Last week, I worked on integrating oxidizer
(A Rust decompiler built on top of angr):
https://t.co/fF8PJfC3uY into IDA Pro
Here is the plugin: https://t.co/CftaKzZQh5.
Plz Check it out and provide any feedback.
For years, Rust binaries made reversing a nightmare. Modern decompilers only support C, lacking meaningful types, constructs, and language-specific functions. Led by @34r7hm4n, we're releasing our S&P work Oxidizer, the first deep Rust decompiler, built on angr!
Interested? 🧵👇
We uncovered a new Brazilian banking trojan campaign: TCLBANKER.
What makes TCLBANKER notable isn’t just the malware itself, but how it spreads.
The campaign uses compromised WhatsApp and Outlook accounts to propagate through trusted user relationships, deploys targeted banking overlays, and incorporates anti-analysis techniques designed to evade detection.
For defenders, it’s another example of malware increasingly blending into legitimate user behavior and everyday communication channels, making detection harder and trust easier to exploit.
Our latest research breaks down the infection chain, propagation methods, evasion tactics, and detection opportunities observed across the campaign.
Read the full analysis: https://t.co/9z47oaEWdD
GitHub - zeroc00I/LLM-anonymization: Reverse proxy for Claude Code that anonymizes sensitive pentest data (IPs, hashes, credentials, hostnames, PII) before it reaches Anthropic. Dual-layer detection: local Ollama LLM + regex safety net, with per-engageme https://t.co/mSZFqyZryy
Persistence Techniques That Persist
An overview of evolving persistence methods in malware and red team operations.
A post by Ari Novick.
Source: https://t.co/4ZjFy6u4Wi
#redteam#blueteam#maldev#malwaredevelopment
This is CaminhoLoader!
It allows you to execute arbitrary code via PNG Steganography. It abuses CMSTP.exe to perform a UAC bypass using a crafted INF file and auto-confirming C# script that ultimately disables UAC prompts.
Performs several VM checks based on PnP devices, hard disk info, BIOS info, process/services info.
It uses RunPE/Process Hollowing of process appidtel.exe to load Remcos RAT in memory.
CaminhoLoader VT: https://t.co/CmDxmbZrG0
AnyRun: https://t.co/dzvzYkK7oF
Speaking about AI in reversing, I'm developing (vibe coded) an IDA plugin that can rename all functions/variables in bulk, analyze each of those functions, & produce summary of all analyses of the call-tree. The plugin not replacing us, but assisting reversers in their work.
My colleague Artur @MacmodSec (co-author of Malwoverview for the last two years) has two interesting projects for those who are part of red teams and blue teams.
01. godap: A complete TUI for LDAP: https://t.co/OH1WlNLsSg
02. FlashIngestor: FlashIngestor is a TUI for Active Directory collection compatible with BloodHound Community Edition: https://t.co/mRTbbciznA
#redteam #blueteam #cybersecurity #windows #ldap #windowsecurity #ad #activedirectory