Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel
https://swarm.ptsecurity.com/kernel-hack-drill-and-a-new-approach-to-exploiting-cve-2024-50264-in-the-linux-kernel/
https://swarm.ptsecurity.com/kernel-hack-drill-and-a-new-approach-to-exploiting-cve-2024-50264-in-the-linux-kernel/
PT SWARM
Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel
Some memory corruption bugs are much harder to exploit than others. They can involve race conditions, crash the system, and impose limitations that make a researcher’s life difficult. Working with such fragile vulnerabilities demands significant time and…
Triaging Obfuscated Binaries with Binary Ninja and AssemblyLine
https://www.youtube.com/watch?v=6GaJ_VVv2gk
https://www.youtube.com/watch?v=6GaJ_VVv2gk
YouTube
Triaging Obfuscated Binaries with Binary Ninja and AssemblyLine (Stream - 26/08/2025)
Scavenger malware research resulted in the discovery of a number of malware variants using the xorstr C++ compile-time obfuscator. Throughout this stream we analyze binaries obfuscated with xorstr with Binary Ninja and AssemblyLine in order to triage new…
DiffRays is a research-oriented tool for binary patch diffing, designed to aid in vulnerability research, exploit development, and reverse engineering
https://github.com/pwnfuzz/diffrays
https://github.com/pwnfuzz/diffrays
GitHub
GitHub - pwnfuzz/diffrays: DiffRays is a research-oriented tool for binary patch diffing, designed to aid in vulnerability research…
DiffRays is a research-oriented tool for binary patch diffing, designed to aid in vulnerability research, exploit development, and reverse engineering. - pwnfuzz/diffrays
A powerful shell script for creating custom WSL (Windows Subsystem for Linux) distributions with embedded payloads.
https://github.com/m1ddl3w4r3/WSL_Payload_Builder
https://github.com/m1ddl3w4r3/WSL_Payload_Builder
GitHub
GitHub - m1ddl3w4r3/WSL_Payload_Builder: A powerful shell script for creating custom WSL (Windows Subsystem for Linux) distributions…
A powerful shell script for creating custom WSL (Windows Subsystem for Linux) distributions with embedded payloads. - m1ddl3w4r3/WSL_Payload_Builder
Hunting for Security Bugs in Code with AI Agents: A Full Walkthrough
https://muellerberndt.iss.onedium.com/hunting-for-security-bugs-in-code-with-ai-agents-a-full-walkthrough-a0dc24e1adf0
https://muellerberndt.iss.onedium.com/hunting-for-security-bugs-in-code-with-ai-agents-a-full-walkthrough-a0dc24e1adf0
Medium
Hunting for Security Bugs with AI Agents: A Full Walkthrough
In my previous article, I introduced Hound, an open-source code auditing tool that models the cognitive and organizational processes of…
An unexpected journey into Microsoft Defender's signature World
https://retooling.io/blog/an-unexpected-journey-into-microsoft-defenders-signature-world
https://retooling.io/blog/an-unexpected-journey-into-microsoft-defenders-signature-world
This class teaches Bluetooth reconnaisance and device identification, using the Blue2thprinting security tool
https://p.ost2.fyi/courses/course-v1:OpenSecurityTraining2+BT2222_Blue2thprinting+2025_v1/about
https://p.ost2.fyi/courses/course-v1:OpenSecurityTraining2+BT2222_Blue2thprinting+2025_v1/about
p.ost2.fyi
Bluetooth 2222: Bluetooth reconnaissance with Blue2thprinting
This class teaches Bluetooth reconnaissance & device identification using the Blue2thprinting software.
Хорошая статья по обфускации в образцах
https://cloud.google.com/blog/topics/threat-intelligence/scatterbrain-unmasking-poisonplug-obfuscator
https://cloud.google.com/blog/topics/threat-intelligence/scatterbrain-unmasking-poisonplug-obfuscator
Google Cloud Blog
ScatterBrain: Unmasking the Shadow of PoisonPlug's Obfuscator | Google Cloud Blog
We been tracking multiple espionage operations conducted by China-nexus actors utilizing POISONPLUG.SHADOW malware.
