LE BERRE Stéfan

Analyse et recoupement de malwares avec #Exalyze By @ExaTrack At OSSIR meeting ↘️ youtu.be/VWa447RdLmg

🎯 Happy 2026, Threat Hunters! We compiled 12 battle-tested tips to hunt the unknown, no IOCs, just anomalies. 🔍 Windows/Linux 💥 Scaled to 10K+ endpoints 👉 blog.exatrack.com/Happy_2026_A_G… #ThreatHunting #Cybersecurity #DFIR #UnknownThreats

Discover a new linux backdoor hidden for 10 YEARS in a critical HTTP server, waiting for a "magic packet" to wake up. Undocumented TTP. Full report: blog.exatrack.com/Butoflex%20pas… #Malware #ThreatHunting #Cybersecurity @ExaTrack @LoginSecurite

Exalyze 1.0 is out 🥳 What's new on it? - Analysis pipeline rebuild for transparent updates - Yara generation (opcodes) have been improved - Pivots added for IP/domains to @virustotal @shodanhq @censysio @onyphe @fofabot See you on exalyze.io

I'm glad to share my talk at @Botconf 2025! Do you want to know how we compare a sample with 150k others in seconds on @Exalyze_io? This talk is made for you 🚀 At the end, you'll get a hint on what's coming next for Exalyze! 😉 youtube.com/watch?v=TS8XO2… exalyze.io

Good morning! Just published a blog post diving into Windows Kernel Pool internals: basics, memory allocation functions, internal structures, and how Segment Heap, LFH, and VS work. r0keb.github.io/posts/Windows-…

A well-done article written by @memn0ps: Hypervisors for Memory Introspection and Reverse Engineering: secret.club/2025/06/02/hyp… #reverveengineering #infosec #hypervisor #memoryanalysis #windows #rust

🚀 Take your malware analysis skills to the next level with Exalyze Discover our unique capabilities to compare malware code with our entire database, identifying similar samples and uncovering hidden connections. 👉 exalyze.io @Exalyze_io

#Podcast #Cybersécurité Épisode #501 : détection vs. recherche de compromissions (suite de l'épisode #491), avec @Heurs nolimitsecu.fr/detection-vs-r…

Think HVCI and kCET mean the end of kernel code execution? I wrote a blogpost exploring an alternative way to execute a kernel payload! :) blog.slowerzs.net/posts/keyjumpe…

Probably worth reposting this for the first day of #100DaysofYARA

Kdrill update 📢 ARM64 support added, hunt those rootkits before they adapt to your Winows! github.com/ExaTrack/Kdrill

3+ YEARS of stealth! We uncovered new tactics used by the perfctl malware, including a userland rootkit & an SSH backdoor (a single SPACE in /etc/passwd!). More insights: blog.exatrack.com/Perfctl-using-… #cybersecurity #threat_hunting #linux #infosec #perfctl #rootkit #ssh #exatrack

Hey :) If you missed your daily Frenglish dose, my talk about Octo at @virusbtn is now available on Youtube: youtube.com/watch?v=H8y9d_… Talked about malware, infrastructure, bulletproof hoster, and more. The full paper is also available in the description :) @teamcymru_S2

Slides & video from our @GrehackConf talk "Attacking Hypervisors - A Practical Case" are online! Learn how we exploited vulnerabilities to escape VirtualBox during Pwn2Own Vancouver 2024: reversetactics.com/publications/2…

In our search for new forensic artifacts at @ExaTrack, we sometimes deep dive into Windows Internals. This one is about COM and interacting with remote objects using a custom python LRPC Client. STUBborn: Activate and call DCOM objects without proxy: blog.exatrack.com/STUBborn/

So far, I have written 706 pages to help the security community. My goal will be writing new articles of the Exploiting Reversing Series (ERS), which is focused on security research. However, I am planning to write one or two additional articles of my previous series MAS (Malware Analysis Series) to finish it off. 10. exploitreversing.com/2024/01/03/exp… 09. exploitreversing.com/2023/04/11/exp… 08. exploitreversing.com/2024/08/07/mal… 07. exploitreversing.com/2023/01/05/mal… 06. exploitreversing.com/2022/11/24/mal… 05. exploitreversing.com/2022/09/14/mal… 04. exploitreversing.com/2022/05/12/mal… 03. exploitreversing.com/2022/05/05/mal… 02. exploitreversing.com/2022/02/03/mal… 01. exploitreversing.com/2021/12/03/mal… #windows #idapro #kerneldrivers #kernel #infosec #reversing #malwareanalysis #vulnerability #securecode

Kdrill: Python tool to check rootkits in Windows kernel meterpreter.org/kdrill-python-…

Excited to share my latest article: PgC - a novel approach to disable Patchguard during runtime using basic memory management principles. It has worked against every version of Patchguard for the last 7 years, without needing any updates! blog.can.ac/2024/06/28/pgc…