Manuel

The FLARE team now freely distributes its quality reverse engineering and malware analysis educational content at github.com/mandiant/flare…. Launched with: - Malware Analysis Crash Course - Go Reversing Reference - Intro to TTD

Finally a safe approach.. Who needs performance anyway..

Hmm.. Fully broken until 2030? Wonder if that estimate holds. :-)

@KorbenD_Intel It's callled 'performance tuning'..

Just why Microsoft...

Well.. time to migrate from telnet to something else..

quite matching..

blog.recurity-labs.com/2026-03-02/Far… If you have any fond memories of FX, the lovely team at Recurity Labs would love to hear from you

We lost FX. A lot of people wrote about this so I feel comfortable sharing here too. I’m heartbroken. We’re heartbroken. At 8 am pacific today (Monday), we are gathering on Zoom to share memories of FX, as a community. Ping me for a link.

@JeremyUnplugged Jup.. Changed flight shortly before departure. Obviously suspicious.

Raise your hand if you were ever heavily questioned by El Al security. 🙋🏽‍♂️

Another example of using secure crypto primitives in a insecure way..

Sigh.. Why can't they just leave notepad.exe alone..

Update on the 58.5GB Windows driver analysis. After cleanup & dedup: ~28k drivers → 467 high-risk candidates. What stood out wasn’t rare bugs, but how often legacy patterns and fixes reappear across drivers. Part 2: threatunpacked.com/2026/02/04/bui…

@veorq for critical stuff I usually refer to the "Crystalline Cipher".. SCNR

You’d have to be braindead to believe AES is secure in 2026. When we analyzed how AES implemented its “encryption”, we found multiple attack vectors. Use OEE instead github.com/veorq/oee

Net-NTLMv1 is outdated, insecure, and must go. 🛑 To help defenders prove the risk and accelerate deprecation, we’ve released a comprehensive dataset of rainbow tables. See how easily these keys can be recovered, and secure your environment. Read more: bit.ly/4qpV6MJ

@ricci/115747843169814700" target="_blank" rel="nofollow noopener">discuss.systems/@ricci/1157478… historic recovery of a very old UNIX version from tape..

Great initiative by MS. Let's hope they add some more forensic artifacts..

.. If you think your frame rate is bad you should try this.. :-)

@DimitriosKottas cavity filters are pure magic.. ;-)

“No, it’s not what you think it is. It’s worse. Much worse"

.. in case you still lack some christmas feeling. thingiverse.com/thing:7228186

@malmoeb One of my favourite reports..

For a new project, I started to dig into older threat reports, like for example, "The ProjectSauron APT" from 2016. [1] The interesting thing about these old reports is that you see techniques mentioned before that are still used 10 years later. "ProjectSauron usually registers its persistence module on domain controllers as a Windows LSA (Local System Authority) password filter. This feature is typically used by system administrators to enforce password policies and validate new passwords to match specific requirements, such as length and complexity. This way, the ProjectSauron passive backdoor module starts every time any domain, local user, or administrator logs in or changes a password, and promptly harvests the passwords in plaintext." There are various ways to register such "password filters", but the screenshot is from a recent case (and from one of my presentations) in which the attacker registered a new NetworkProvider to steal cleartext credentials. Techniques which are 10+ years old are still working and (mis-)used by attackers.. 🤷 [1] media.kasperskycontenthub.com/wp-content/upl…