Olivia
Online
Holger Unterbrink
@hunterbr72
Researcher at Talos. No infosec drama, no opinions, no politics, Tech and Tools only. Author of Dyn. Data Resolver (Winner of Hex-Rays Plugin Contest 2020).
Germany
Joined May 2015
825 Following
676 Followers
278 Posts
This is the type of malware game hackers build to bypass kernel anti-cheat. The same techniques can be used by malware authors to evade EDRs.
A UEFI bootkit that injects into Microsoft's own Hyper-V at ring -1 before the OS even loads (easier than building a custom hypervisor from scratch).
Four phase bootloader. Hypervisor VM-exit interception. EPT page shadowing. MSR virtualization. EFI memory map ghosting. TPM measurement spoofing.
Reads like malware. Because it is. Videos and full technical breakdown in the link.
Author: https://t.co/iHtxyJSbwy
#ReverseEngineering #Malware #AntiCheat
Static Devirtualization of Themida/CodeVirtualizer. The techniques in this article apply to pretty much every virtual machine obfuscator with minor modifications.
https://t.co/RMvPKcv3KB
Original Program & Devirtualized Output
https://t.co/R8hLk9ISRZ
With the help of Claude Mythos Preview, the Firefox team fixed more security bugs in April than in the past 15 months combined.
I am very happy that @reconmtl accepted my talk about real world EDR killer. Looking forward to see you guys in Montréal 😁
https://t.co/7NFTSKVEPQ
Who to follow
We have started announcing Recon 2026 Presentations https://t.co/HwPY5z16lV
More talks to be announced soon once we have confirmations @frodosobon @realytcracker @allthingsida @hexnomad @0x464D @hunterbr72 @joegrand @clearbluejar @InvokeReversing @LennertWo @pinkflawd @Coiffeur0x90 @MathildeVenault @NicoleFishi19 @nicolodev @phLaul @SinSinology @i0n1c @mr_phrazer @tmanning @hex86_64
#REcon2026 #ReverseEngineering #InfoSec #cybersecurity
New Post: Debugging - WinDBG(X) Automation & Scripting - Part 1 https://t.co/4E19TTdDQJ
https://t.co/FBCPqrUEfE
1/♟️Just published new research on LucidRook, a Lua-based malware framework observed in spearphishing campaigns targeting Taiwan. LucidRook uses Rust libraries and an embedded Lua interpreter to execute payloads downloaded from FTP servers.
https://t.co/yD6Gm2eM3d @TalosSecurity
I added a simple hex viewer for IDA in the PseudoNote plugin. It supports highlighting byte ranges, copying selected bytes as hex, Shift + Click to extend selection, cursor sync with the current instruction, and jumping to addresses.
https://t.co/SnfDO6DvtI
I would say blindfolded and killed ;)
If you are interested in how EDRs are bypassed in real world malware:
https://t.co/qEskJ4OPb3
🔥 Ready to chat about IDA productivity tools?! @allthingsida joins the stream Thursday April 9th to do just that:
- QScripts
- idacpp
- eject_idb
- idasql
- windbg_agent
Join us on YouTube -> https://t.co/suudQSvtyQ
In the next version of idacpp, you can ".connect <host:port>" to a foreign process and directly issue remote c++ commands (or run full c++ files) in the context of the debugged program (Appcall on steroids).
Ok, now you can use C++ scripts in IDA (in the snippet window, the cli box and as script files). You need to build from source.
https://t.co/vcTntMUO19
Agentic reverse engineering can do a lot, but obfuscation still breaks many analysis workflows in malware and commercial software.
If you want to learn how to build and steer automation for analyzing protected code, check out my training at @reconmtl:
https://t.co/IJzaZPH2oe
New blog post: Building a Pipeline for Agentic Malware Analysis
Agentic RE + malware analysis with custom skills, MCP tooling, and persistent case state to automate intial triage
Link: https://t.co/Itj9S3rA9q
Github: https://t.co/kfvjN7ot4d
Happy to bring my Software Deobfuscation Techniques training back to @reconmtl - June 15–18, 2026 in Montreal!
Learn systematic approaches to defeating modern obfuscation found in DRM/anti-tamper & APT malware.
https://t.co/IJzaZPGuyG
Recently my RE workflow moved into sandboxed VMs where agents have full control over the environment. I needed an MCP server that runs headless in the same sandbox and exposes way more of the #BinaryNinja API than others.
Here's the release: https://t.co/HU2Vf8Uj6T
Guess some infosec people will reimage their PC today
https://t.co/vAAfP11Nnk
Last Seen Users on Sotwe
telegram kanalı
Seen from Turkey
Jilbabsekitar
Seen from United States
รับนัด เย้....สาวใหญ่แม่หม้ายสาวอวบอ้วน
Seen from Thailand
البلدي المربرب لعيون
Seen from Netherlands
たのんて🔞 
Seen from Japan
Investor's EYE
Seen from Japan
Luisfer
Seen from Canada
awek padu 🇲🇾
Seen from Malaysia
YaReN&oNuR
Seen from Turkey
Money
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers