Python noscripts to help analzye go binaries in radare2. Basically this is a port of the IDA pro noscript golang_load_assist to r2
https://github.com/f0rki/r2-go-helpers
@reverseengine
https://github.com/f0rki/r2-go-helpers
@reverseengine
GitHub
GitHub - f0rki/r2-go-helpers: [UNMAINTAINED] python noscripts to help analzye go binaries in radare2
[UNMAINTAINED] python noscripts to help analzye go binaries in radare2 - f0rki/r2-go-helpers
❤1
Reverse-Engineering Android APKs with JADX
https://blog1.neuralengineer.org/reverse-engineering-android-apks-with-jadx-ebded67ceb8f
@reverseengine
https://blog1.neuralengineer.org/reverse-engineering-android-apks-with-jadx-ebded67ceb8f
@reverseengine
Medium
Reverse-Engineering Android APKs with JADX
In this article, we explore how to reliably decompile Android APKs into readable Java/Kotlin, connect code to resources, and sanity-check…
❤1
How to Reverse-Engineer (with AI) an old Demoscene Exe
https://medium.com/@kevin.drapel/how-to-reverse-engineer-with-ai-an-old-demoscene-exe-part-1-07e22e48b0c2
@reverseengine
https://medium.com/@kevin.drapel/how-to-reverse-engineer-with-ai-an-old-demoscene-exe-part-1-07e22e48b0c2
@reverseengine
Medium
How to Reverse-Engineer (with AI) an old Demoscene Exe — Part 1
Revisiting a mid-90s PC demo is both a technical puzzle and a preservation exercise. “Stars: Wonder of the World” by NoooN, released in…
❤3
Reverse engineering of a crypto stealer
https://medium.com/@beardr3d/reverse-engineering-of-a-crypto-stealer-e768f0c20853
@reverseengine
https://medium.com/@beardr3d/reverse-engineering-of-a-crypto-stealer-e768f0c20853
@reverseengine
Medium
Reverse engineering of a crypto stealer
I am looking for a new job, and a couple of weeks ago I received a message on LinkedIn from a recruiter who is seeking an experienced SRE…
❤3
Forwarded from Sec Note
LazyHook is a stealthy API hooking framework that bypasses Host Intrusion Prevention Systems (HIPS) through call stack spoofing. By leveraging CPU-level hardware breakpoints and Vectored Exception Handling, it executes arbitrary code as if it originated from trusted, Microsoft-signed modules—completely fooling behavioral analysis engines that rely on call stack inspection and module origin verification.
#callstackspoofing #edr
Evade behavioral analysis by executing malicious code within trusted Microsoft call stacks
Uses hardware breakpoints + VEH to hijack legitimate functions and spoof module origins
│ 1. Target Function Call
│ ↓
│ 2. CPU Debug Register Triggers (DR0-DR3) │
│ ↓
│ 3. EXCEPTION_SINGLE_STEP Raised │
│ ↓
│ 4. VEH Handler Intercepts Exception │
│ ↓
│ 5. Execution Redirected to Hook Function │
│ ↓
│ 6. CallOriginal() Temporarily Disables Breakpoint
│ ↓
│ 7. Original Function Executes │
│ ↓
│ 8. Breakpoint Re-enabled
#callstackspoofing #edr
Linux rootkits explained
https://www.wiz.io/blog/linux-rootkits-explained-part-1-dynamic-linker-hijacking
@reverseengine
https://www.wiz.io/blog/linux-rootkits-explained-part-1-dynamic-linker-hijacking
@reverseengine
wiz.io
Linux rootkits explained – Part 1: Dynamic linker hijacking | Wiz Blog
Dynamic linker hijacking via LD_PRELOAD is a Linux rootkit technique utilized by different threat actors in the wild. In part one of this series on Linux rootkits, we discuss this threat and explain how to detect it.
Singularity - Stealthy Linux Kernel Rootkit
https://blog.kyntra.io/Singularity-A-final-boss-linux-kernel-rootkit
https://github.com/MatheuZSecurity/Singularity?tab=readme-ov-file#installation
https://blog.kyntra.io/Singularity-A-final-boss-linux-kernel-rootkit
https://github.com/MatheuZSecurity/Singularity?tab=readme-ov-file#installation
blog.kyntra.io
Singularity: Deep Dive into a Modern Stealth Linux Kernel Rootkit – Kyntra Blog
Deep dive into a modern stealth Linux kernel rootkit with advanced evasion and persistence techniques
Piercing the Veil: Android Code Deobfuscation
https://www.youtube.com/watch?v=lmHkfKXuN4A
@reverseengine
https://www.youtube.com/watch?v=lmHkfKXuN4A
@reverseengine
YouTube
Piercing the Veil: Android Code Deobfuscation - Caleb Fenton
Presented at Silicon Valley Cyber Security Meetup Talkin' Security Online Event on Thursday, May 7, 2020
Slides can be found at https://drive.google.com/file/d/1QUpMOm1-gzWYLVsmGJrcOHyea2e0X93z
Summary of the Talk: Android malware analysts often encounter…
Slides can be found at https://drive.google.com/file/d/1QUpMOm1-gzWYLVsmGJrcOHyea2e0X93z
Summary of the Talk: Android malware analysts often encounter…
Updates on ThiefQuest, the Quickly-Evolving macOS Malware
https://blog.trendmicro.com/trendlabs-security-intelligence/updates-on-thiefquest-the-quickly-evolving-macos-malware
@reverseengine
https://blog.trendmicro.com/trendlabs-security-intelligence/updates-on-thiefquest-the-quickly-evolving-macos-malware
@reverseengine
Trend Micro
Updates on Quickly-Evolving ThiefQuest macOS Malware
We discuss our discoveries on ThiefQuest, such as the differences between the old and new versions of the malware, and why we believe ThiefQuest is an example of highly capable malware that should be kept under close monitoring.
👍2👎2
WEIZZ: Automatic Grey-Box Fuzzing for Structured Binary Formats
Slides: https://andreafioraldi.github.io/assets/weizz-issta2020-slides.pdf
Video: https://www.youtube.com/watch?v=MOeUqlFtgwE
Article: https://andreafioraldi.github.io/assets/weizz-issta2020.pdf
Code: https://github.com/andreafioraldi/weizz-fuzzer
@reverseengine
Slides: https://andreafioraldi.github.io/assets/weizz-issta2020-slides.pdf
Video: https://www.youtube.com/watch?v=MOeUqlFtgwE
Article: https://andreafioraldi.github.io/assets/weizz-issta2020.pdf
Code: https://github.com/andreafioraldi/weizz-fuzzer
@reverseengine
Breaking the BeeStation: Inside Our Pwn2Own 2025 Exploit Journey
https://www.synacktiv.com/en/publications/breaking-the-beestation-inside-our-pwn2own-2025-exploit-journey
@reverseengine
https://www.synacktiv.com/en/publications/breaking-the-beestation-inside-our-pwn2own-2025-exploit-journey
@reverseengine
Synacktiv
Breaking the BeeStation: Inside Our Pwn2Own 2025 Exploit Journey
Exploiting an Envoy heap vulnerability
https://blog.envoyproxy.io/exploiting-an-envoy-heap-vulnerability-96173d41792
@reverseengine
https://blog.envoyproxy.io/exploiting-an-envoy-heap-vulnerability-96173d41792
@reverseengine
Medium
Exploiting an Envoy heap vulnerability
Overview
Writing an iOS Kernel Exploit from Scratch
https://secfault-security.com/blog/chain3.html
@reverseengine
https://secfault-security.com/blog/chain3.html
@reverseengine