To truly understand how important privacy solutions such as Monero (XMR) are, you first need to learn how transactions involving pseudonymous cryptocurrencies (BTC, ETH, SOL, etc.) can be traced.
Crypto Asset Tracing Handbook:
"[...] seeks to provide clear and practical guidance to help a broader audience understand the basic framework of on-chain tracing, learn how to use key tools, and strengthen their ability to assess and respond to on-chain risks."
https://github.com/slowmist/Crypto-Asset-Tracing-Handbook/blob/main/README_EN.md
Crypto Asset Tracing Handbook:
"[...] seeks to provide clear and practical guidance to help a broader audience understand the basic framework of on-chain tracing, learn how to use key tools, and strengthen their ability to assess and respond to on-chain risks."
https://github.com/slowmist/Crypto-Asset-Tracing-Handbook/blob/main/README_EN.md
GitHub
Crypto-Asset-Tracing-Handbook/README_EN.md at main · slowmist/Crypto-Asset-Tracing-Handbook
加密资产追踪手册 Crypto Asset Tracing Handbook. Contribute to slowmist/Crypto-Asset-Tracing-Handbook development by creating an account on GitHub.
#Lazarus Group’s Famous Chollima uses GitHub spam, fake recruiters, and AI interview tools to slip into finance, crypto, and healthcare companies as “IT workers”.
👨💻 Get a rare inside view of how these operatives work, communicate, and attempt to maintain access.
https://any.run/cybersecurity-blog/lazarus-group-it-workers-investigation/
👨💻 Get a rare inside view of how these operatives work, communicate, and attempt to maintain access.
https://any.run/cybersecurity-blog/lazarus-group-it-workers-investigation/
ANY.RUN's Cybersecurity Blog
How We Caught Lazarus's IT Workers Scheme Live on Camera
See how Lazarus Group's IT workers scheme was exposed on a live camera using real-time monitoring inside ANY.RUN’s sandbox.
reversing-for-everyone.pdf
23.9 MB
Comprehensive Guide: Reverse Engineering Tutorials for Beginners
👍1🔥1
Extracts Windows SAM and SYSTEM files using Volume Shadow Copy Service (VSS) with multiple exfiltration options and XOR obfuscation:
Lists Volume Shadow Copies using VSS and creates one if necessary
Extracts SAM and SYSTEM files from the Shadow Copy
Uses NT API calls for file operations (NtCreateFile, NtReadFile, NtWriteFile)
Supports XOR encoding for obfuscation
Exfiltration methods: Local save or Network transfer
https://github.com/ricardojoserf/SAMDump
Lists Volume Shadow Copies using VSS and creates one if necessary
Extracts SAM and SYSTEM files from the Shadow Copy
Uses NT API calls for file operations (NtCreateFile, NtReadFile, NtWriteFile)
Supports XOR encoding for obfuscation
Exfiltration methods: Local save or Network transfer
https://github.com/ricardojoserf/SAMDump
GitHub
GitHub - ricardojoserf/SAMDump: Extract SAM and SYSTEM using Volume Shadow Copy (VSS) API. With multiple exfiltration options and…
Extract SAM and SYSTEM using Volume Shadow Copy (VSS) API. With multiple exfiltration options and XOR obfuscation - ricardojoserf/SAMDump
DeepSeek released a desktop automation agent that runs locally.
It can use any desktop app, opens files, browses websites, and automates tasks without cloud connections.
100% Open-Source.
https://github.com/bytedance/UI-TARS-desktop
It can use any desktop app, opens files, browses websites, and automates tasks without cloud connections.
