by sending a dummy HTTP request to this endpoint and checking the response. You can then craft fake HTTP data and it’ll show up on VirusTotal.

Graph Theory for Reverse Engineers Or “everything actually is a nail, you just need a bigger hammer” remyhax.xyz/posts/graph-th…

maiden :3

Our ongoing research about a drive-by compromise that affects even pre-installed versions of the application just had its first part released! You can read it at: kroll.com/en/insights/pu…