❤4
Intro to Syscalls & Windows internals for malware development:
https://medium.com/%40amitmoshel70/intro-to-syscalls-windows-
internals-for-malware-development-pt-1-b5bb0cd90c52
https://medium.com/@amitmoshel70/intro-to-syscalls-windows-internals-for-malware-development-pt-2-b8d88bb10eb9
https://medium.com/%40amitmoshel70/intro-to-syscalls-windows-
internals-for-malware-development-pt-1-b5bb0cd90c52
https://medium.com/@amitmoshel70/intro-to-syscalls-windows-internals-for-malware-development-pt-2-b8d88bb10eb9
Medium
Intro to Syscalls & Windows internals for malware development Pt.2
Hello everyone, this article is the continuation of part 1 and will mainly focus on the practical aspect of what we’ve been talking about…
❤6
پیدا کردن گجت های jmp برای call stack spoofing
Finding jmp gadgets for call stack spoofing
https://github.com/rasta-mouse/GadgetHunter
@PfkSecurity
Finding jmp gadgets for call stack spoofing
https://github.com/rasta-mouse/GadgetHunter
@PfkSecurity
GitHub
GitHub - rasta-mouse/GadgetHunter: Find jmp gadgets for call stack spoofing.
Find jmp gadgets for call stack spoofing. Contribute to rasta-mouse/GadgetHunter development by creating an account on GitHub.
❤2
Windows local privilege escalation through the bitpixie vulnerability
https://blog.syss.com/posts/bitpixie/
https://blog.syss.com/posts/bitpixie/
SySS Tech Blog
Windows Local Privilege Escalation through the bitpixie Vulnerability
This blog post demonstrates how attackers can circumvent BitLocker drive encryption, how to protect against such attacks, and why acting now might pay off in the near future. The bitpixie vulnerability in Windows Boot Manager is caused by a flaw in the PXE…
❤2
❤3
تکنیکهای ساده مهندسی معکوس
توی این مرحله یاد میگیریم چطور برنامههای سادهای رو که یه محافظ ابتدایی یا قفل ساده دارن آنالیز کنیم و رفتار پشتشون رو بفهمیم
قدم به قدم:
باز کردن فایل با ابزار استاتیک و دیباگر
همون طور که قبلا یاد گرفتیم اول با IDA Ghidra ساختار برنامه رو ببینید و بعد با x64dbg بذارید روی Entry Point وایسته این پایه همه کاراست
پیدا کردن قسمت چک لایسنس یا شرط ها
تو برنامه های ساده معمولا یه شرط if هست که میگه اگه لایسنس درست بود برو جلو اگه نه پیام خطا بده این بخش معمولا کنار توابعی مثل strcmp یا strncmp یا توابع ورودی رشتهای قرار داره
ردیابی با Breakpoint
روی تابعی که شک دارید بررسی لایسنسه Breakpoint بذارید برنامه رو اجرا کنید و ببینید کی و کجا متوقف میشه از اونجا میتونید مسیر منطقی برنامه رو بفهمید
بررسی دستورهای شرطی
معمولا یه دستور JE، JNE، JZ یا JNZ هست که تصمیم میگیره ادامه برنامه چی بشه اگه اینو پیدا کنید دقیقا اونجاست که برنامه تصمیم میگیره لایسنس درسته یا نه
دستکاری ساده برای فهم منطق
به جای عوض کردن فایل میتونید تو دیباگر دستور پرش رو موقتا عوض کنید مثلا JNE رو به JE تغییر بدید تا ببینید اگه شرط برعکس بشه چی میشه این تمرین کمک میکنه منطق چک رو کامل درک کنید
تمرین:
یه برنامه ساده بسازید که یه رمز مشخص داره مثلا "1234" و اگه درست وارد شد پیام موفقیت بده
بعد با IDA و x64dbg بررسیش کنید:
تابع مقایسه رمز رو پیدا کنید
نقطه پرش تصمیم گیرنده رو شناسایی کنید
با تغییر پرش ببینید برنامه چطور رفتار میکنه
Simple Reverse Engineering Techniques
In this step we will learn how to analyze simple programs that have a basic guard or a simple lock and understand the behavior behind them
Step by step :
Open the file with static tools and debugger
As we learned before, first see the structure of the program with IDA Ghidra and then place it on the Entry Point with x64dbg and that's it
Find the license check section or conditions
In simple programs there is usually an if condition that says if the license is correct go ahead if not give an error message This section is usually next to functions like strcmp or strncmp or string input functions
Tracing with Breakpoint
Run the program and see when and where it stops From there you can understand the logical path of the program
Examining conditional statements
Usually there is a JE, JNE, JZ or JNZ statement that decides whether to continue the program What if you find this? This is exactly where the program decides whether the license is valid or not
A simple manipulation to understand the logic
Instead of changing the file you can temporarily change the jump instruction in the debugger, for example, change JNE to JE to see what happens if the condition is reversed This exercise will help you fully understand the logic of the check
Exercise :
Create a simple program that has a specific password for example "1234", and if it is entered correctly it will give a success message
