The Process Environment Block (PEB) – A Hacker’s Playground? More about PEB and how Lazarus/Diamond Sleet abused it in the past here: malwareandstuff.com/peb-where-magi… #cybersecurity #malware #infosec #reverseengineering #peb #windows

Ever heard about "nanomites"? 🐞🖥️ By allowing a parent process to control its child, the technique can hinder reverse engineers from debugging a binary. malwareandstuff.com/nanomites-on-l… #malware #cybersecurity #infosec #reverseengineering #nanomites

🚨 Then vs. Now: The Evolution of DDoS Attacks 🚨 In 2016, Mirai's botnet caused chaos with a 1.2 Tbps DDoS attack(theguardian.com/technology/201…). Fast forward to 2025, and we’re now witnessing 5.6 Tbps attacks—nearly 5x the scale! thehackernews.com/2025/01/mirai-… Mirai botnet was first

🚀 MSTIC Uncovers STAR Blizzard Spear-Phishing Campaign Targeting WhatsApp Users Microsoft has identified STAR Blizzard, a phishing campaign targeting WhatsApp accounts through social engineering. microsoft.com/en-us/security… #threatintel #infosec #starblizzard #mstic

🚨 Secret Blizzard, a Russian nation-state actor exploits other hackers' infrastructure to evade detection & conduct espionage. 🔍 Learn more: 🔗 Part I: microsoft.com/en-us/security… 🔗 Part II: microsoft.com/en-us/security… #CyberSecurity #ThreatIntelligence #malware #infosec

Russia-Linked “BadPilot” Cyber Campaign Exposed 🚨 Microsoft has uncovered a multiyear global access operation executed by a sub group of Seashell Blizzard, a Russian nation state actor. microsoft.com/en-us/security… #threatintel #cybersecurity #infosec #microsoft #mstic

Symbolic Execution is powerful technique that explores all possible execution paths without actual inputs. An interesting display of this technique is below: doar-e.github.io/blog/2014/10/1… #malware #reverseengineering #cybersecurity #infosec #symbolicexecution

Andreas Klopsch will be presenting about "Unveiling RIFT: Advanced Pattern Matching for Rust Libraries" at Recon Montreal recon.cx more details to come soon #reverseengineering #cybersecurity

🔍 Exploring Domain Generation Algorithms (DGAs) in Malware 🔍 Below is an article I wrote years ago, which explains the difference between seed based and dictionary based algorithms. malwareandstuff.com/dgas-generatin… #malware #infosec #cybersecurity #dga #dns

x.com/i/article/1907…

Recon CFP ends in less than 2 weeks on April 28. Prices for the training and conference increase on May 1st. Register now to save with early bird price. We have already announced a few talks and workshops, and more videos from last year have been released. recon.cx

The deep dive below into PebbleDash’s FakeTLS C2 protocol shows how North Korean APTs fake TLS handshakes and use hardcoded RC4 encryption to blend in with legit HTTPS traffic. malwareandstuff.com/reversing-pebb… #malware #infosec #reverseengineering #pebbledash #cybersecurity #windows

Presenting "Unveiling RIFT: Advanced Pattern Matching for Rust Libraries" at RECON Montreal 2025! Sharing research on discovering Rust dependencies in compiled binaries. See you there! 🚀 #RECON2025 #RustLang #ReverseEngineering

Unpacking VMProtect 3 (x64) 🤷‍♂️

Do you find analyzing Rust binaries/malware tedious and unpleasant? You’re not alone! If you’re attending #REcon this year, our own Andreas Klopsch will be unveiling #RIFT today at 2PM EST (not at REcon? We got you covered, stay tuned). We have been using RIFT internally for some

🚨 RIFT Update: We’ve boosted our compiler detection! 🛠️ Now with sharper insights into binaries built using GNU, MinGW, and MSVC toolchains. More enhancements are on the way—stay tuned! 🔍✨ #ReverseEngineering #MalwareAnalysis #RIFT #malware #msft github.com/microsoft/RIFT

🚨 RIFT update! Now supports FLIRT signature generation on Linux 🐧 🔗 github.com/microsoft/RIFT #RustLang #MalwareAnalysis #ReverseEngineering #DFIR #FLIRT

🚨 Microsoft reports Russian APT Secret Blizzard is targeting embassies in Moscow with AiTM attacks using ApolloShadow malware. It installs a trusted root cert to spoof legit sites & maintain persistence—ongoing since 2024. 🧵 Details: microsoft.com/en-us/security… #CyberSecurity

🚨 Ever tangled with virtual machine-based code protection? 🚨 In 2020, I wrote a virtual machine deobfuscator for a crack me challenge. Check it out! malwareandstuff.com/taming-virtual… malwareandstuff.com/taming-virtual… 🔍 #ReverseEngineering #MalwareAnalysis #windows #idapro #deobfuscation

#PipeMagic is a highly modular backdoor used by the financially motivated threat actor Storm-2460. It masquerades as a legitimate open-source ChatGPT Desktop Application. Microsoft Threat Intelligence encountered PipeMagic as part of research on an attack chain involving the