Хорошая статья по обфускации в образцах
https://cloud.google.com/blog/topics/threat-intelligence/scatterbrain-unmasking-poisonplug-obfuscator
https://cloud.google.com/blog/topics/threat-intelligence/scatterbrain-unmasking-poisonplug-obfuscator
Google Cloud Blog
ScatterBrain: Unmasking the Shadow of PoisonPlug's Obfuscator | Google Cloud Blog
We been tracking multiple espionage operations conducted by China-nexus actors utilizing POISONPLUG.SHADOW malware.
Reproducing a million-dollar bug: WhatsApp CVE-2019-11932 (with AFL & Frida)
https://www.ibm.com/think/x-force/reproducing-million-dollar-bug-whatsapp-cve-2019-11932-afl-frida
https://www.ibm.com/think/x-force/reproducing-million-dollar-bug-whatsapp-cve-2019-11932-afl-frida
Ibm
Reproducing a million-dollar bug: WhatsApp CVE-2019-11932 (with AFL & Frida) | IBM
Dive into research on a double-free vulnerability, CVE-2019-11932, in an image processing library used by WhatsApp and a GIF-processing vulnerability affecting Android mobile phones.
Windows local privilege escalation through the bitpixie vulnerability
https://blog.syss.com/posts/bitpixie/
https://blog.syss.com/posts/bitpixie/
SySS Tech Blog
Windows Local Privilege Escalation through the bitpixie Vulnerability
This blog post demonstrates how attackers can circumvent BitLocker drive encryption, how to protect against such attacks, and why acting now might pay off in the near future. The bitpixie vulnerability in Windows Boot Manager is caused by a flaw in the PXE…
Harnessing 101: A Beginner's Guide to Fuzzing Harnesses
https://gabe-sherman.github.io/2025-09-17-beginning_harnessing/
https://gabe-sherman.github.io/2025-09-17-beginning_harnessing/
Gabriel Sherman
Harnessing 101: A Beginner's Guide to Fuzzing Harnesses | Gabriel Sherman
As a newcomer to the computer security world working on my first paper, No Harness, No Problem: Oracle-guided Harnessing for Auto-generating C API Fuzzing Harnesses, I inevitably spent countless hours studying, building, and running fuzzing harnesses. This…
Order of Six Angles
готовлю доклад для 2600 на тему использования AI для malware analysis/vuln research (в частности MCP серверов) 😀
Дорабатываю доклад про анализ малвари, с помощью LLM, а конкретно IDA MCP server, и презентую обновленный доклад на Sysconf (4 октября, Алматы). Стал использовать Cursor, вместо Cline. В режиме Auto, как я понял, он сам выбирает подходящую модель (gemini, claude, gpt). Попробовал анализировать Rust бинарники, очень хороший результат. В них например трудно найти реальную Main функцию, LLM с этим справилась. Также проверил может ли Cursor строить call graph, результат на скрине. Промпт:
Также LLM помогают мне деобфусцировать код (как на скрине 2), обфусцированный с помощью Control flow flattening
построй граф вызова функции sub_140F05ED0, укажи ее Callers. Также укажи Calee каждой функции и нарисуй диаграмму в формате Mermaid
Также LLM помогают мне деобфусцировать код (как на скрине 2), обфусцированный с помощью Control flow flattening
Order of Six Angles
Дорабатываю доклад про анализ малвари, с помощью LLM, а конкретно IDA MCP server, и презентую обновленный доклад на Sysconf (4 октября, Алматы). Стал использовать Cursor, вместо Cline. В режиме Auto, как я понял, он сам выбирает подходящую модель (gemini,…
Деобфусцированный вариант большой control flow flattened функции
How Does the iOS Kernel Copy Memory? (Virtual Memory Internals)
https://www.youtube.com/watch?v=0hxUEaDp1AA
https://www.youtube.com/watch?v=0hxUEaDp1AA
YouTube
How Does the Kernel Copy Memory so Quickly?
Are you a security researcher or reverse engineer?
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individuals…
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individuals…
Order of Six Angles
Дорабатываю доклад про анализ малвари, с помощью LLM, а конкретно IDA MCP server, и презентую обновленный доклад на Sysconf (4 октября, Алматы). Стал использовать Cursor, вместо Cline. В режиме Auto, как я понял, он сам выбирает подходящую модель (gemini,…
С помощью IDA MCP можно даже дебажить
RIFT is an open-source tool consisting of a set of IDA Pro (supporting versions >=9.0) plugins and Python scripts that aim to assist reverse engineers and other software analysts in annotating library code in Rust malware.
https://github.com/microsoft/RIFT
https://github.com/microsoft/RIFT
GitHub
GitHub - microsoft/RIFT: Rust Library Recognition Project for Rust Malware by the MSTIC-MIRAGE Team
Rust Library Recognition Project for Rust Malware by the MSTIC-MIRAGE Team - microsoft/RIFT
An in-depth exploration of the Qualcomm KGSL Faults Subsystem, including patch analysis and vulnerability insights for CVE-2024-38399.
https://streypaws.github.io/posts/Fast-and-Faulty-A-Use-After-Free-in-KGSL-Fault-Handling/
https://streypaws.github.io/posts/Fast-and-Faulty-A-Use-After-Free-in-KGSL-Fault-Handling/
StreyPaws
Fast & Faulty - A Use After Free in KGSL Fault Handling
An in-depth exploration of the Qualcomm KGSL Faults Subsystem, including patch analysis and vulnerability insights for CVE-2024-38399.
This repository contains slides and hands-on materials for Emproof's workshop on firmware reverse engineering, presented at ScapyCon Automotive 2025. The workshop targets a technical audience with minimal security experience and teaches the fundamentals through practical, self-contained tasks.
https://github.com/emproof-com/workshop_firmware_reverse_engineering
https://github.com/emproof-com/workshop_firmware_reverse_engineering
GitHub
GitHub - emproof-com/workshop_firmware_reverse_engineering: Workshop on firmware reverse engineering
Workshop on firmware reverse engineering. Contribute to emproof-com/workshop_firmware_reverse_engineering development by creating an account on GitHub.
101 Chrome Exploitation — Part 1: Architecture
https://opzero.ru/en/press/101-chrome-exploitation-part-1-architecture/
https://opzero.ru/en/press/101-chrome-exploitation-part-1-architecture/
Operation Zero EN
101 Chrome Exploitation — Part 1: Architecture - Operation Zero EN
Modern web browsers have evolved from simple document viewers into sophisticated platforms capable of running complex web applications. At the heart of this transformation lies a carefully orchestrated architecture built around three fundamental components:…
Analysing a 1-day Vulnerability in the Linux Kernel's TLS Subsystem
https://faith2dxy.xyz/2025-10-02/kCTF-TLS-nday-analysis/
https://faith2dxy.xyz/2025-10-02/kCTF-TLS-nday-analysis/
faith2dxy.xyz
Analysing a 1-day Vulnerability in the Linux Kernel's TLS Subsystem
I recently decided to start doing some Linux kernel security research in my free time, with the goal of creating one of my own submissions in Google's kernelCTF…
"The Evolution of macOS Security from the Desert to the Lake" слайды
https://theevilbit.github.io/talks_workshops/2025/MacSysAdmin2025-Csaba-Fitzl-Evolution-of-macOS-Security.pdf
https://theevilbit.github.io/talks_workshops/2025/MacSysAdmin2025-Csaba-Fitzl-Evolution-of-macOS-Security.pdf