Exploiting Windows Kernel Wild Copy With User Fault Handling (CVE-2023–28218)
https://theori.io/blog/exploiting-windows-kernel-wild-copy-with-user-fault-handling-cve-2023-28218
https://theori.io/blog/exploiting-windows-kernel-wild-copy-with-user-fault-handling-cve-2023-28218
theori.io
Exploiting Windows Kernel Wild Copy With User Fault Handling (CVE-2023–28218) - Theori BLOG
At Hexacon 2023, we presented our Windows kernel security research, uncovering CVE-2023-28218, a heap overflow in afd.sys. Read our exploit analysis and methodology. | Vulnerability Research
AI for AppSec and Offensive Security: From Automation to Autonomy
https://fuzzinglabs.com/wp-content/uploads/2025/11/BSides-Berlin-2025-Keynote-_-AI-for-AppSec-and-Offensive-Security_-From-Automation-to-Autonomy-Patrick-Ventuzelo_FuzzingLabs-1.pdf
https://fuzzinglabs.com/wp-content/uploads/2025/11/BSides-Berlin-2025-Keynote-_-AI-for-AppSec-and-Offensive-Security_-From-Automation-to-Autonomy-Patrick-Ventuzelo_FuzzingLabs-1.pdf
Assisting Go Analysis and Reversing (AGAR) correctly detects 5 to 20x more strings in Go programs compiled for Linux than standalone IDA 9.2.
https://github.com/junron/agar
https://github.com/junron/agar
GitHub
GitHub - junron/agar: Assisting Go Analysis and Reversing
Assisting Go Analysis and Reversing. Contribute to junron/agar development by creating an account on GitHub.
Writing a Bin2Bin Obfuscator from Scratch for Windows PE x64 and Fully Deobfuscating It
https://keowu.re/posts/Ry%C5%ABjin---Writing-a-Bin2Bin-Obfuscator-from-Scratch-for-Windows-PE-x64-and-Fully-Deobfuscating-It
https://keowu.re/posts/Ry%C5%ABjin---Writing-a-Bin2Bin-Obfuscator-from-Scratch-for-Windows-PE-x64-and-Fully-Deobfuscating-It
keowu.re
Keowu Blog's
Security Researcher | i like All OS Internals, Malware & Reverse Engineering, C++, Intel/ARM Assembly and cool things.
Time Travel Triage: An Introduction to Time Travel Debugging using a .NET Process Hollowing Case Study
https://cloud.google.com/blog/topics/threat-intelligence/time-travel-debugging-using-net-process-hollowing?linkId=17730646
https://cloud.google.com/blog/topics/threat-intelligence/time-travel-debugging-using-net-process-hollowing?linkId=17730646
Google Cloud Blog
Time Travel Triage: An Introduction to Time Travel Debugging using a .NET Process Hollowing Case Study | Google Cloud Blog
The basics of WinDbg and Time Travel Debugging necessary to start incorporating it into your analysis.
Threat Intelligence Report: APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and Domestic Iranian Targets
https://dti.domaintools.com/threat-intelligence-report-apt35-internal-leak-of-hacking-campaigns-against-lebanon-kuwait-turkey-saudi-arabia-korea-and-domestic-iranian-targets/
https://dti.domaintools.com/threat-intelligence-report-apt35-internal-leak-of-hacking-campaigns-against-lebanon-kuwait-turkey-saudi-arabia-korea-and-domestic-iranian-targets/
DomainTools Investigations | DTI
Threat Intelligence Report: APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and…
Unmasking APT35 (Charming Kitten). New report analyzes leaked internal documents, revealing their operational profile, Exchange attack chains (ProxyShell, EWS), and quota-driven compromise strategies.
Exploit Development: Investigating Kernel Mode Shadow Stacks on Windows
https://connormcgarr.github.io/km-shadow-stacks/
https://connormcgarr.github.io/km-shadow-stacks/
Connor McGarr’s Blog
Exploit Development: Investigating Kernel Mode Shadow Stacks on Windows
Using SourcePoint’s JTAG debugger to investigate the implementation of Intel CET Shadow Stacks in kernel-mode on Windows
This media is not supported in your browser
VIEW IN TELEGRAM
Как быстро почистить картошку
ReCopilot: A Reverse Engineering Copilot for Boosting Binary Analysis with Decompiler
https://github.com/XingTuLab/recopilot
https://github.com/XingTuLab/recopilot
GitHub
GitHub - XingTuLab/recopilot: ReCopilot: Reverse Engineering Copilot in Binary Analysis
ReCopilot: Reverse Engineering Copilot in Binary Analysis - XingTuLab/recopilot
Patch Wednesday: Root Cause Analysis with LLMs
https://www.akamai.com/blog/security-research/patch-wednesday-root-cause-analysis-with-llms
https://www.akamai.com/blog/security-research/patch-wednesday-root-cause-analysis-with-llms
Akamai
Patch Wednesday: Root Cause Analysis with LLMs | Akamai
PatchDiff-AI is a new AI-driven multi-agent system that ingests Patch Tuesday metadata and generates a fully automated root-cause analysis report.
deep dive into an electronic detection and response system deployed by China’s security agencies
https://netaskari.substack.com/p/chinas-guardian-of-secrets
https://netaskari.substack.com/p/chinas-guardian-of-secrets
Substack
China's guardian of secrets: 保密管理系统
NetAskari got exclusive access to internal software used by Chinese security agencies to control data leakage from the internal government network.
Predator iOS Malware: Building a Surveillance Framework - Part 1
https://blog.reversesociety.co/blog/2025/predator-ios-malware-surveillance-framework-part-1
https://blog.reversesociety.co/blog/2025/predator-ios-malware-surveillance-framework-part-1
blog.reversesociety.co
Predator iOS Malware: Building a Surveillance Framework - Part 1 | Reverse Society
How does Predator spyware transform from running code into active surveillance? This technical deep-dive reverse-engineers the internal factory architecture that dynamically creates camera monitoring, VoIP interception, and keylogging modules through Unix…