Collection of ATM Attacks
https://github.com/PT-CyberAnalytics/collection-of-ATM-attacks
@reverseengine
https://github.com/PT-CyberAnalytics/collection-of-ATM-attacks
@reverseengine
GitHub
GitHub - PT-CyberAnalytics/collection-of-ATM-attacks: A curated list of common ATM (automated teller machines) vulnerabilities…
A curated list of common ATM (automated teller machines) vulnerabilities complete with mitigation recommendations and step-by-step checks for security assesment. - PT-CyberAnalytics/collection-of-A...
❤2
ReverseEngineering
🔹 Red Zone در سیستم های x86-64 بر اساس ABI لینوکس پایین RSP اشارهگر استک یک محدودهی 160 بایتی وجود داره که به اون Red Zone میگن 🔸 این فضا مخصوص برای چیه؟ کامپایلر اجازه داره بدون تغییر RSP از این 160 بایت برای ذخیره موقت متغیر ها استفاده کنه 🔸 چرا…
ساختار دقیق Red Zone
از RSP رو به پایین: 160 بایت آزاد
تابع اجازه داره از اون استفاده کنه
تا زمانی که سیگنال / interrupt نیاد این فضا دست نخورده میمونه
@reverseengine
از RSP رو به پایین: 160 بایت آزاد
تابع اجازه داره از اون استفاده کنه
تا زمانی که سیگنال / interrupt نیاد این فضا دست نخورده میمونه
@reverseengine
❤2
ReverseEngineering
ساختار دقیق Red Zone از RSP رو به پایین: 160 بایت آزاد تابع اجازه داره از اون استفاده کنه تا زمانی که سیگنال / interrupt نیاد این فضا دست نخورده میمونه @reverseengine
Detailed structure of Red Zone
From RSP down: 160 bytes free
Function is allowed to use it
This space remains untouched until signal/interrupt arrives
@reverseengine
From RSP down: 160 bytes free
Function is allowed to use it
This space remains untouched until signal/interrupt arrives
@reverseengine
❤2
IDA Pro Plugins For Malware Reverse Engineering
https://www.youtube.com/watch?v=pfBA6y4VLwM
@reverseengine
https://www.youtube.com/watch?v=pfBA6y4VLwM
@reverseengine
YouTube
IDA Pro Plugins For Malware Reverse Engineering
Here are our 5 most used IDA plugins for reverse engineering malware. Expand for more...
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs…
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
https://github.com/OALabs…
❤2
zer0ptsCTF 2023 Reverse Engineering Writeups
https://fazect.github.io/zer0ptsctf2023-rev
@reverseengine
https://fazect.github.io/zer0ptsctf2023-rev
@reverseengine
❤2
amateursCTF 2023 Reverse Engineering Writeups
https://fazect.github.io/amateursctf2023-rev
@reverseengine
https://fazect.github.io/amateursctf2023-rev
@reverseengine
❤2
لطفا تا جایی که میتونید پست ها رو فوروارد کنید تا کانال دیده بشه اینجوری به منم کمک بزرگی میکنید و محتواها رفته رفته بهتر و خفن تر میشه ممنون 🩶
Please forward as many posts as you can so that the channel can be seen. This way, you will be a great help to me and the content will gradually become better and more interesting. Thank you 🖤
Please forward as many posts as you can so that the channel can be seen. This way, you will be a great help to me and the content will gradually become better and more interesting. Thank you 🖤
❤9👍1
❤2
Exploit Development: Building Your Own Fuzzer with Bash
https://hackers-arise.com/exploit-development-building-your-own-fuzzer-with-bash
@reverseengine
https://hackers-arise.com/exploit-development-building-your-own-fuzzer-with-bash
@reverseengine
❤2
Detect-it-easy: Program for determining types of files or Windows, Linux and MacOS
https://github.com/horsicq/Detect-It-Easy
@reverseengine
https://github.com/horsicq/Detect-It-Easy
@reverseengine
GitHub
GitHub - horsicq/Detect-It-Easy: Program for determining types of files for Windows, Linux and MacOS.
Program for determining types of files for Windows, Linux and MacOS. - horsicq/Detect-It-Easy
❤2
Reverse Engineering WebAssembly
https://medium.com/%40pnfsoftware/reverse-engineering-webassembly-ed184a099931
@reverseengine
https://medium.com/%40pnfsoftware/reverse-engineering-webassembly-ed184a099931
@reverseengine
Medium
Reverse Engineering WebAssembly
This is an abridged version of http://www.pnfsoftware.com/reversing-wasm.pdf. For additional details, including footnotes, as well as…
❤1
Time Trvel Triage: An Introduction to Time Travel Debugging using a .NET Process Hollowing
https://cloud.google.com/blog/topics/threat-intelligence/time-travel-debugging-using-net-process-hollowing?linkId=17730646
@reverseengine
https://cloud.google.com/blog/topics/threat-intelligence/time-travel-debugging-using-net-process-hollowing?linkId=17730646
@reverseengine
Google Cloud Blog
Time Travel Triage: An Introduction to Time Travel Debugging using a .NET Process Hollowing Case Study | Google Cloud Blog
The basics of WinDbg and Time Travel Debugging necessary to start incorporating it into your analysis.
❤1
UPX Unpacking: Manual Reverse Engineering
https://guidedhacking.com/threads/how-to-unpack-upx-using-x64dbg.20985
@reverseengine
https://guidedhacking.com/threads/how-to-unpack-upx-using-x64dbg.20985
@reverseengine
❤1
Fully Undetectable Windows Shellcode Loader Now Available in IRIS C2
https://www.irisc2.com/blog/javelin-fud-loader
@reverseengine
https://www.irisc2.com/blog/javelin-fud-loader
@reverseengine
Irisc2
JAVELIN: Fully Undetectable Windows Shellcode Loader Now Available in IRIS C2
JAVELIN enables users to deliver MANTIS stage zero shellcode into memory on target devices without triggering AV, EDR, or XDR solutions.
❤1
Using EDR-Redir to Break EDR Via Bind Link and Cloud Filter
https://www.zerosalarium.com/2025/10/DR-Redir-Break-EDR-Via-BindLink-Cloud-Filter.html?m=1
@reverseengine
https://www.zerosalarium.com/2025/10/DR-Redir-Break-EDR-Via-BindLink-Cloud-Filter.html?m=1
@reverseengine
Zerosalarium
Using EDR-Redir To Break EDR Via Bind Link and Cloud Filter
EDR-Redir uses BindLink Filter and Windows Cloud Filter to inject, corrupt, and disable EDRs.
❤1
Process Hollowing on Windows 11 24H2
https://hshrzd.wordpress.com/2025/01/27/process-hollowing-on-windows-11-24h2
@reverseengine
https://hshrzd.wordpress.com/2025/01/27/process-hollowing-on-windows-11-24h2
@reverseengine
hasherezade's 1001 nights
Process Hollowing on Windows 11 24H2
Process Hollowing (a.k.a. RunPE) is probably the oldest, and the most popular process impersonation technique (it allows to run a malicious executable under the cover of a benign process). It is us…
❤1