Just built an MCP for Ghidra. Now basically any LLM (Claude, Gemini, local...) can Reverse Engineer malware for you. With the right prompting, it automates a *ton* of tedious tasks. One-shot markups of entire binaries with just a click. Open source, on Github now.

Unpacking VMProtect 3 (x64) 🤷‍♂️

🔥 TitanHide has been updated to support the latest VMProtect 3.9.4 changes! The service name is now used as the device name as well, so the check for \\.\TitanHide will fail if you name the service differently 🧠

Good morning! Just published a deep dive into PatchGuard internals: how it works, key internal functions, context init, and possible bypasses. r0keb.github.io/posts/PatchGua…

In case you missed Black Hat USA 2025? Here are all the slides🫡 🔗github.com/onhexgroup/Con…

Confirmed! Verichains Cyber Force chained two unique bugs - including an auth bypass - to exploit the Synology DS925+ and run code as root. Their work earns them $20,000 and 4 Master of Pwn points. #Pwn2Own

as promised gist.github.com/superfashi/563…

Free ChatGPT & DeepSeek API keys.

I've recently been experimenting with using .NET profilers to hook .NET functions under IIS and decided to write up a blog post while it was fresh in my mind zeroed.tech/blog/hooking-n…

My new article, “Ryūjin – Writing a Bin2Bin Obfuscator from Scratch for Windows PE x64 and Fully Deobfuscating It,” covers in detail the creation of a own Bin2Bin obfuscator tool, named “Ryūjin". Check it out: keowu.re/posts/Ry%C5%AB…

#tools #reversing #Kernel_Security Using MCP for Debugging, Reversing, and Threat Analysis Part 0 - AI Meets WinDBG - svnscha.de/posts/ai-meets… ]-> MCP Server for WinDbg Crash Analysis - github.com/svnscha/mcp-wi… Part 1 - Setting up VS Code, MCP Server, and WinDbg crashdump analysis

Extract SAM and SYSTEM using Volume Shadow Copy (VSS) API. With multiple exfiltration options and XOR obfuscation github.com/ricardojoserf/…

Rhadamanthys loader deobfuscation cyber.wtf/2025/11/19/rha…

Dropping a new article. It's about a new local privilege escalation technique that becomes viable when a writable system path is present. Yet another technique. It uses Windows Audio for escalation and doesn't require system reboots. medium.com/@S.1.l.k.y/abu…

Dropping some tooling to assist with Windows RE (or any really); bulk download modules across all versions, search for call chains from references, immediates, instructions, etc. Has been useful for mass-analysis, cross-version diffing, variant analysis, and just generally

AV/EDR Lab Environment Setup A curated list of various resources helpful in building own malware-centric research lab. A post by Udayveer Singh (Udayveer Singh) Source: an0nud4y.notion.site/AV-EDR-Lab-Env… #redteam #blueteam #maldev #malwaredevelopment