100% Open-Source.
https://github.com/bytedance/UI-TARS-desktop
GitHub
GitHub - bytedance/UI-TARS-desktop: The Open-Source Multimodal AI Agent Stack: Connecting Cutting-Edge AI Models and Agent Infra
The Open-Source Multimodal AI Agent Stack: Connecting Cutting-Edge AI Models and Agent Infra - bytedance/UI-TARS-desktop
The current 25H2 build of Windows 11 and future builds will include increasingly more AI features and components. This noscript aims to remove ALL of these features to improve user experience, privacy and security.
https://github.com/zoicware/RemoveWindowsAI
https://github.com/zoicware/RemoveWindowsAI
GitHub
GitHub - zoicware/RemoveWindowsAI: Force Remove Copilot, Recall and More in Windows 11
Force Remove Copilot, Recall and More in Windows 11 - zoicware/RemoveWindowsAI
Today we are disclosing the details of CVE-2025-64155, an unauth argument injection leading to root remote code execution affecting the Fortinet FortiSIEM.
Find the technical details, indicators of compromise, and proof-of-concept exploit in the blog.
https://horizon3.ai/attack-research/disclosures/cve-2025-64155-three-years-of-remotely-rooting-the-fortinet-fortisiem/
Find the technical details, indicators of compromise, and proof-of-concept exploit in the blog.
https://horizon3.ai/attack-research/disclosures/cve-2025-64155-three-years-of-remotely-rooting-the-fortinet-fortisiem/
Horizon3.ai
CVE-2025-64155: 3 Years of Remotely Rooting the FortiSIEM
Horizon3.ai details CVE-2025-64155, revealing chained FortiSIEM vulnerabilities enabling remote code execution and root access, analysis of the root cause, and indicators of compromise.
This blog post provides an in-depth analysis of #Turla's #Kazuar v3 loader and how it tries to slip past modern defenses:
• Sideloading via MFC satellite DLLs
• Control flow redirection trick (+ POC)
• Patchless ETW and AMSI bypasses (+ POC)
• Extensive COM usage for registry, file and folder operations (+ partial POC)
• Strings encryption (+ IDAPython decryption noscript)
• Including IOCs and Yara rules
https://r136a1.dev/2026/01/14/command-and-evade-turlas-kazuar-v3-loader/
• Sideloading via MFC satellite DLLs
• Control flow redirection trick (+ POC)
• Patchless ETW and AMSI bypasses (+ POC)
• Extensive COM usage for registry, file and folder operations (+ partial POC)
• Strings encryption (+ IDAPython decryption noscript)
• Including IOCs and Yara rules
https://r136a1.dev/2026/01/14/command-and-evade-turlas-kazuar-v3-loader/
R136a1
🇷🇺 COMmand & Evade: Turla's Kazuar v3 Loader
This blog post analyzes the latest version of Turla’s Kazuar v3 loader, which was previously examined at the beginning of 2024. The upgraded loader heavily utilizes the Component Object Model (COM)...
DumpBrowserSecrets has been updated to v1.1 featuring compile-time string obfuscation, API hashing, command-line argument and PPID spoofing via NtCreateUserProcess and more.
https://github.com/Maldev-Academy/DumpBrowserSecrets
https://github.com/Maldev-Academy/DumpBrowserSecrets
GitHub
GitHub - Maldev-Academy/DumpBrowserSecrets: Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit…
Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chromium-based and Gecko-based browsers ...
Bypassing Windows Administrator Protection
https://projectzero.google/2026/26/windows-administrator-protection.html
https://projectzero.google/2026/26/windows-administrator-protection.html
projectzero.google
Bypassing Windows Administrator Protection - Project Zero
A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. The goal of this feature is to replace User Account Cont...
Create local administrators with the SAMR API ✅Implemented in C#, Python, Rust or Crystal
https://github.com/ricardojoserf/AddUser-SAMR
https://github.com/ricardojoserf/AddUser-SAMR
GitHub
GitHub - ricardojoserf/AddUser-SAMR: Create local administrators with the SAMR API. Implemented in C#, Python, Rust or Crystal
Create local administrators with the SAMR API. Implemented in C#, Python, Rust or Crystal - ricardojoserf/AddUser-SAMR