Linux Rootkit Malware
https://www.fortinet.com/blog/threat-research/deep-dive-into-a-linux-rootkit-malware?utm_source=chatgpt.com
@reverseengine
#rootkit
#linux
https://www.fortinet.com/blog/threat-research/deep-dive-into-a-linux-rootkit-malware?utm_source=chatgpt.com
@reverseengine
#rootkit
#linux
Fortinet Blog
Deep Dive Into a Linux Rootkit Malware
An in-depth analysis of how a remote attacker deployed a rootkit and a user-space binary file by executing a shell noscript.…
❤1
Some Sources Related to Reverse Engineering
https://github.com/alphaSeclab/awesome-reverse-engineering
@reverseengine
https://github.com/alphaSeclab/awesome-reverse-engineering
@reverseengine
GitHub
GitHub - alphaSeclab/awesome-reverse-engineering: Reverse Engineering Resources About All Platforms(Windows/Linux/macOS/Android/iOS/IoT)…
Reverse Engineering Resources About All Platforms(Windows/Linux/macOS/Android/iOS/IoT) And Every Aspect! (More than 3500 open source tools and 2300 posts&videos) - alphaSeclab/awesome-rever...
❤1
پلاگین GhidraGPT
یک پلاگین قدرتمند برای Ghidra که مدلهای زبانی بزرگ (LLMs) را برای ارتقا فرآیند مهندسی معکوس به کار میگیرد و تحلیل و بهبود کد را هوشمندانهتر میکند.
ویژگیها:
بهبود کد: تغییر نام توابع و متغیرها با کمک AI برای افزایش خوانایی
توضیح کد: ارائه تحلیل دقیق از منطق و عملکرد توابع
تحلیل امنیتی: شناسایی آسیبپذیریها و بررسی مسائل امنیتی
پشتیبانی چندگانه: سازگار با بیش از ۸ ارائهدهنده شامل OpenAI، Anthropic، Google Gemini، Cohere، Mistral AI، DeepSeek، Grok (xAI)
🦅 کانال بایت امن
GhidraGPT Plugin
A powerful plugin for Ghidra that leverages Large Language Models (LLMs) to enhance the reverse engineering process and make code analysis and improvement smarter.
Features:
Code Optimization: AI-assisted renaming of functions and variables to increase readability
Code Explanation: Provides detailed analysis of function logic and performance
Security Analysis: Identify vulnerabilities and investigate security issues
Multiple Support: Compatible with 8+ providers including OpenAI, Anthropic, Google Gemini, Cohere, Mistral AI, DeepSeek, Grok (xAI) and
🦅 Safe Byte Channel
#Tools
#Ghidra
یک پلاگین قدرتمند برای Ghidra که مدلهای زبانی بزرگ (LLMs) را برای ارتقا فرآیند مهندسی معکوس به کار میگیرد و تحلیل و بهبود کد را هوشمندانهتر میکند.
ویژگیها:
بهبود کد: تغییر نام توابع و متغیرها با کمک AI برای افزایش خوانایی
توضیح کد: ارائه تحلیل دقیق از منطق و عملکرد توابع
تحلیل امنیتی: شناسایی آسیبپذیریها و بررسی مسائل امنیتی
پشتیبانی چندگانه: سازگار با بیش از ۸ ارائهدهنده شامل OpenAI، Anthropic، Google Gemini، Cohere، Mistral AI، DeepSeek، Grok (xAI)
🦅 کانال بایت امن
GhidraGPT Plugin
A powerful plugin for Ghidra that leverages Large Language Models (LLMs) to enhance the reverse engineering process and make code analysis and improvement smarter.
Features:
Code Optimization: AI-assisted renaming of functions and variables to increase readability
Code Explanation: Provides detailed analysis of function logic and performance
Security Analysis: Identify vulnerabilities and investigate security issues
Multiple Support: Compatible with 8+ providers including OpenAI, Anthropic, Google Gemini, Cohere, Mistral AI, DeepSeek, Grok (xAI) and
🦅 Safe Byte Channel
#Tools
#Ghidra
GitHub
GitHub - weirdmachine64/GhidraGPT: Integrate LLM models directly into Ghidra for automated code rewrite and analysis.
