NoMoreStealers is a Windows file system minifilter driver that protects sensitive user data from untrusted processes. - EvilBytecode/NoMoreStealers

How I reverse engineered an ESP32-based smart home device to gain remote control access and integrate it with Home Assistant.

EDR bypasses techniques written in Rust for Windows 10 - Arasimnida/EDR-bypass-rs

At Hexacon 2023, we presented our Windows kernel security research, uncovering CVE-2023-28218, a heap overflow in afd.sys. Read our exploit analysis and methodology. | Vulnerability Research

In this beginner malware analysis stream, we reverse engineered a Babuk Ransomware variant with IDA Pro. We analyzed its command-line parsing, service termination, process termination, anti-recovery commands, file encryption, share encryption, and manually…

https://media.ccc.de/v/38c3-reverse-engineering-u-boot-for-fun-and-profit

A field guide to dumping and reverse engineering a bare-metal U-Boot binary, including all the good stuff like funky hardware setups, UART logs, a locked bootloader and unknown base…

Introduction

Reverse engineering firmware binaries often entails going through the datasheet, compiler headers to set up the base address and memory map correctly.

Reverse Engineering and Malware Analysis Roadmap. Contribute to x86byte/RE-MA-Roadmap development by creating an account on GitHub.

Introduction For a reverse engineer, the ability to directly call a function from the analyzed binary can be a shortcut that bypasses a lot of grief. While in some cases it is just possible to understand the function logic and reimplement it in a higher-level…

Learn about UEFI reverse engineering and exploit development so that you too can build the skills necessary to find and exploit UEFI bugs, understand common UEFI vulnerabilities, and better secure the firmware security supply chain.

We'll start with static analysis of an Android Spyware sample to find the C2 server, looking at the code, determining the capabilities, and then finishing up with dynamic analysis on an emulator.

Follow LaurieWired on the following platforms:

https…

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc. - bytecode77/r77-rootkit

Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR hooks in Windows.