Technical Analysis Report on the Cyber Attack on the National Time Service Center by the U.S. National Security Agency
https://mp.weixin.qq.com/s/XPjT0BVOJPJxSmASW0tXTA
https://mp.weixin.qq.com/s/XPjT0BVOJPJxSmASW0tXTA
Microsoft Windows Cloud Files Minifilter TOCTOU Privilege Escalation
https://blog.exodusintel.com/2025/10/20/microsoft-windows-cloud-files-minifilter-toctou-privilege-escalation/
https://blog.exodusintel.com/2025/10/20/microsoft-windows-cloud-files-minifilter-toctou-privilege-escalation/
Exodus Intelligence
Microsoft Windows Cloud Files Minifilter TOCTOU Privilege Escalation - Exodus Intelligence
By Michele Campa Overview In this blog post we take a look at a race condition we found in Microsoft Windows Cloud Minifilter (i.e. cldflt.sys ) in March 2024. This vulnerability was patched in October 2025 and assigned CVE-2025-55680 . The vulnerability…
AI-powered workflow automation and AI Agents for AppSec, Fuzzing & Offensive Security
https://github.com/FuzzingLabs/fuzzforge_ai
https://github.com/FuzzingLabs/fuzzforge_ai
A .NET assembly tracer using Harmony for runtime method interception.
https://github.com/eversinc33/NetRunner
https://github.com/eversinc33/NetRunner
GitHub
GitHub - eversinc33/NetRunner: A .NET assembly tracer using Harmony for runtime method interception.
A .NET assembly tracer using Harmony for runtime method interception. - eversinc33/NetRunner
IDA. Generating signatures for Nim and other non-C programming languages
https://hex-rays.com/blog/plugin-focus-generating-signatures-for-nim-and-other-non-c-programming-languages
https://hex-rays.com/blog/plugin-focus-generating-signatures-for-nim-and-other-non-c-programming-languages
Hex-Rays
Plugin focus: Generating signatures for Nim and other non-C programming languages – Hex Rays
This is a guest entry written by Holger Unterbrink from Cisco Talos. His views and opinions are his own and not those of Hex-Rays. Any technical or mainten
Order of Six Angles
https://research.checkpoint.com/2025/generative-ai-for-reverse-engineering/
GitHub
GitHub - AgentSmithers/x64DbgMCPServer: x64DbgMCPServer made from c# with Claude, Windsurf and Cursor support
x64DbgMCPServer made from c# with Claude, Windsurf and Cursor support - AgentSmithers/x64DbgMCPServer
Exploiting Windows Kernel Wild Copy With User Fault Handling (CVE-2023–28218)
https://theori.io/blog/exploiting-windows-kernel-wild-copy-with-user-fault-handling-cve-2023-28218
https://theori.io/blog/exploiting-windows-kernel-wild-copy-with-user-fault-handling-cve-2023-28218
theori.io
Exploiting Windows Kernel Wild Copy With User Fault Handling (CVE-2023–28218) - Theori BLOG
At Hexacon 2023, we presented our Windows kernel security research, uncovering CVE-2023-28218, a heap overflow in afd.sys. Read our exploit analysis and methodology. | Vulnerability Research
AI for AppSec and Offensive Security: From Automation to Autonomy
https://fuzzinglabs.com/wp-content/uploads/2025/11/BSides-Berlin-2025-Keynote-_-AI-for-AppSec-and-Offensive-Security_-From-Automation-to-Autonomy-Patrick-Ventuzelo_FuzzingLabs-1.pdf
https://fuzzinglabs.com/wp-content/uploads/2025/11/BSides-Berlin-2025-Keynote-_-AI-for-AppSec-and-Offensive-Security_-From-Automation-to-Autonomy-Patrick-Ventuzelo_FuzzingLabs-1.pdf
Assisting Go Analysis and Reversing (AGAR) correctly detects 5 to 20x more strings in Go programs compiled for Linux than standalone IDA 9.2.
https://github.com/junron/agar
https://github.com/junron/agar
GitHub
GitHub - junron/agar: Assisting Go Analysis and Reversing
Assisting Go Analysis and Reversing. Contribute to junron/agar development by creating an account on GitHub.
Writing a Bin2Bin Obfuscator from Scratch for Windows PE x64 and Fully Deobfuscating It
https://keowu.re/posts/Ry%C5%ABjin---Writing-a-Bin2Bin-Obfuscator-from-Scratch-for-Windows-PE-x64-and-Fully-Deobfuscating-It
https://keowu.re/posts/Ry%C5%ABjin---Writing-a-Bin2Bin-Obfuscator-from-Scratch-for-Windows-PE-x64-and-Fully-Deobfuscating-It
keowu.re
Keowu Blog's
Security Researcher | i like All OS Internals, Malware & Reverse Engineering, C++, Intel/ARM Assembly and cool things.
Time Travel Triage: An Introduction to Time Travel Debugging using a .NET Process Hollowing Case Study
https://cloud.google.com/blog/topics/threat-intelligence/time-travel-debugging-using-net-process-hollowing?linkId=17730646
https://cloud.google.com/blog/topics/threat-intelligence/time-travel-debugging-using-net-process-hollowing?linkId=17730646
Google Cloud Blog
Time Travel Triage: An Introduction to Time Travel Debugging using a .NET Process Hollowing Case Study | Google Cloud Blog
The basics of WinDbg and Time Travel Debugging necessary to start incorporating it into your analysis.
Threat Intelligence Report: APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and Domestic Iranian Targets
https://dti.domaintools.com/threat-intelligence-report-apt35-internal-leak-of-hacking-campaigns-against-lebanon-kuwait-turkey-saudi-arabia-korea-and-domestic-iranian-targets/
https://dti.domaintools.com/threat-intelligence-report-apt35-internal-leak-of-hacking-campaigns-against-lebanon-kuwait-turkey-saudi-arabia-korea-and-domestic-iranian-targets/
DomainTools Investigations | DTI
Threat Intelligence Report: APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and…
Unmasking APT35 (Charming Kitten). New report analyzes leaked internal documents, revealing their operational profile, Exchange attack chains (ProxyShell, EWS), and quota-driven compromise strategies.
Exploit Development: Investigating Kernel Mode Shadow Stacks on Windows
https://connormcgarr.github.io/km-shadow-stacks/
https://connormcgarr.github.io/km-shadow-stacks/
Connor McGarr’s Blog
Exploit Development: Investigating Kernel Mode Shadow Stacks on Windows
Using SourcePoint’s JTAG debugger to investigate the implementation of Intel CET Shadow Stacks in kernel-mode on Windows
This media is not supported in your browser
VIEW IN TELEGRAM
Как быстро почистить картошку