Reproducing a million-dollar bug: WhatsApp CVE-2019-11932 (with AFL & Frida)
https://www.ibm.com/think/x-force/reproducing-million-dollar-bug-whatsapp-cve-2019-11932-afl-frida
https://www.ibm.com/think/x-force/reproducing-million-dollar-bug-whatsapp-cve-2019-11932-afl-frida
Ibm
Reproducing a million-dollar bug: WhatsApp CVE-2019-11932 (with AFL & Frida) | IBM
Dive into research on a double-free vulnerability, CVE-2019-11932, in an image processing library used by WhatsApp and a GIF-processing vulnerability affecting Android mobile phones.
Windows local privilege escalation through the bitpixie vulnerability
https://blog.syss.com/posts/bitpixie/
https://blog.syss.com/posts/bitpixie/
SySS Tech Blog
Windows Local Privilege Escalation through the bitpixie Vulnerability
This blog post demonstrates how attackers can circumvent BitLocker drive encryption, how to protect against such attacks, and why acting now might pay off in the near future. The bitpixie vulnerability in Windows Boot Manager is caused by a flaw in the PXE…
Harnessing 101: A Beginner's Guide to Fuzzing Harnesses
https://gabe-sherman.github.io/2025-09-17-beginning_harnessing/
https://gabe-sherman.github.io/2025-09-17-beginning_harnessing/
Gabriel Sherman
Harnessing 101: A Beginner's Guide to Fuzzing Harnesses | Gabriel Sherman
As a newcomer to the computer security world working on my first paper, No Harness, No Problem: Oracle-guided Harnessing for Auto-generating C API Fuzzing Harnesses, I inevitably spent countless hours studying, building, and running fuzzing harnesses. This…
Order of Six Angles
готовлю доклад для 2600 на тему использования AI для malware analysis/vuln research (в частности MCP серверов) 😀
Дорабатываю доклад про анализ малвари, с помощью LLM, а конкретно IDA MCP server, и презентую обновленный доклад на Sysconf (4 октября, Алматы). Стал использовать Cursor, вместо Cline. В режиме Auto, как я понял, он сам выбирает подходящую модель (gemini, claude, gpt). Попробовал анализировать Rust бинарники, очень хороший результат. В них например трудно найти реальную Main функцию, LLM с этим справилась. Также проверил может ли Cursor строить call graph, результат на скрине. Промпт:
Также LLM помогают мне деобфусцировать код (как на скрине 2), обфусцированный с помощью Control flow flattening
построй граф вызова функции sub_140F05ED0, укажи ее Callers. Также укажи Calee каждой функции и нарисуй диаграмму в формате Mermaid
Также LLM помогают мне деобфусцировать код (как на скрине 2), обфусцированный с помощью Control flow flattening
Order of Six Angles
Дорабатываю доклад про анализ малвари, с помощью LLM, а конкретно IDA MCP server, и презентую обновленный доклад на Sysconf (4 октября, Алматы). Стал использовать Cursor, вместо Cline. В режиме Auto, как я понял, он сам выбирает подходящую модель (gemini,…
Деобфусцированный вариант большой control flow flattened функции
How Does the iOS Kernel Copy Memory? (Virtual Memory Internals)
https://www.youtube.com/watch?v=0hxUEaDp1AA
https://www.youtube.com/watch?v=0hxUEaDp1AA
YouTube
How Does the Kernel Copy Memory so Quickly?
Are you a security researcher or reverse engineer?
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individuals…
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individuals…
Order of Six Angles
Дорабатываю доклад про анализ малвари, с помощью LLM, а конкретно IDA MCP server, и презентую обновленный доклад на Sysconf (4 октября, Алматы). Стал использовать Cursor, вместо Cline. В режиме Auto, как я понял, он сам выбирает подходящую модель (gemini,…
С помощью IDA MCP можно даже дебажить