Clop Ransomware Group Claims the Hack of Harvard University
https://securityaffairs.com/183282/cyber-crime/clop-ransomware-group-claims-the-hack-of-harvard-university.html
@reverseengine
https://securityaffairs.com/183282/cyber-crime/clop-ransomware-group-claims-the-hack-of-harvard-university.html
@reverseengine
Security Affairs
Clop Ransomware group claims the hack of Harvard University
The notorious Clop Ransomware group claims the hack of Harvard University and added the prestigious institute to its Tor data leak site.
❤1
Bypassing EDR using an In Memory PE Loader
https://g3tsyst3m.com/fileless%20techniques/Bypassing-EDR-using-an-In-Memory-PE-Loader/
@reverseengine
https://g3tsyst3m.com/fileless%20techniques/Bypassing-EDR-using-an-In-Memory-PE-Loader/
@reverseengine
G3tSyst3m's Infosec Blog
Bypassing EDR using an In-Memory PE Loader
It’s high time we get another blog post going, and what better time than now to talk about PE loaders! Specifically, an In-Memory PE Loader. 😸 In short, we’re going to implement a PE (Portable Executable) loader that downloads a PE file (in this case, putty.exe)…
❤1
Reverse Engineering WannaCry Ransomware => A Deep Dive
https://infosecwriteups.com/reverse-engineering-wannacry-ransomware-a-deep-dive-86ee4a8d7c7a?source=rss----7b722bfd1b8d---4
@reverseengine
https://infosecwriteups.com/reverse-engineering-wannacry-ransomware-a-deep-dive-86ee4a8d7c7a?source=rss----7b722bfd1b8d---4
@reverseengine
Medium
Reverse Engineering WannaCry Ransomware: A Deep Dive
The WannaCry ransomware attack of May 2017 was a watershed moment in cybersecurity, exposing vulnerabilities in the Windows operating…
❤1
Reverse Engineering the Android Malware
https://www.linkedin.com/pulse/reverse-engineering-new-android-malware-targeting-ukfie/
@reverseengine
https://www.linkedin.com/pulse/reverse-engineering-new-android-malware-targeting-ukfie/
@reverseengine
Linkedin
Reverse Engineering the New Android Malware Targeting CBE Users
Last week, some Android users received a notification from the Commercial Bank of Ethiopia stating that two active android malware apps are stealing money from CBE accounts. Pharma+ CBE Vacancy And as soon as our team saw the notification, we wanted to get…
❤1
Hypervisors for Memory Introspection and Reverse Engineering
https://secret.club/2025/06/02/hypervisors-for-memory-introspection-and-reverse-engineering.html
@reverseengine
https://secret.club/2025/06/02/hypervisors-for-memory-introspection-and-reverse-engineering.html
@reverseengine
secret club
Hypervisors for Memory Introspection and Reverse Engineering
Introduction
❤1
ClayRat A New Android Spyware Targeting Russia
https://zimperium.com/blog/clayrat-a-new-android-spyware-targeting-russia
@reverseengine
https://zimperium.com/blog/clayrat-a-new-android-spyware-targeting-russia
@reverseengine
Zimperium
ClayRat: A New Android Spyware Targeting Russia
true
❤1
GhostBat RAT Inside the Resurgence of RTO Themed Android Malware
https://cyble.com/blog/ghostbat-rat-inside-the-resurgence-of-rto-themed-android-malware/
@reverseengine
https://cyble.com/blog/ghostbat-rat-inside-the-resurgence-of-rto-themed-android-malware/
@reverseengine
❤1
جریان اصلی وقتی یک تابع صدا زده میشه:
The basic flow when a function is called:
@reverseengine
1️⃣ call func
آدرس بعد از call (return address) پوش میشه رو استک
2️⃣ داخل تابع:
RBP ذخیره میشه
فریم استک ساخته میشه
3️⃣ متغیرها آرگومان ها استفاده میشن
4️⃣ leave → فریم قدیمی برگردونده میشه
5️⃣ ret → caller برگشت به
