Today, the China Cyberspace Security Association's WeChat official account published an article revealing details of US intelligence agencies frequently carrying out cyber attacks and stealing secrets in China's defense and military industries:
https://cn-sec.com/archives/4316015.html
https://cn-sec.com/archives/4316015.html
CN-SEC 中文网
中国网络空间安全协会:披露美情报机构对我国防军工领域实施网络攻击窃密详情
今日中国网络空间安全协会微信公众号发布文章披露美情报机构频繁对我国防军工领域实施网络攻击窃密详情:
Defeating String Obfuscation in Obfuscated NodeJS Malware using AST
https://dinohacks.com/posts/2025/2025-03-17-defeating-string-obfuscation-in-obfuscated-nodejs-malware/
https://dinohacks.com/posts/2025/2025-03-17-defeating-string-obfuscation-in-obfuscated-nodejs-malware/
Dinohacks
Defeating String Obfuscation in Obfuscated NodeJS Malware using AST
Defeating String Obfuscation in NodeJS Malware using Babel AST Parser
Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel
https://swarm.ptsecurity.com/kernel-hack-drill-and-a-new-approach-to-exploiting-cve-2024-50264-in-the-linux-kernel/
https://swarm.ptsecurity.com/kernel-hack-drill-and-a-new-approach-to-exploiting-cve-2024-50264-in-the-linux-kernel/
PT SWARM
Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel
Some memory corruption bugs are much harder to exploit than others. They can involve race conditions, crash the system, and impose limitations that make a researcher’s life difficult. Working with such fragile vulnerabilities demands significant time and…
Triaging Obfuscated Binaries with Binary Ninja and AssemblyLine
https://www.youtube.com/watch?v=6GaJ_VVv2gk
https://www.youtube.com/watch?v=6GaJ_VVv2gk
YouTube
Triaging Obfuscated Binaries with Binary Ninja and AssemblyLine (Stream - 26/08/2025)
Scavenger malware research resulted in the discovery of a number of malware variants using the xorstr C++ compile-time obfuscator. Throughout this stream we analyze binaries obfuscated with xorstr with Binary Ninja and AssemblyLine in order to triage new…
DiffRays is a research-oriented tool for binary patch diffing, designed to aid in vulnerability research, exploit development, and reverse engineering
https://github.com/pwnfuzz/diffrays
https://github.com/pwnfuzz/diffrays
GitHub
GitHub - pwnfuzz/diffrays: DiffRays is a research-oriented tool for binary patch diffing, designed to aid in vulnerability research…
DiffRays is a research-oriented tool for binary patch diffing, designed to aid in vulnerability research, exploit development, and reverse engineering. - pwnfuzz/diffrays
A powerful shell script for creating custom WSL (Windows Subsystem for Linux) distributions with embedded payloads.
https://github.com/m1ddl3w4r3/WSL_Payload_Builder
https://github.com/m1ddl3w4r3/WSL_Payload_Builder
GitHub
GitHub - m1ddl3w4r3/WSL_Payload_Builder: A powerful shell script for creating custom WSL (Windows Subsystem for Linux) distributions…
A powerful shell script for creating custom WSL (Windows Subsystem for Linux) distributions with embedded payloads. - m1ddl3w4r3/WSL_Payload_Builder
Hunting for Security Bugs in Code with AI Agents: A Full Walkthrough
https://muellerberndt.iss.onedium.com/hunting-for-security-bugs-in-code-with-ai-agents-a-full-walkthrough-a0dc24e1adf0
https://muellerberndt.iss.onedium.com/hunting-for-security-bugs-in-code-with-ai-agents-a-full-walkthrough-a0dc24e1adf0
Medium
Hunting for Security Bugs with AI Agents: A Full Walkthrough
In my previous article, I introduced Hound, an open-source code auditing tool that models the cognitive and organizational processes of…
An unexpected journey into Microsoft Defender's signature World
https://retooling.io/blog/an-unexpected-journey-into-microsoft-defenders-signature-world
https://retooling.io/blog/an-unexpected-journey-into-microsoft-defenders-signature-world
This class teaches Bluetooth reconnaisance and device identification, using the Blue2thprinting security tool
https://p.ost2.fyi/courses/course-v1:OpenSecurityTraining2+BT2222_Blue2thprinting+2025_v1/about
https://p.ost2.fyi/courses/course-v1:OpenSecurityTraining2+BT2222_Blue2thprinting+2025_v1/about
p.ost2.fyi
Bluetooth 2222: Bluetooth reconnaissance with Blue2thprinting
This class teaches Bluetooth reconnaissance & device identification using the Blue2thprinting software.
