@heurs.bsky.social
Work at @ExaTrack, love rootkits -> https://github.com/ExaTrack/Kdrill
I'm glad to share my talk at @botconf.infosec.exchange.ap.brid.gy 2025!
Do you want to know how we compare a sample with 150k others in seconds on @exalyze.bsky.social? This talk is made for you🚀
At the end, you'll get a hint on what's coming next for Exalyze 😉
youtube.com/watch?v=TS8X...
exalyze.io
#Podcast #Potatosécurité
Épisode #502 : détection vs. recherche de compromissions (suite de l'épisode #491), avec @heurs.bsky.social
www.nolimitsecu.fr/detection-vs...
#Podcast #Cybersécurité
Épisode #501 : détection vs. recherche de compromissions (suite de l'épisode #491), avec @heurs.bsky.social
www.nolimitsecu.fr/detection-vs...
Kdrill update 📢
ARM64 support added, hunt those rootkits before they adapt to your Winows!
github.com/ExaTrack/Kdr...
The nineth article (38 pages) of the Malware Analysis Series (MAS) is available on:
exploitreversing.com/2025/01/08/m...
Even though I haven't been on this subject for years, I promised I would write a series of ten articles, and the last one will be released next week (JAN/15).
#malware
A image that shows a piece of code. On top there is an expression (param_1 & 1) * 2 + (param_1 ^ 1). On the bottom is a deobfuscated version, param_1 + 1. In the middle there is a custom Ghidra DSL, explained in the post.
RULECOMPILE - Undocumented Ghidra decompiler rule language.
A blog post about how frustration with poor decompilation led me to dive deep into Ghidra's decompiler to discover (and reverse-engineer) - an obscure, undocumented DSL
msm.lt/re/ghidra/ru...
#reverseengineering #ghidra
3+ YEARS of stealth! We uncovered new tactics used by the perfctl malware, including a userland rootkit & an SSH backdoor (a single SPACE in /etc/passwd!). More insights: blog.exatrack.com/Perfctl-usin... #cybersecurity #threat_hunting #linux #infosec #perfctl #rootkit #ssh #exatrack
17.12.2024 10:02 — 👍 10 🔁 6 💬 0 📌 0
