Discover how to reverse engineer Windows 11 kernel internals, identify undocumented features, and enable hidden telemetry for enhanced EDR visibility.

Retr0's Threat Research

It’s high time we get another blog post going, and what better time than now to talk about PE loaders! Specifically, an In-Memory PE Loader. 😸 In short, we’re going to implement a PE (Portable Executable) loader that downloads a PE file (in this case, putty.exe)…

A list of public attacks on BitLocker. Contribute to Wack0/bitlocker-attacks development by creating an account on GitHub.

Analyzing a malicious USB by extracting its files, finding autorun artifacts and embedded PDF payloads.

A newly discovered DLL hijacking vulnerability in Notepad++, the popular source code editor, could allow attackers to execute arbitrary code on a victim's machine.

Abusing the Clipup.exe program by using the CreateProcessAsPPL.exe tool to destroy the executable file of the EDRs, Antivirus.

This blog explains how attackers use direct syscalls to overcome most EDR solutions, by first discussing the conventional Windows syscall flow and how most EDR solutions monitor those calls.

As threat actors are adopting Rust for malware development, RIFT, an open-source tool, helps reverse engineers analyze Rust malware, solving challenges in the security industry.

GUI for apktool, signapk, zipalign and baksmali utilities. - AndnixSH/APKToolGUI

APT28 Operation Phantom Net Voxel: weaponized Office lures, COM-hijack DLL, PNG stego to Covenant Grunt via Koofr, BeardShell on icedrive.

This research shows how we can trick disassemblers and debuggers into identifying the wrong import names by messing up metadata used in the lazy binding process

WhatsApp 0-click remote code execution (RCE) vulnerability affecting Apple's iOS, macOS, and iPadOS platforms, detailed with a proof of concept demonstration.

Dark Vortex provides various cybersecurity trainings, products and other services.