medium.com/walmartglobalt…

Also made a quick video on how to install TitanHide in Windows Sandbox using the SandboxBootkit project. It takes about 3 minutes end-to-end.

Top 10 last week's threats by uploads 🌐 ⬇️ #Lumma 353 (490) ⬆️ #Remcos 292 (228) ⬆️ #Agenttesla 291 (251) ⬆️ #Asyncrat 273 (190) ⬆️ #Dcrat 242 (159) ⬆️ #Xworm 198 (195) ⬇️ #Snake 180 (203) ⬇️ #Neconyd 175 (220) ⬆️ #Quasar 144 (115) ⬆️ #Darkcrystal 113 (73) Track them all:

We've uploaded our Time Travel Debugging in Binary Ninja stream with Xusheng Li from Vector 35 where we unpacked malware and analyzed anti-analysis capabilities with TTD traces. Enjoy!

medium.com/walmartglobalt…

Analyzing LNK malware? Unit 42 details the structure of LNK files, then dissects overlay content execution techniques and more. Learn how attackers exploit the flexibility of this file type. bit.ly/3InIu7C

Attackers are more frequently using Windows shortcut (LNK) files to distribute malware. We cover four main categories of LNK malware: exploit execution, malicious file execution, in-argument script execution and overlay execution. bit.ly/3InIu7C

🚨 April 2025 Content Round Up 🗄️ How to Dump Manually Mapped DLLs 🛡️ Windows Defender Bypass - Token Manipulation 🔍 Analyzing PolyGlot IcedID Malware 🕵️ Reverse Engineering Runescape 3 Packets 📚 C++ Game Hacking Library 📋 MMO Packet Logging Tutorial 🐍 Python Game Hacking -

Binary Ninja 5.1 is now released: binary.ninja/2025/07/24/5.1… - New WARP function matching - Pseudo Objective-C - Binexport plugin built-in - IL Rewriting Examples, APIs, and Docs - Arch: PPC VLE, mips-r5900, x32 + Much more!

Run somewhere

Payload statistics from July 2025 📊 We observed 625 tasks distributed by threat actors across the tracked botnets. This resulted in 2367 unique payloads. Top families: 1. #GCleaner 2. #Amadey 3. #LummaStealer 4. #NirSoftNirCmd 5. #QuasarRAT Unpacking & detection: UNPACME

Want to learn how compilers use global pointers? Or just want to know how Binary Ninja handles them during analysis and how you can get the best decompilation? Xusheng walks you through it our latest blog post: binary.ninja/2025/08/07/wor…

New blogpost, this time about different ways to dump lsass. While not novel, I explain all techniques and uploaded a full implementation of different ways of dumping lsass: github.com/yo-yo-yo-jbo/d… As a reminder, all my content is available at jonathanbaror.com

Ransomware groups don’t just encrypt files, they steal them first. Data staging + exfiltration is the most common step before encryption. Here's how it happens (with real tactics + command lines):👇 okt.to/UWIZev

I just released a new video: How WSL 1 Works. In this video, I explain how Windows Subsystem for Linux version 1 runs ELF binaries. trainsec.net/library/window…

Eight years later, I’ve updated my most-starred GitHub repository with some new Frida scripts, inspired by spaceraccoon | Eugene Lim new book “From Day Zero to Zero Day”. Check it out: github.com/0xdea/frida-sc…

🚦 Stop guessing and start GOing. The upcoming IDA 9.2 release brings cleaner Golang decompilation with tuple types. Read the full blog: eu1.hubs.ly/H0mFg8l0

GOLD

GOLD. Thanks for the vids