Order of Six Angles
Дорабатываю доклад про анализ малвари, с помощью LLM, а конкретно IDA MCP server, и презентую обновленный доклад на Sysconf (4 октября, Алматы). Стал использовать Cursor, вместо Cline. В режиме Auto, как я понял, он сам выбирает подходящую модель (gemini,…
С помощью IDA MCP можно даже дебажить
RIFT is an open-source tool consisting of a set of IDA Pro (supporting versions >=9.0) plugins and Python scripts that aim to assist reverse engineers and other software analysts in annotating library code in Rust malware.
https://github.com/microsoft/RIFT
https://github.com/microsoft/RIFT
GitHub
GitHub - microsoft/RIFT: Rust Library Recognition Project for Rust Malware by the MSTIC-MIRAGE Team
Rust Library Recognition Project for Rust Malware by the MSTIC-MIRAGE Team - microsoft/RIFT
An in-depth exploration of the Qualcomm KGSL Faults Subsystem, including patch analysis and vulnerability insights for CVE-2024-38399.
https://streypaws.github.io/posts/Fast-and-Faulty-A-Use-After-Free-in-KGSL-Fault-Handling/
https://streypaws.github.io/posts/Fast-and-Faulty-A-Use-After-Free-in-KGSL-Fault-Handling/
StreyPaws
Fast & Faulty - A Use After Free in KGSL Fault Handling
An in-depth exploration of the Qualcomm KGSL Faults Subsystem, including patch analysis and vulnerability insights for CVE-2024-38399.
This repository contains slides and hands-on materials for Emproof's workshop on firmware reverse engineering, presented at ScapyCon Automotive 2025. The workshop targets a technical audience with minimal security experience and teaches the fundamentals through practical, self-contained tasks.
https://github.com/emproof-com/workshop_firmware_reverse_engineering
https://github.com/emproof-com/workshop_firmware_reverse_engineering
GitHub
GitHub - emproof-com/workshop_firmware_reverse_engineering: Workshop on firmware reverse engineering
Workshop on firmware reverse engineering. Contribute to emproof-com/workshop_firmware_reverse_engineering development by creating an account on GitHub.
101 Chrome Exploitation — Part 1: Architecture
https://opzero.ru/en/press/101-chrome-exploitation-part-1-architecture/
https://opzero.ru/en/press/101-chrome-exploitation-part-1-architecture/
Operation Zero EN
101 Chrome Exploitation — Part 1: Architecture - Operation Zero EN
Modern web browsers have evolved from simple document viewers into sophisticated platforms capable of running complex web applications. At the heart of this transformation lies a carefully orchestrated architecture built around three fundamental components:…
Analysing a 1-day Vulnerability in the Linux Kernel's TLS Subsystem
https://faith2dxy.xyz/2025-10-02/kCTF-TLS-nday-analysis/
https://faith2dxy.xyz/2025-10-02/kCTF-TLS-nday-analysis/
faith2dxy.xyz
Analysing a 1-day Vulnerability in the Linux Kernel's TLS Subsystem
I recently decided to start doing some Linux kernel security research in my free time, with the goal of creating one of my own submissions in Google's kernelCTF…
"The Evolution of macOS Security from the Desert to the Lake" слайды
https://theevilbit.github.io/talks_workshops/2025/MacSysAdmin2025-Csaba-Fitzl-Evolution-of-macOS-Security.pdf
https://theevilbit.github.io/talks_workshops/2025/MacSysAdmin2025-Csaba-Fitzl-Evolution-of-macOS-Security.pdf
ANALYZING WINPMEM DRIVER VULNERABILITIES
https://static.ernw.de/whitepaper/ERNW_White_Paper_73-Analyzing_WinpMem_Driver_Vulnerabilities_1.0_signed.pdf
https://static.ernw.de/whitepaper/ERNW_White_Paper_73-Analyzing_WinpMem_Driver_Vulnerabilities_1.0_signed.pdf
BYOVD to the next level (part 2) — rootkit like it's 2025
https://blog.quarkslab.com/exploiting-lenovo-driver-cve-2025-8061_part2.html
https://blog.quarkslab.com/exploiting-lenovo-driver-cve-2025-8061_part2.html
Quarkslab
BYOVD to the next level (part 2) — rootkit like it's 2025 - Quarkslab's blog
Bring Your Own Vulnerable Driver (BYOVD) is a well-known post-exploitation technique used by adversaries. This blog post is part of a series. In part one we saw how to abuse a vulnerable driver to gain access to Ring-0 capabilities. In this second and final…
The Emulator's Gambit: Executing Code from Non-Executable Memory
https://redops.at/en/blog/the-emulators-gambit-executing-code-from-non-executable-memory
https://redops.at/en/blog/the-emulators-gambit-executing-code-from-non-executable-memory
RedOps - English
The Emulator's Gambit: Executing Code from Non-Executable Memory - RedOps
Recon 2025 - Breaking Obfuscated .NET Malware with Profiler Based Dynamic Binary Instrumentation
https://www.youtube.com/watch?v=jPDJ_Zo6jiY
https://www.youtube.com/watch?v=jPDJ_Zo6jiY
YouTube
Recon 2025 - Breaking Obfuscated .NET Malware with Profiler Based Dynamic Binary Instrumentation
Recon 2025 - Breaking Obfuscated .NET Malware with Profiler Based Dynamic Binary Instrumentation
Presenters: Lars Wallenborn, Tillmann Werner, Sebastian Walla, Steffen Haas
As malware authors increasingly adopt .NET for its ease of development and stability…
Presenters: Lars Wallenborn, Tillmann Werner, Sebastian Walla, Steffen Haas
As malware authors increasingly adopt .NET for its ease of development and stability…
Technical Analysis Report on the Cyber Attack on the National Time Service Center by the U.S. National Security Agency
https://mp.weixin.qq.com/s/XPjT0BVOJPJxSmASW0tXTA
https://mp.weixin.qq.com/s/XPjT0BVOJPJxSmASW0tXTA
Microsoft Windows Cloud Files Minifilter TOCTOU Privilege Escalation
https://blog.exodusintel.com/2025/10/20/microsoft-windows-cloud-files-minifilter-toctou-privilege-escalation/
https://blog.exodusintel.com/2025/10/20/microsoft-windows-cloud-files-minifilter-toctou-privilege-escalation/
Exodus Intelligence
Microsoft Windows Cloud Files Minifilter TOCTOU Privilege Escalation - Exodus Intelligence
By Michele Campa Overview In this blog post we take a look at a race condition we found in Microsoft Windows Cloud Minifilter (i.e. cldflt.sys ) in March 2024. This vulnerability was patched in October 2025 and assigned CVE-2025-55680 . The vulnerability…
AI-powered workflow automation and AI Agents for AppSec, Fuzzing & Offensive Security
https://github.com/FuzzingLabs/fuzzforge_ai
https://github.com/FuzzingLabs/fuzzforge_ai
A .NET assembly tracer using Harmony for runtime method interception.
https://github.com/eversinc33/NetRunner
https://github.com/eversinc33/NetRunner
GitHub
GitHub - eversinc33/NetRunner: A .NET assembly tracer using Harmony for runtime method interception.
A .NET assembly tracer using Harmony for runtime method interception. - eversinc33/NetRunner