Try the ask_ida/c++ GPT [ chat.openai.com/g/g-VgbIr9TQQ-… ] for IDA SDK related questions in C/C++.

Finally got EagleVM in a somewhat stable place after actually writing some tests. Pretty happy with the current state of the project but there is still a lot I want to add. Looking forward to soon releasing the 1.0 🤠 github.com/notpidgey/Eagl…

An unexpected journey into Microsoft Defender's signature World: retooling.io/blog/an-unexpe…

Despite being a minor release, there are a lot of updates. More will come in 2025!

Both Intel SDM v86 and Instruction Set Extensions Programming Reference v56 are out. intel.com/sdm SDM updates are minor. The other adds proper virtualization of IA32_SPEC_CTRL (on top of mask/shadow added before).

"we de-virtualized the anticheat, now what?"

Happy to share a draft I should have published a while ago - designing an AV like audio filter driver to control microphone access on a per-process basis, experimenting with some Windows audio subsystem internals in the process. 0mwindybug.github.io/AudioGuard/

Denuvo Analysis connorjaydunn.github.io/blog/posts/den…

I created a hypervisor-based emulator for Windows x64 binaries. This project uses Windows Hypervisor Platform to build a virtualized user-mode environment, allowing syscalls and memory accesses to be logged or intercepted. elastic.co/security-labs/… Project: github.com/x86matthew/Win…

In the latest and greatest episode of the Guided Hacking Podcast we had the unique honor of interviewing the Titan of Anti-Cheat: Nemi Learn the story behind his prodigious rise to power through the DoD, Blizzard, Riot Games, Byfron and Roblox. 👉youtu.be/6xET66eitYY

Added AMD support to hvext, the windbg extension for reversing Hyper-V! github.com/tandasat/hvext You can easily check what SVM features are enabled, which MSRs and IO ports are accessible, and how nested page table looks like, for NT, SK and regular VMs.

Check-out github.com/djolertrk/kovi… - a collection of LLVM and GCC plugins for code obfuscation. It is free and open source. I will be adding more plugins that represent different obfuscation techniques.

My presentation slides "UEFI Bootkit Hunting: In-Depth Search for Unique Code Behavior" RE//verse are available online github.com/binarly-io/Res…

Some exciting research to share from Binarly REsearchers Takahiro Haruyama and Fabio Pagani -- a novel approach to UEFI bootkit detection. 🔥Read the technical paper: "UEFI Bootkit Hunting: In-Depth Search for Unique Code Behavior" 👉 binarly.io/blog/uefi-boot…

Intel E-cores behave differently in virtual machines than P-cores. This plays an important role in debugging hypervisor technology within heterogeneous systems. See my article, The Mysterious Behavior of the Intel E-cores, here: asset-intertech.com/resources/blog…

Nice to see Intel and MSFT's posts on VT-rp / HVPT. If you are interested in playing with the feature, simple example code is here: github.com/tandasat/Hello…

The new blog post on supervisor shadow stack restrictions / supervisor shadow-stack control tandasat.github.io/blog/2025/04/0…

Good news! The recording of our talk at REcon 2024, JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and DCI/EXDI, presented together with Ivan Rouzanov, is now available on YouTube: youtube.com/watch?v=YKFXWs…. Turn on subtitles.

ok its finally done: the improved version of no-defender, a tool that interacts with WSC api to disable window defender the way how microsoft intended it github.com/es3n1n/defendn…

My new blog post 🥳 Improving AFD Socket Visibility for Windows Forensics & Troubleshooting It discusses the low-level API under Winsock (IOCTLs on \Device\Afd handles) and explores the workings of the new socket inspection feature in System Informer 🔥 huntandhackett.com/blog/improving…