Spent the last 2 weeks working on a devirtualizer for VMProtect 3.5 and learning Remill. Idk yet if I will blog about it, but I at least wanted to publish the code:
https://t.co/GLqKWpOOU7
The approach is different from my last blog, as it lifts the whole x86 code of the VM
#BytecodeEmulator
Just open-sourced a Dalvik bytecode emulator 🎉
It's useful for string decryption and static analysis of Android apps/malware. No need to run a full Android environment - just point it at an APK and a method to emulate.
GitHub: https://t.co/hs4Tq1mvPL
Accessible v6.0 is out now!
Download: https://t.co/l9xY2Tl1Qg
This is a full rewrite, optimized for performance, with support for iOS 18.4 and later! MobileGestalt exportation has also been added, useful for tools like Nugget. Read the full changelog to see all the new features!
👑 Hypervisors for Game Hacking: Ring -1 Access
🧠 Learn how hypervisors run below the kernel, giving you unrivaled access to debug and bypass advanced kernel security.
👉 https://t.co/yK5RfToPZo
💡Understand how ROP can be used to bypass security defenses and execute code on ARM64 devices in Part 3 of our ARM64 Reversing and Exploitation Series: https://t.co/A798O5TgIr
📥Want to strengthen your ARM64 exploitation skills? Check out our free ARM64 challenges: https://t.co/ViqBMwNvgY
#Reversing #ReturnOrientedProgramming #CyberSecurity
My new article, “Ryūjin – Writing a Bin2Bin Obfuscator from Scratch for Windows PE x64 and Fully Deobfuscating It,” covers in detail the creation of a own Bin2Bin obfuscator tool, named “Ryūjin". Check it out:
https://t.co/iR7HXSPObf
👑 Kernel Security: Object Callback Analysis
🧠 Learn how the Windows kernel uses Object Callbacks to monitor handle creation. We analyze the technique used to intercept and modify these callbacks to gain access to protected processes.
👉 https://t.co/Kc6IZavy8B
Vulnerability discovery in the Rust-based Windows Graphics Device Interface (GDI) kernel component
https://t.co/IE07yqV4yO
Credits @CheckPointSW#infosec
Reversing Microsoft Defender's signatures for evasion.
Deep dive into VDM guts - a gzip-compressed files with no encryption to evade entire signatures with just 1 byte change.
A research by RETooling crew (@DrCh40s && @t0nvi). Nicely done, chaps!
Post: https://t.co/RibfSrsMZR
#redteam #blueteam #maldev #evasion #reverseengineering #antivirus #malwaredevelopment
Just published a blog post exploring junk code engines used in polymorphic malware. Part one covers ETG by Z0MBiE (32-bit). Part two introduces TrashFormer, my 64-bit implementation. Both fully written in assembly.
https://t.co/nkWl2WbqQR
Good morning! Just published a deep dive into PatchGuard internals: how it works, key internal functions, context init, and possible bypasses. https://t.co/1Be0hI4vtw
And here are the latest #VulnerabilityResearch and #ReverseEngineering tools that I wrote in #Rust
https://t.co/MbMFvjGTEl
https://t.co/c4hLimGT6W
https://t.co/wPsWzyTCHv
https://t.co/GIoWML4jW8
Make sure to check the accompanying @hnsec blog posts for additional details 🪲🎯