Хорошая статья по обфускации в образцах
https://cloud.google.com/blog/topics/threat-intelligence/scatterbrain-unmasking-poisonplug-obfuscator
https://cloud.google.com/blog/topics/threat-intelligence/scatterbrain-unmasking-poisonplug-obfuscator
Google Cloud Blog
ScatterBrain: Unmasking the Shadow of PoisonPlug's Obfuscator | Google Cloud Blog
We been tracking multiple espionage operations conducted by China-nexus actors utilizing POISONPLUG.SHADOW malware.
Reproducing a million-dollar bug: WhatsApp CVE-2019-11932 (with AFL & Frida)
https://www.ibm.com/think/x-force/reproducing-million-dollar-bug-whatsapp-cve-2019-11932-afl-frida
https://www.ibm.com/think/x-force/reproducing-million-dollar-bug-whatsapp-cve-2019-11932-afl-frida
Ibm
Reproducing a million-dollar bug: WhatsApp CVE-2019-11932 (with AFL & Frida) | IBM
Dive into research on a double-free vulnerability, CVE-2019-11932, in an image processing library used by WhatsApp and a GIF-processing vulnerability affecting Android mobile phones.
Windows local privilege escalation through the bitpixie vulnerability
https://blog.syss.com/posts/bitpixie/
https://blog.syss.com/posts/bitpixie/
SySS Tech Blog
Windows Local Privilege Escalation through the bitpixie Vulnerability
This blog post demonstrates how attackers can circumvent BitLocker drive encryption, how to protect against such attacks, and why acting now might pay off in the near future. The bitpixie vulnerability in Windows Boot Manager is caused by a flaw in the PXE…
Harnessing 101: A Beginner's Guide to Fuzzing Harnesses
https://gabe-sherman.github.io/2025-09-17-beginning_harnessing/
https://gabe-sherman.github.io/2025-09-17-beginning_harnessing/
Gabriel Sherman
Harnessing 101: A Beginner's Guide to Fuzzing Harnesses | Gabriel Sherman
As a newcomer to the computer security world working on my first paper, No Harness, No Problem: Oracle-guided Harnessing for Auto-generating C API Fuzzing Harnesses, I inevitably spent countless hours studying, building, and running fuzzing harnesses. This…
Order of Six Angles
готовлю доклад для 2600 на тему использования AI для malware analysis/vuln research (в частности MCP серверов) 😀
Дорабатываю доклад про анализ малвари, с помощью LLM, а конкретно IDA MCP server, и презентую обновленный доклад на Sysconf (4 октября, Алматы). Стал использовать Cursor, вместо Cline. В режиме Auto, как я понял, он сам выбирает подходящую модель (gemini, claude, gpt). Попробовал анализировать Rust бинарники, очень хороший результат. В них например трудно найти реальную Main функцию, LLM с этим справилась. Также проверил может ли Cursor строить call graph, результат на скрине. Промпт:
Также LLM помогают мне деобфусцировать код (как на скрине 2), обфусцированный с помощью Control flow flattening
построй граф вызова функции sub_140F05ED0, укажи ее Callers. Также укажи Calee каждой функции и нарисуй диаграмму в формате Mermaid
Также LLM помогают мне деобфусцировать код (как на скрине 2), обфусцированный с помощью Control flow flattening