Integrate LLM models directly into Ghidra for automated code rewrite and analysis. - weirdmachine64/GhidraGPT
❤4
Clop Ransomware Group Claims the Hack of Harvard University
https://securityaffairs.com/183282/cyber-crime/clop-ransomware-group-claims-the-hack-of-harvard-university.html
@reverseengine
https://securityaffairs.com/183282/cyber-crime/clop-ransomware-group-claims-the-hack-of-harvard-university.html
@reverseengine
Security Affairs
Clop Ransomware group claims the hack of Harvard University
The notorious Clop Ransomware group claims the hack of Harvard University and added the prestigious institute to its Tor data leak site.
❤1
Bypassing EDR using an In Memory PE Loader
https://g3tsyst3m.com/fileless%20techniques/Bypassing-EDR-using-an-In-Memory-PE-Loader/
@reverseengine
https://g3tsyst3m.com/fileless%20techniques/Bypassing-EDR-using-an-In-Memory-PE-Loader/
@reverseengine
G3tSyst3m's Infosec Blog
Bypassing EDR using an In-Memory PE Loader
It’s high time we get another blog post going, and what better time than now to talk about PE loaders! Specifically, an In-Memory PE Loader. 😸 In short, we’re going to implement a PE (Portable Executable) loader that downloads a PE file (in this case, putty.exe)…
❤1
Reverse Engineering WannaCry Ransomware => A Deep Dive
https://infosecwriteups.com/reverse-engineering-wannacry-ransomware-a-deep-dive-86ee4a8d7c7a?source=rss----7b722bfd1b8d---4
@reverseengine
https://infosecwriteups.com/reverse-engineering-wannacry-ransomware-a-deep-dive-86ee4a8d7c7a?source=rss----7b722bfd1b8d---4
@reverseengine
Medium
Reverse Engineering WannaCry Ransomware: A Deep Dive
The WannaCry ransomware attack of May 2017 was a watershed moment in cybersecurity, exposing vulnerabilities in the Windows operating…
❤1
Reverse Engineering the Android Malware
https://www.linkedin.com/pulse/reverse-engineering-new-android-malware-targeting-ukfie/
@reverseengine
https://www.linkedin.com/pulse/reverse-engineering-new-android-malware-targeting-ukfie/
@reverseengine
Linkedin
Reverse Engineering the New Android Malware Targeting CBE Users
Last week, some Android users received a notification from the Commercial Bank of Ethiopia stating that two active android malware apps are stealing money from CBE accounts. Pharma+ CBE Vacancy And as soon as our team saw the notification, we wanted to get…
❤1
Hypervisors for Memory Introspection and Reverse Engineering
https://secret.club/2025/06/02/hypervisors-for-memory-introspection-and-reverse-engineering.html
@reverseengine
https://secret.club/2025/06/02/hypervisors-for-memory-introspection-and-reverse-engineering.html
@reverseengine
secret club
Hypervisors for Memory Introspection and Reverse Engineering
Introduction
❤1
ClayRat A New Android Spyware Targeting Russia
https://zimperium.com/blog/clayrat-a-new-android-spyware-targeting-russia
@reverseengine
https://zimperium.com/blog/clayrat-a-new-android-spyware-targeting-russia
@reverseengine
Zimperium
ClayRat: A New Android Spyware Targeting Russia
true
❤1
GhostBat RAT Inside the Resurgence of RTO Themed Android Malware
https://cyble.com/blog/ghostbat-rat-inside-the-resurgence-of-rto-themed-android-malware/
@reverseengine
https://cyble.com/blog/ghostbat-rat-inside-the-resurgence-of-rto-themed-android-malware/
@reverseengine
❤1
جریان اصلی وقتی یک تابع صدا زده میشه:
The basic flow when a function is called:
@reverseengine
1️⃣ call func
آدرس بعد از call (return address) پوش میشه رو استک
2️⃣ داخل تابع:
RBP ذخیره میشه
فریم استک ساخته میشه
3️⃣ متغیرها آرگومان ها استفاده میشن
4️⃣ leave → فریم قدیمی برگردونده میشه
5️⃣ ret → caller برگشت به
The basic flow when a function is called:
1️⃣ call func
The address after the call (return address) is pushed onto the stack
2️⃣ Inside the function:
RBP is saved
A stack frame is created
3️⃣ Variables and arguments are used
4️⃣ leave → Old frame is returned
5️⃣ ret → caller returns to
@reverseengine
❤1
Safeguarding Code Against Reverse Engineering
https://www.youtube.com/watch?v=Ie1eZSiMEJ8
https://github.com/emproof-com/webinars/tree/main/2025-01-software_protection
@reverseengine
https://www.youtube.com/watch?v=Ie1eZSiMEJ8
https://github.com/emproof-com/webinars/tree/main/2025-01-software_protection
@reverseengine
YouTube
Webinar: Software Protection -- Safeguarding Code Against Reverse Engineering
Speakers: Tim Blazytko (Emproof)
Code and samples: https://github.com/emproof-com/webinars/tree/main/2025-01-software_protection
Slides: https://github.com/emproof-com/webinars/blob/main/2025-01-software_protection/slides.pdf
Abstract:
In our webinar…
Code and samples: https://github.com/emproof-com/webinars/tree/main/2025-01-software_protection
Slides: https://github.com/emproof-com/webinars/blob/main/2025-01-software_protection/slides.pdf
Abstract:
In our webinar…
❤1
DiffRays
ابزاری پژوهش محور برای تغییر پچ های باینریه که برای کمک به تحقیقات در زمینه توسعه اکسپلویت های آسیبپذیری و مهندسی معکوس طراحی شده
DiffRays is a research-oriented tool for binary patch diffing designed to aid in vulnerability research exploit development and reverse engineering
https://github.com/pwnfuzz/diffrays
@reverseengine
ابزاری پژوهش محور برای تغییر پچ های باینریه که برای کمک به تحقیقات در زمینه توسعه اکسپلویت های آسیبپذیری و مهندسی معکوس طراحی شده
DiffRays is a research-oriented tool for binary patch diffing designed to aid in vulnerability research exploit development and reverse engineering
https://github.com/pwnfuzz/diffrays
@reverseengine
GitHub
GitHub - pwnfuzz/diffrays: DiffRays is a research-oriented tool for binary patch diffing, designed to aid in vulnerability research…
DiffRays is a research-oriented tool for binary patch diffing, designed to aid in vulnerability research, exploit development, and reverse engineering. - pwnfuzz/diffrays
❤2
Aiding Reverse Engineering with Rust and a local LLM
https://security.humanativaspa.it/aiding-reverse-engineering-with-rust-and-a-local-llm/
@reverseengine
https://security.humanativaspa.it/aiding-reverse-engineering-with-rust-and-a-local-llm/
@reverseengine
HN Security
Aiding reverse engineering with Rust and a local LLM - HN Security
Offensive Rust series article that introduces a new AI tool (oneiromancer) to aid with reverse engineering.
❤1
Forwarded from Fuzzing ZONE (0xB01)
Talking with Ransomware Devman
https://analyst1.com/devmans-raas-launch-the-affiliate-who-aims-to-become-the-boss/
@FUZZ0x
https://analyst1.com/devmans-raas-launch-the-affiliate-who-aims-to-become-the-boss/
@FUZZ0x
Analyst1
Devman's RaaS Launch: The Affiliate Who Aims to Become the Boss
Jon DiMaggio interviews the new affiliate who aims to be the boss: Devman. Dive into the exploration of this new syndicate now.
❤2