Emulating IoT Firmware Made Easy: Start Hacking Without the Physical Device
https://boschko.ca/qemu-emulating-firmware
@reverseengine
https://boschko.ca/qemu-emulating-firmware
@reverseengine
Boschko Security Blog
Emulating IoT Firmware Made Easy: Start Hacking Without the Physical Device
A step-by-step how-to guide to using QEMU in Ubuntu 18.04 to emulate embedded devices.
❤1
Msdocviewer is a Simple Tool that Parses Microsoft's Win32 API
https://github.com/alexander-hanel/msdocsviewer
@reverseengine
https://github.com/alexander-hanel/msdocsviewer
@reverseengine
GitHub
GitHub - alexander-hanel/msdocsviewer: msdocsviewer is a simple tool that parses Microsoft's win32 API and driver documentation…
msdocsviewer is a simple tool that parses Microsoft's win32 API and driver documentation to be used within IDA. - alexander-hanel/msdocsviewer
❤1
Advanced Root Detection & Bypass Techniques
https://8ksec.io/advanced-root-detection-bypass-techniques
@reverseengine
https://8ksec.io/advanced-root-detection-bypass-techniques
@reverseengine
❤1
Analysis of Malware Attacked Bank X Customers
https://www.reddit.com/r/MalwareAnalysis/comments/bgqz7m/analysis_of_malware_attacked_bank_x_customers
@reverseengine
https://www.reddit.com/r/MalwareAnalysis/comments/bgqz7m/analysis_of_malware_attacked_bank_x_customers
@reverseengine
Reddit
From the MalwareAnalysis community on Reddit: Analysis of malware attacked bank X customers
Explore this post and more from the MalwareAnalysis community
❤1
Malware Development Trick 53: Steal Data
https://cocomelonc.github.io/malware/2025/10/22/malware-tricks-53.html
@reverseengine
https://cocomelonc.github.io/malware/2025/10/22/malware-tricks-53.html
@reverseengine
cocomelonc
Malware development trick 53: steal data via legit XBOX API. Simple C example.
﷽
❤1
تحلیل یکی از حملات گروه Lynx Ransomware
Analysis of a Lynx Ransomware attack
https://thedfirreport.com/2025/11/17/cats-got-your-files-lynx-ransomware
@FUZZ0x
Analysis of a Lynx Ransomware attack
https://thedfirreport.com/2025/11/17/cats-got-your-files-lynx-ransomware
@FUZZ0x
The DFIR Report
Cat’s Got Your Files: Lynx Ransomware
Key Takeaways The intrusion began with a successful RDP login using already-compromised credentials, likely obtained via an infostealer, data breach reuse, or an initial access broker. Within minut…
❤1
Malchela
A Yara & Malware Analysis Toolkit
Written in Rust
https://github.com/dwmetz/MalChela
@reverseengine
A Yara & Malware Analysis Toolkit
Written in Rust
https://github.com/dwmetz/MalChela
@reverseengine
GitHub
GitHub - dwmetz/MalChela: A YARA & Malware Analysis Toolkit written in Rust.
A YARA & Malware Analysis Toolkit written in Rust. - dwmetz/MalChela
❤1
Dirty Vanity: A New Approach to Code Injection & EDR Bypass
Clone the shellcode
https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
@reverseengine
Clone the shellcode
https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
@reverseengine
❤2
Process Injection without R/W target memory and without creating a remote thread
https://github.com/Maff1t/InjectNtdllPOC
@reverseengine
https://github.com/Maff1t/InjectNtdllPOC
@reverseengine
GitHub
GitHub - Maff1t/InjectNtdllPOC: Process Injection without R/W target memory and without creating a remote thread
Process Injection without R/W target memory and without creating a remote thread - Maff1t/InjectNtdllPOC
❤1
Analyzing a Modern In-the-wild Android Exploit
https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html
@reverseengine
https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html
@reverseengine
projectzero.google
Analyzing a Modern In-the-wild Android Exploit - Project Zero
By Seth Jenkins, Project ZeroIntroductionIn December 2022, Google’s Threat Analysis Group (TAG) discovered an in-the-wild exploit chain targeting Samsu...
❤2
Awesome HyperDbg: A list of awesome resources about HyperDbg
https://github.com/HyperDbg/awesome
@reverseengine
https://github.com/HyperDbg/awesome
@reverseengine
GitHub
GitHub - HyperDbg/awesome: A list of awesome resources about HyperDbg
A list of awesome resources about HyperDbg. Contribute to HyperDbg/awesome development by creating an account on GitHub.
❤3
Linux kernel heap feng shui in 2022
https://duasynt.com/blog/linux-kernel-heap-feng-shui-2022
@reverseengine
https://duasynt.com/blog/linux-kernel-heap-feng-shui-2022
@reverseengine
Duasynt
Linux kernel heap feng shui in 2022 - Michael S, Vitaly Nikolenko
❤3
From Windows drivers to a almost fully working EDR
https://blog.whiteflag.io/blog/from-windows-drivers-to-a-almost-fully-working-edr
@reverseengine
https://blog.whiteflag.io/blog/from-windows-drivers-to-a-almost-fully-working-edr
@reverseengine
blog.whiteflag.io
From Windows drivers to a almost fully working EDR
In this article we will see how Windows drivers work, how to create one and, in the end, we will develope a custom EDR that will rely on kernel callback functions, static analysis and API hooking.
❤2
FirmWire is a full-system baseband firmware emulation platform for fuzzing, debugging, and root-cause analysis of smartphone baseband firmwares
https://github.com/FirmWire/FirmWire
@reverseengine
https://github.com/FirmWire/FirmWire
@reverseengine
GitHub
GitHub - FirmWire/FirmWire: FirmWire is a full-system baseband firmware emulation platform for fuzzing, debugging, and root-cause…
FirmWire is a full-system baseband firmware emulation platform for fuzzing, debugging, and root-cause analysis of smartphone baseband firmwares - FirmWire/FirmWire
❤2
Debugging and Reversing ALPC
https://csandker.io/2022/05/29/Debugging-And-Reversing-ALPC.html
@reverseengine
https://csandker.io/2022/05/29/Debugging-And-Reversing-ALPC.html
@reverseengine
csandker.io
Debugging and Reversing ALPC
This post is an addendum to my journey to discover and verify the internals of ALPC, which I've documented in Offensive Windows IPC Internals 3: ALPC. While preparing this blog I figured a second post, explaining the debugging steps I took to verify and discover…
🔥2
DJI - The ART of obfuscation
https://blog.quarkslab.com/dji-the-art-of-obfuscation.html
@reverseengine
https://blog.quarkslab.com/dji-the-art-of-obfuscation.html
@reverseengine
Quarkslab
DJI - The ART of obfuscation - Quarkslab's blog
Study of an Android runtime (ART) hijacking mechanism for bytecode injection through a step-by-step analysis of the packer used to protect the DJI Pilot Android application.
🔥2
LayeredSyscall – Abusing VEH to Bypass EDRs
https://whiteknightlabs.com/2024/07/31/layeredsyscall-abusing-veh-to-bypass-edrs
@reverseengine
https://whiteknightlabs.com/2024/07/31/layeredsyscall-abusing-veh-to-bypass-edrs
@reverseengine
White Knight Labs
LayeredSyscall - Abusing VEH to Bypass EDRs | White Knight Labs
Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR hooks in Windows.
🔥2