The basic flow when a function is called:
1️⃣ call func
The address after the call (return address) is pushed onto the stack
2️⃣ Inside the function:
RBP is saved
A stack frame is created
3️⃣ Variables and arguments are used
4️⃣ leave → Old frame is returned
5️⃣ ret → caller returns to
@reverseengine
❤1
Safeguarding Code Against Reverse Engineering
https://www.youtube.com/watch?v=Ie1eZSiMEJ8
https://github.com/emproof-com/webinars/tree/main/2025-01-software_protection
@reverseengine
https://www.youtube.com/watch?v=Ie1eZSiMEJ8
https://github.com/emproof-com/webinars/tree/main/2025-01-software_protection
@reverseengine
YouTube
Webinar: Software Protection -- Safeguarding Code Against Reverse Engineering
Speakers: Tim Blazytko (Emproof)
Code and samples: https://github.com/emproof-com/webinars/tree/main/2025-01-software_protection
Slides: https://github.com/emproof-com/webinars/blob/main/2025-01-software_protection/slides.pdf
Abstract:
In our webinar…
Code and samples: https://github.com/emproof-com/webinars/tree/main/2025-01-software_protection
Slides: https://github.com/emproof-com/webinars/blob/main/2025-01-software_protection/slides.pdf
Abstract:
In our webinar…
❤1
DiffRays
ابزاری پژوهش محور برای تغییر پچ های باینریه که برای کمک به تحقیقات در زمینه توسعه اکسپلویت های آسیبپذیری و مهندسی معکوس طراحی شده
DiffRays is a research-oriented tool for binary patch diffing designed to aid in vulnerability research exploit development and reverse engineering
https://github.com/pwnfuzz/diffrays
@reverseengine
ابزاری پژوهش محور برای تغییر پچ های باینریه که برای کمک به تحقیقات در زمینه توسعه اکسپلویت های آسیبپذیری و مهندسی معکوس طراحی شده
DiffRays is a research-oriented tool for binary patch diffing designed to aid in vulnerability research exploit development and reverse engineering
https://github.com/pwnfuzz/diffrays
@reverseengine
GitHub
GitHub - pwnfuzz/diffrays: DiffRays is a research-oriented tool for binary patch diffing, designed to aid in vulnerability research…
DiffRays is a research-oriented tool for binary patch diffing, designed to aid in vulnerability research, exploit development, and reverse engineering. - pwnfuzz/diffrays
❤2
Aiding Reverse Engineering with Rust and a local LLM
https://security.humanativaspa.it/aiding-reverse-engineering-with-rust-and-a-local-llm/
@reverseengine
https://security.humanativaspa.it/aiding-reverse-engineering-with-rust-and-a-local-llm/
@reverseengine
HN Security
Aiding reverse engineering with Rust and a local LLM - HN Security
Offensive Rust series article that introduces a new AI tool (oneiromancer) to aid with reverse engineering.
❤1
Forwarded from Fuzzing ZONE (0xB01)
Talking with Ransomware Devman
https://analyst1.com/devmans-raas-launch-the-affiliate-who-aims-to-become-the-boss/
@FUZZ0x
https://analyst1.com/devmans-raas-launch-the-affiliate-who-aims-to-become-the-boss/
@FUZZ0x
Analyst1
Devman's RaaS Launch: The Affiliate Who Aims to Become the Boss
Jon DiMaggio interviews the new affiliate who aims to be the boss: Devman. Dive into the exploration of this new syndicate now.
❤2
Reverse Engineering Focusing on x64 Windows
https://github.com/FaxHack/Reverse-Engineering-Course
@reverseengine
https://github.com/FaxHack/Reverse-Engineering-Course
@reverseengine
GitHub
GitHub - FaxHack/Reverse-Engineering-Course: Reverse engineering focusing on x64 Windows.
Reverse engineering focusing on x64 Windows. Contribute to FaxHack/Reverse-Engineering-Course development by creating an account on GitHub.
❤2
❤2
❤1