Ali Hadi | B!n@ry

Please don’t lie to me… I can respect a bad decision you made, but I can’t respect a lier!

I’m excited to announce the inaugural CrowdStrike Day Zero 2026 Threat Research Summit, an invite-only event for researchers, defenders, and cost-imposing warriors on the front lines of cyber conflict. Day Zero will showcase cutting-edge technical work, advanced research into adversaries and technology, and foster the kind of discussion that challenges assumptions and sharpens ideas. CrowdStrike researchers are already submitting their ideas. The Call for Papers (CFP) is open, and these sessions will be closed-door, with strict information-sharing protocols in place. Evening kickoff: Aug 30th | Day Zero 2026 Summit: Aug 31st *Ahead of Fal.Con Vegas | 📍Mandalay Bay, Las Vegas Register for updates and submit your paper. crowdstrike.com/en-us/events/d…

The Evidence Locker new additions: - @MagnetForensics MUS/MVS CTF images including 2026's (thanks to @Hexordia) - Ashemery challenges (@binaryz0ne) - MemLabs memory challenges (@_abhiramkumar) - HackForge forensic challenges #CTF #TestImages #DFIR theevidencelocker.github.io

I am excited to release the seventh article in the Exploiting Reversing Series (ERS). Titled “Exploitation Techniques | CVE-2024-30085 (part 01)” this 119-page technical guide offers a comprehensive roadmap for vulnerability exploitation: exploitreversing.com/2026/03/04/exp… Key features of this edition: [+] Dual Exploit Strategies: Two distinct exploit versions using Token Stealing and I/O Ring techniques. [+] Exploit ALPC + PreviousMode Flip + Token Stealing: elevation of privilege of a regular user to SYSTEM. [+] Exploit ALPC + Pipes + I/O Ring: elevation of privilege of a regular user to SYSTEM. [+] Solid Reliability: Two complete working and stable exploits, including an improved cleanup stage. [+] Optimized Exploit Logic: Significant refinements to the codebase and technical execution for better stability and predictability. The article guides you through the two distinct techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow vulnerability. I would like to thank Ilfak Guilfanov (@ilfak on X) and Hex-Rays SA (@HexRaysSA on X) for their constant and uninterrupted support, which has helped me write these articles over time. I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback! Enjoy your reading and have an excellent day.

Calling all threat hunters, reverse engineers, and intel experts 🕵️‍♂️💻 The inaugural Day Zero Threat Research Summit hits Las Vegas (Aug 30–Sept 1). We’re gathering intelligence experts to expose the latest adversary tradecraft. 🔍 crwdstr.ke/6018hAWe8 Call for Research is OPEN: ✅ AI Tradecraft ✅ Reverse Engineering ✅ Detection

Two more screenshots as you ponder the current state of #DFIR education involving Windows swap.

You don't learn reverse engineering by reading about it. You learn by doing it. That's why I built malops.io, a free platform with hands-on RE challenges using real malware: Whether you're starting out or sharpening your skills, this is how you level up.

I am pleased to announce the publication of the sixth article in the Exploiting Reversing Series (ERS). Titled "A Deep Dive Into Exploiting a Minifilter Driver (N-day)", this 251-page article provides a comprehensive look at a past vulnerability in a mini-filter driver: exploitreversing.com/2026/02/11/exp… It guides readers through the entire investigation process—beginning with binary diffing and moving through reverse engineering, deep analysis and proof-of-concept stages into full exploit development. I hope this serves as a valuable resource for your research. If you enjoy the content, please feel free to share it or reach out with feedback. Have an excellent day!

@tiilw1 @brettshavers dfir at proton

@binaryz0ne @brettshavers Thank you , Can you provide Your Email

I want to thank @brettshavers for the opportunity taking his "DF/IR Investigative Mindset" course! This is an amazing course for everyone! Whether you're a vetran or just starting your #DFIR career. I can't recommend it enough. Brett, thank you so much 🙏🏻

@tiilw1 @brettshavers I think I have an old document that I can share with you. Please send me an email and I’ll send it to you.

@binaryz0ne @brettshavers My inquiry Lab RansomCare is whether there is any hint or Wirte-ups

CrowdStrike has identified WARP PANDA, a China-nexus actor targeting vCenter and cloud environments with custom implants and long-term covert access. 🔗 Full analysis and recommendations: crwdstr.ke/601374Kwx

@tiilw1 @brettshavers You can write here or send me an email. I’ll do my best to get back to you as soon as I can.

@binaryz0ne @brettshavers How can I contact you?

5 Signs of Genuinely Good Person... ‼️‼️

It’s official! The new #tsurugi #linux release is online ready for you! It has been almost one year of work in our free time and we reduced the iso image size about 5GB mainly keeping the same tools. We hope you’ll find it useful! #Enjoy!

Check out our latest Insights article "Quick Tour Of New Features In Arsenal Image Mounter v3.12.331" to see highlights (lots of screenshots!) of the latest AIM functionality: arsenalrecon.com/insights/quick…. #DFIR

TERABYTES OF FORENSIC TEST IMAGES HUNDREDS OF CTFs dfir.training/downloads/test… #DFIR #CTF

CrowdStrike is tracking a mass exploitation campaign almost certainly leveraging a novel zero-day vulnerability — now tracked as CVE-2025-61882 — targeting Oracle E-Business Suite (EBS) applications for the purposes of data exfiltration. crowdstrike.com/en-us/blog/cro…

Week 38 - 2025 #DFIR thisweekin4n6.com/2025/09/21/wee…

HTML Smuggling Leads to Domain Wide Ransomware ➡️Initial Access: Thread-Hijacked Email > HTML Attachment ➡️Credentials: LSASS Access, SessionGopher ➡️Lateral Movement: RDP, PsExec ➡️C2: IcedID, Cobalt Strike ➡️Impact: Nokoyawa Ransomware thedfirreport.com/2023/08/28/htm…

If anyone needs #DFIR case studies for their practice, training, whatever? Then please check the ones I've created over the years! Enjoy them! #Cybersecurity ashemery.com/dfir.html

@lawrencexwthuku You’re welcome!

@binaryz0ne Thanks