Then check it with IDA and x64dbg :
Find the password comparison function
Identify the decision-making jump point
See how the program behaves by changing the jump
توی این مرحله یاد میگیریم چطور برنامههای سادهای رو که یه محافظ ابتدایی یا قفل ساده دارن آنالیز کنیم و رفتار پشتشون رو بفهمیم
قدم به قدم:
باز کردن فایل با ابزار استاتیک و دیباگر
همون طور که قبلا یاد گرفتیم اول با IDA Ghidra ساختار برنامه رو ببینید و بعد با x64dbg بذارید روی Entry Point وایسته این پایه همه کاراست
پیدا کردن قسمت چک لایسنس یا شرط ها
تو برنامه های ساده معمولا یه شرط if هست که میگه اگه لایسنس درست بود برو جلو اگه نه پیام خطا بده این بخش معمولا کنار توابعی مثل strcmp یا strncmp یا توابع ورودی رشتهای قرار داره
ردیابی با Breakpoint
روی تابعی که شک دارید بررسی لایسنسه Breakpoint بذارید برنامه رو اجرا کنید و ببینید کی و کجا متوقف میشه از اونجا میتونید مسیر منطقی برنامه رو بفهمید
بررسی دستورهای شرطی
معمولا یه دستور JE، JNE، JZ یا JNZ هست که تصمیم میگیره ادامه برنامه چی بشه اگه اینو پیدا کنید دقیقا اونجاست که برنامه تصمیم میگیره لایسنس درسته یا نه
دستکاری ساده برای فهم منطق
به جای عوض کردن فایل میتونید تو دیباگر دستور پرش رو موقتا عوض کنید مثلا JNE رو به JE تغییر بدید تا ببینید اگه شرط برعکس بشه چی میشه این تمرین کمک میکنه منطق چک رو کامل درک کنید
تمرین:
یه برنامه ساده بسازید که یه رمز مشخص داره مثلا "1234" و اگه درست وارد شد پیام موفقیت بده
بعد با IDA و x64dbg بررسیش کنید:
تابع مقایسه رمز رو پیدا کنید
نقطه پرش تصمیم گیرنده رو شناسایی کنید
با تغییر پرش ببینید برنامه چطور رفتار میکنه
Simple Reverse Engineering Techniques
In this step we will learn how to analyze simple programs that have a basic guard or a simple lock and understand the behavior behind them
Step by step :
Open the file with static tools and debugger
As we learned before, first see the structure of the program with IDA Ghidra and then place it on the Entry Point with x64dbg and that's it
Find the license check section or conditions
In simple programs there is usually an if condition that says if the license is correct go ahead if not give an error message This section is usually next to functions like strcmp or strncmp or string input functions
Tracing with Breakpoint
Run the program and see when and where it stops From there you can understand the logical path of the program
Examining conditional statements
Usually there is a JE, JNE, JZ or JNZ statement that decides whether to continue the program What if you find this? This is exactly where the program decides whether the license is valid or not
A simple manipulation to understand the logic
Instead of changing the file you can temporarily change the jump instruction in the debugger, for example, change JNE to JE to see what happens if the condition is reversed This exercise will help you fully understand the logic of the check
Exercise :
Create a simple program that has a specific password for example "1234", and if it is entered correctly it will give a success message
Then check it with IDA and x64dbg :
Find the password comparison function
Identify the decision-making jump point
See how the program behaves by changing the jump
❤2👏1
The Evolution of macOS Security
https://theevilbit.github.io/talks_workshops/2025/MacSysAdmin2025-Csaba-Fitzl-Evolution-of-macOS-Security.pdf
https://theevilbit.github.io/talks_workshops/2025/MacSysAdmin2025-Csaba-Fitzl-Evolution-of-macOS-Security.pdf
❤2
Post-Quantum Now: from AES & RSA to ML-KEM Hybrids
A crisp, practical guide to navigating the quantum shift: how today’s crypto stack really works, what breaks with quantum, what survives (hello, AES-256), and how to roll in ML-KEM/Dilithium without breaking prod.
Highlights you’ll get in 10 minutes:
1️⃣ A little tour of the “digital trust” stack — AES modes, nonce pitfalls (GCM vs SIV), and why key-derivation details matter.
2️⃣ Quantum threat & HNDL explained: keep symmetric strong (AES-256), plan to replace public-key (RSA/ECDSA/curves).
3️⃣ What NIST is standardizing now: ML-KEM (Kyber) for key establishment and ML-DSA (Dilithium) for signatures — with libraries you can use today (liboqs/pyoqs).
4️⃣ Hands-on hybrid recipe: X25519 + ML-KEM, trannoscript-bound HKDF, and a minimal Python snippet to derive a shared session key.
5️⃣ Migration roadmap you can copy-paste: Shadow Mode → Hybrid Mode → Audit & Logging → Policy flags → Crypto agility best practices.
If you’re a security engineer, architect, or CISO planning 2025 rollouts, this is your field guide to ship PQC with confidence — not someday, but now.
