Themida Spotter - A Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer’s obfuscated code locations. Can be useful to quickly find mutated and virtualized functions in a binary. Link: github.com/ergrelet/themi…

LIEF 0.15.0 is released! You can checkout lief.re/blog/2024-07-2… for the details.

Pleased to announce Gepetto is compatible with IDA 9.0 out of the box! Thanks to Hex-Rays SA for providing me with a beta key for testing. The next feature will be support for local models with Ollama. github.com/JusticeRage/Ge…

11th Annual Flare-On Challenge announcement cloud.google.com/blog/topics/th… #flareon11 #yara 👀

Gepetto 1.4 is officially released: github.com/JusticeRage/Ge… It's a cool one: - Support for local models - Added a CLI interface to interact with the model directly - Developing support for other models is now easier (no UI updates needed)

You've coded brilliant fallback codepath for case when menacing 𝐁𝐞𝐞𝐩 EDR is running, but have no rights to check its presence? EZ check: isBeepEdrDriverRunning = NtQueryFullAttributesFile( ObjAttr(L"\\Driver\\Beep"), NtCurrentTeb()) == STATUS_OBJECT_TYPE_MISMATCH;

Introducing Early Cascade Injection: from Windows process creation to stealthy injection outflank.nl/blog/2024/10/1…

flareon serpentine.exe ?

I wrote an article about known attacks on Elliptic Curve Cryptography, check it out! github.com/elikaski/ECC_A…

"Raspberry Robin uses an interesting approach to avoid detection while adding registry data. Rather than modifying the Windows registry directly using common Windows API functions (e.g. RegOpenKey, RegSetValueEx), Raspberry Robin first renames the target registry key to a random

Updated #TinyTracer (v2.9) is out: github.com/hasherezade/ti… ! Now you can trace indirect #syscalls, and dump context before each logged instruction.

Small gift for you! 🔺🟦🔺 Code to reliably stop almost any 3rd party Windows security system, via ci!CiValidateFileAsImageType. No privileges needed at all, user rights are enough. Shall work on most OS: 10 22H2, 11 24H2, WS2022. But: it requires CI policies (e.g. HVCI/UMCI on).

DataExplorer is a plugin for x64dbg that integrates the pattern language from WerWolv's ImHex. You can quickly visualize data structures in memory!

Bypass AMSI by uninitializing the IActiceScript object (zero ptr at 0x3c8). Slightly modified wscript no longer calls into AMSI.

I created a hypervisor-based emulator for Windows x64 binaries. This project uses Windows Hypervisor Platform to build a virtualized user-mode environment, allowing syscalls and memory accesses to be logged or intercepted. elastic.co/security-labs/… Project: github.com/x86matthew/Win…

🚀 Today I'm launching ArgFuscator: an open-source platform documenting command-line obfuscation tricks AND letting you generate your own 🔥 68 executables supported out of the box - use right away, make tweaks, or create your own 👉 Now available at argfuscator.net

My colleagues wrote about unpacking PyArmor V8 #PyArmor cyber.wtf/2025/02/12/unp…

We are thrilled to announce the winners of the 2024 Hex-Rays Plugin Contest! 🥇1st Place: hrtng 🥈2nd Place: aiDAPal 🥉3rd Place: idalib Rust bindings Check out our reviews of the winners and other notable submissions here: eu1.hubs.ly/H0gRDRn0 Huge thank you to all