Malware analysis of Sepsis ransomware:

https://www.reddit.com/r/MalwareAnalysis/comments/bgf71t/malware_analysis_of_sepsis_ransomware/

Analysis of malware attacked bank X customers:

https://www.reddit.com/r/MalwareAnalysis/comments/bgqz7m/analysis_of_malware_attacked_bank_x_customers/

Unpacking UPX manually:

https://www.reddit.com/user/Thatskriptkid/comments/c3csyd/unpacking_upx_manually/

Analysis of simple obfuscated office malware:

https://www.reddit.com/r/MalwareAnalysis/comments/bxvw1j/analysis_of_simple_obfuscated_office_malware/

@reverseengine

Introducing Lumen Server Protocol

https://abda.nl/posts/introducing-lumen/

A private Lumina server for IDA Pro

https://github.com/naim94a/lumen

Investigating IDA Lumina Feature

https://www.synacktiv.com/en/publications/investigating-ida-lumina-feature.html

Local server for IDA Lumina feature

https://github.com/synacktiv/lumina_server

@reverseengine

🎯 Week 79 — CVE‑2025‑32433 — Erlang/OTP SSH — Pre‑Auth RCE

🔹 CVE: CVE‑2025‑32433
🔹 Type: Remote Code Execution (pre‑authentication flaw in Erlang/OTP SSH server)
🔹 Impact: Full system compromise via crafted SSH messages — no credentials required
🔹 Fixed in: OTP‑27.3.3 / OTP‑26.2.5.11 / OTP‑25.3.2.20
🔹 Action: Patch immediately or disable SSH / restrict access by firewall

Exploit

#week_79

Injection DLLs into the explorer process using icons

https://github.com/d419h/IconJector

@reverseengine

🔒 تکنیک جدید Persist در ویندوز! 

📌 خلاصه مقاله: 
در این بخش به معرفی یک تکنیک پایداری (Persistence) در ویندوز می‌پردازیم که با استفاده از تزریق و جایگزینی DLL با دسترسی کاربر پیاده‌سازی شده است. در این روش، فایل DLL مخرب توسط فرآیند svchost.exe اجرا می‌شود و امکان اجرای مداوم و مخفیانه کد در سیستم هدف را فراهم می‌سازد.

#RedTeam #CyberSecurity
#Maldev #Persistence
#WindowsInternals

💬 Forum 
📣 DarkBit

Password: @DarkBitx

🔒 New Persist Technique in Windows!

📌 Article Summary:
In this section, we will introduce a persistence technique in Windows that is implemented using DLL injection and replacement with user access. In this method, the malicious DLL file is executed by the svchost.exe process, allowing continuous and secret code execution on the target system.

#RedTeam #CyberSecurity
#Maldev #Persistence
#WindowsInternals

💬 Forum 
📣 DarkBit

Exploit Development: Investigating Kernel Mode Shadow Stacks on Windows

https://connormcgarr.github.io/km-shadow-stacks

@reverseengine

Writing an operation system

https://www.youtube.com/playlist?list=PL980gcR1LE3LBuWuSv2CL28HsfnpC4Qf7

@reverseengine

Rowhammer Attacks on DDR5

https://thehackernews.com/2025/09/phoenix-rowhammer-attack-bypasses.html

https://youtu.be/1emxVQ6__qg

@reverseengine

PowerShell Obfuscator

https://github.com/TaurusOmar/psobf

@reverseengine

A Trace Explorer for Reverse Engineers

https://github.com/gaasedelen/tenet

@reverseengine

Ghidra Scripts/Plugins/Extension

https://github.com/AllsafeCyberSecurity/awesome-ghidra

@reverseengine

A Universal MCU Firmware Emulator for Dynamic Analysis without Any Hardware Dependence

https://github.com/MCUSec/uEmu

@reverseengine

VMProtect 2 - Detailed Analysis of the Virtual Machine Architecture

https://back.engineering/17/05/2021/

@reverseengine

Malware Research

https://0x0d4y.blog/amadey-targeted-analysis

@reverseengine