Read the full post: https://netlas.io/blog/post_quantum_cryptography/
A crisp, practical guide to navigating the quantum shift: how today’s crypto stack really works, what breaks with quantum, what survives (hello, AES-256), and how to roll in ML-KEM/Dilithium without breaking prod.
Highlights you’ll get in 10 minutes:
1️⃣ A little tour of the “digital trust” stack — AES modes, nonce pitfalls (GCM vs SIV), and why key-derivation details matter.
2️⃣ Quantum threat & HNDL explained: keep symmetric strong (AES-256), plan to replace public-key (RSA/ECDSA/curves).
3️⃣ What NIST is standardizing now: ML-KEM (Kyber) for key establishment and ML-DSA (Dilithium) for signatures — with libraries you can use today (liboqs/pyoqs).
4️⃣ Hands-on hybrid recipe: X25519 + ML-KEM, trannoscript-bound HKDF, and a minimal Python snippet to derive a shared session key.
5️⃣ Migration roadmap you can copy-paste: Shadow Mode → Hybrid Mode → Audit & Logging → Policy flags → Crypto agility best practices.
If you’re a security engineer, architect, or CISO planning 2025 rollouts, this is your field guide to ship PQC with confidence — not someday, but now.
Read the full post: https://netlas.io/blog/post_quantum_cryptography/
netlas.io
Post-Quantum Now: From AES & RSA to ML-KEM Hybrids - Netlas Blog
A Practical Guide to Post-Quantum Cryptography: Algorithms, Migration Roadmap, Risks, and Metrics
❤2
This repository contains slides and hands-on materials for Emproof's workshop on firmware reverse engineering, presented at ScapyCon Automotive 2025. The workshop targets a technical audience with minimal security experience and teaches the fundamentals through practical, self-contained tasks.
https://github.com/emproof-com/workshop_firmware_reverse_engineering
https://github.com/emproof-com/workshop_firmware_reverse_engineering
GitHub
GitHub - emproof-com/workshop_firmware_reverse_engineering: Workshop on firmware reverse engineering
Workshop on firmware reverse engineering. Contribute to emproof-com/workshop_firmware_reverse_engineering development by creating an account on GitHub.
❤2
How Does the iOS Kernel Copy Memory?
(Virtual Memory Internals)
https://www.youtube.com/watch?v=0hxUEaDp1AA
(Virtual Memory Internals)
https://www.youtube.com/watch?v=0hxUEaDp1AA
YouTube
How Does the Kernel Copy Memory so Quickly?
Are you a security researcher or reverse engineer?
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individuals…
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individuals…
❤2
Elons (Proxima/Black Shadow related) ransomware attack via Oracle DBS External Jobs
https://labs.yarix.com/2025/09/elons-proxima-black-shadow-related-ransomware-attack-via-oracle-dbs-external-jobs/
@FUZZ0x
https://labs.yarix.com/2025/09/elons-proxima-black-shadow-related-ransomware-attack-via-oracle-dbs-external-jobs/
@FUZZ0x
YLabs
Elons (Proxima/Black Shadow related) ransomware attack via Oracle DBS External Jobs
Premise As Yarix’s Incident Response Team, our responsibilities are to manage critical issues related to cyber-attacks carried out by cybercriminals, intervening promptly in order to guarantee security to victim companies and to minimize latent risks, analyzing…
❤1
A Deep Dive into Reverse Engineering and Exploitation of Drones
https://cfp.recon.cx/media/2023/submissions/HLHH89/resources/REcon_online_slides_mLUVm2u.pdf
https://cfp.recon.cx/media/2023/submissions/HLHH89/resources/REcon_online_slides_mLUVm2u.pdf
❤1
dalvikus
A modern Android reverse engineering and modification toolkit built with Compose Multiplatform, available for windows, linux & mac.
https://github.com/loerting/dalvikus.git
A modern Android reverse engineering and modification toolkit built with Compose Multiplatform, available for windows, linux & mac.
https://github.com/loerting/dalvikus.git
GitHub
GitHub - loerting/dalvikus: Android reverse-engineering tool / smali editor
Android reverse-engineering tool / smali editor. Contribute to loerting/dalvikus development by creating an account on GitHub.
❤1
Hypervisors for Memory Introspection and Reverse Engineering
https://secret.club/2025/06/02/hypervisors-for-memory-introspection-and-reverse-engineering.html
https://secret.club/2025/06/02/hypervisors-for-memory-introspection-and-reverse-engineering.html
secret club
Hypervisors for Memory Introspection and Reverse Engineering
Introduction
❤1
تحلیل باج افزار Qilin که پس از افول یا اسکم شدن بعضی باج افزارهایی مثل LockBit و BlackCat و RansomHub در صدر بیشترین حملات اخیر هست
Qilin ransomware analysis, which is at the forefront of most recent attacks after the decline or shrink of some ransomware such as LockBit, Blackcat and RansomHub
https://www.sans.org/blog/evolution-qilin-raas
@Fuzz0x
Qilin ransomware analysis, which is at the forefront of most recent attacks after the decline or shrink of some ransomware such as LockBit, Blackcat and RansomHub
https://www.sans.org/blog/evolution-qilin-raas
@Fuzz0x
❤1