🇺🇦 Xorhex 🇺🇦

Beginner C++ Reverse Engineering - Binary Ninja Live Stream Learn how to recognize and apply types to decompiled C++ that's using virtual functions, inheritance and vtables, recognize and recover missing parameters, a...

Join us today from 3-5pm ET to learn to recognize and apply types to decompiled C++ that's using virtual functions, inheritance, and vtables. We'll recover missing parameters, apply types, clean up decompilation, and everything else you need to get started reversing C++! youtube.com/live/QmsUmvH...

The CertGraveyard is now being leveraged by MagicSword.

MagicSword makes use of certificates we report and blocks them within your environment.

I was really amazed by the work they do to block RMM and bad drivers. Now this further enables orgs to block malicious signers.
x.com/magicswordio/s...

New blog post is live! Xusheng tears apart a tiny Linux binary that really does not want to be reversed. Malformed ELF headers, segment tricks, layered XOR and RC4, plus a bunch of Binary Ninja tricks along the way. Read it here: binary.ninja/2026/01/23/r...

YouTube video by MalwareAnalysisForHedgehogs Malware Analysis - Malicious MS Office files without Macros

🦔 📹 New Video: Can office files be malicious without Macros?

➡️ VSTO Add-Ins
➡️ External Templates
➡️ Checklist for Office analysis
#MalwareAnalysisForHedgehogs
www.youtube.com/watch?v=RtHH...

Awesome, time for me to update #BinYars again 😄

#BREAKING #ESETresearch identified the wiper #DynoWiper used in an attempted disruptive cyberattack against the Polish energy sector on Dec 29, 2025. At this point, no successful disruption is known, but the malware’s design clearly indicates destructive intent. 1/5

Great work by Kim and ESET to get this story out there. The cyber threat has been off the front pages with everything else going on, but is still very real.

New Children's Health Defense site registered on 1/9/26 and currently in development:
covidjustice[.]org
covidjustice[.]metalteam[.]dev (69.16.249[.]248, dev site)

That's awesome! Have a hash that can be shared?

We are less than a month away from #PIVOTcon26 #CfP deadline,come present your best research in a trusted,vetted environment attended by some of the best researchers. We created such an environment so that we can feel safe to exchange beyond the blogposts #CTI #ThreatResearch #ThreatIntel #MemeGuide

Carl Svensson is bringing Age of Empires II Definitive Edition to RE//verse 2026 as a playground for tooling. This talk walks through Binary Ninja automation to decrypt and deobfuscate...

Release v1.11.0 · VirusTotal/yara-x Make the parser stricter (#502). Implement dex module (#458). Implement C api console log (#515). Implement permhash for the crx module (#510). Implement the imports() method for the Rules object i...

github.com/VirusTotal/y... - 1.11.0 is out! Lots of new features, modules and bug fixes. Read the release notes and congrats to Victor and the contributors!

a black and white photo of a man with a stethoscope around his neck screaming . ALT: a black and white photo of a man with a stethoscope around his neck screaming .

🚨#100DaysofYARA lives!!

2 time reigning champ Yashraj
has kindly offered to take the helm for this community effort! Give the homie a follow 👊

Check the repo to contribute: github.com/100DaysofYARA

And gear up for Jan 1 when #100DaysofYARA will kick off!

You asked for our traditional #CfP meme-guideline for #PIVOTcon26 - here it is 🥳🎉
Reminder:
- one track,30m
- no recording/streaming/tweeting.
- No TLP:WHITE
- Original content only
#CTI #ThreatIntel #ThreatResearch 1/7

Deconstructing Rust Binaries Deconstructing Rust Binaries is the first comprehensive training course focused solely on reverse engineering Rust binaries. This course is for any reverse engineer who needs a rapid, practical upskil...

📣🦀 Announcing: TWO 2026 sessions for our Rust reverse engineering course, Deconstructing Rust Binaries!

1) Ringzer0 COUNTERMEASURE, March 23-26, Remote: ringzer0.training/countermeasu...

2) NorthSec (@nsec.io), May 11-13, Montréal & Remote: nsec.io/training/202...

#malware #infosec #rustlang

Excited to bring Deconstructing Rust Binaries to NorthSec in March! Chat with me here or at @decoderloop.com if you have questions about the training.

Take advantage of the early bird rate for the onsite option! Pricing is in CAD, take advantage of the exchange rate (:

nsec.io/training/202...

Targeting of Lithuania's government today cc @lithuaniaineu.bsky.social 0c6ba3f0ab6f48c84175db68eb4f0d19

I feel seen lol

I spent a couple months arguing with Claude and Copilot while building FrostyGoop variants for DNP3 (and Modbus), keeping detailed notes on what worked and what didn't. At S4, I’ll share my honest assessment of these tools and how they might lower barriers to ICS malware dev. See you in Miami!

Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure | Amazon Web Services As we conclude 2025, Amazon Threat Intelligence is sharing insights about a years-long Russian state-sponsored campaign that represents a significant evolution in critical infrastructure targeting: a ...

Proud to share new research by Amazon Threat Intelligence detailing recent activity by Sandworm/APT44 🇷🇺 targeting US and European energy, critical infrastructure, and managed security provider networks via vulnerable and misconfigured network edge devices. #threatintel aws.amazon.com/blogs/securi...

Able to share the hash/sample of `[REDACTED].bin`?

Ongoing european government targeting from this susp ru actor. Surely others are focused on the politics of Transnistria, but not too many. strikeready.com/blog/russian...

GitHub - decoderloop/rust-malware-gallery: A collection of malware families and malware samples which use the Rust programming language. A collection of malware families and malware samples which use the Rust programming language. - decoderloop/rust-malware-gallery

🦀 Looking for Rust malware samples to practice analyzing? Our Rust Malware Sample Gallery just received a major update, with 20 new families added! github.com/decoderloop/...

#rust #rustlang #malware #infosec #ReverseEngineering #MalwareAnalysis #reversing

Nice reporting! IOCs 🫶

Also, I'm so used to markdown that I almost didn't notice this:

I'm hiring a senior threat researcher! If you want to help me build out a team to track the most advanced actors targeting cloud environments, this is the job for you. This job is open to remote, but us-bases only. Feel free to reach out with questions.

www.wiz.io/careers/job/...

Maldev Academy Review 2 years after starting, some false starts, and some requisite learning completed, I finally wrapped up Maldev Academy.

Just posted my thoughts on maldev academy! Apologies if it’s a little messy, it’s reporting week at work so it’s all text editing all day right now.

www.winterknight.net/maldev-acade...

feat: More constraints on hashes by wxsBSD · Pull Request #509 · VirusTotal/yara-x The imphash implementation always returns a lowercase md5. This commit switches the type of the returned value so that it can be used to generate warnings. Warnings are now generated if you use an ...

Quality of life improvement for yara-x:

I realized the functions that output hash values do not have constraints on them like the hash module functions do. See virustotal.github.io/yara-x/blog/... for details on why this is useful to extend everywhere.

PR that fixes it: github.com/VirusTotal/y...

#BinYars (write #YARA-X rules inside of #BinaryNinja) is now available in Binja's plugin manager!

I want to give a special shout out to @cxiao.net (Thank You 🙏) who provided valuable feedback making the plugin experience better.

Happy rule writing!

Learn more @ github.com/xorhex/BinYars

the amount of businesses that use GoPhish as an otherwise legitimate mailer is ... concerning