clibm079

"To truly understand an adversary, you must rise to — or beyond — their depth.Because only depth reveals intent." #CyberSecurity #MalwareAnalysis #APT #NationalLevelAPT #ThreatIntel #ReverseEngineering

idacpp 0.0.2 [github.com/allthingsida/i…] now supports 'plugins' that allow the c++ interpreter to come preloaded for certain header files or c++ libraries. For now, you can configure it to work with github.com/19h/idax out of the box.

Before dropping my next article (ERS_08), I’ve updated the ERS 06 article (rev C.1): exploitreversing.com/2026/02/11/exp… This revision features a refined ALPC exploit with a new stage and an extended cleaner stage, ensuring a stable exit and preventing system crashes. I’ve also fixed several minor issues and uploaded a new video demonstrating the practical execution. Enjoy the read and have an excellent day! #vulnerability #exploitation #cybersecurity #windows #exploit

Debugging - WinDBG & WinDBGX Fundamentals by Corelan corelan.be/index.php/2026…

👁️ LOLC2 Collection of C2 frameworks abusing legitimate services to evade detection Major update: new projects tested, enriched data, and deeper insights. site: lolc2.github.io github: github.com/lolc2/lolc2.gi…

Returning to ancient philosophy—know yourself. AI is one such way to help us understand ourselves; it has helped me too much during my learning process. For example, it helps me understand how I think, what I haven't thought of, my observation methods, my thought processes....

AI is on fire, but I use it to accelerate learning while prioritizing building my own expertise, judgment, and understanding first — it also helps me sharpen my cognitive abilities.

@hasherezade In addition, I don't rely on any one AI; I might try to compare the responses of different AIs, which will give me different insights.

@clibm079 IMO the best use of AI is if you treat it as your personal coach and a sparing partner who can challenge your views and help you uncover blind spots you wouldn’t notice yourself.

@hasherezade I sometimes use it for data analysis. It provides me with structured observations, which are very comprehensive. Sometimes, it even helps me discover new ways of observing things that I hadn't thought of before. It's fantastic.

@hasherezade Yes, it can also help us better observe ourselves and the world in a structured way, including the blind spots you mentioned, our own perceptions, and how we see problems, etc., which is very helpful.

Understanding malware analysis and its challenges Discover what to expect in a malware analyst career, from the types of malware you'll encounter to important tools to use to difficulties that arise for those new to the field. techtarget.com/searchsecurity… via @techtargetnews

Unveiling the details of Windows VTL2, despite its absence in the MSDN documentation. 🤔 #hyperv #windows #virtualization howknows.github.io/roooot.github.…

If you want to learn malware development you need to do two things 1. Learn to code without the assistance of an LLM 2. Learn malware techniques, tactics, and procedures (TTPs). It doesn't really matter which one you start with. When I first started, I started with #2. I wasn't particularly interested in learning to program, but the theory and underlying concepts fascinated me. If you choose #2 you don't have to get super low level and start studying Windows internals (in this context I'm discussing Windows malware). You just need to know how a particular method works fundamentally. I think malware TTPs are really cool and I loved learning about them (I still do). What you'll eventually discover however is that TTPs "stack". You'll see newer techniques are based off of older techniques or they're slightly modified variants of older techniques. You'll also see some of the TTPs are completely legitimate things which are abused. You don't need a fancy course to study malware TTPs. You can just Google it or ask an LLM, or something.

#ESETresearch analyzed more than 80 EDR killers, seen across real-world intrusions, and used ESET telemetry to document how these tools operate, who uses them, and how they evolve beyond simple driver abuse. welivesecurity.com/en/eset-resear… 1/6

Researchers at @ctrlaltintel once again yanked an APT into the spotlight due to sloppy trade craft. Today its FancyBear! Check out the full write up. As always, none of this is possible without @polygonben and others @ctrlaltintel ctrlaltintel.com/threat%20resea…

Trend Micro reveals that the Warlock ransomware group has enhanced its attack chain, including improved methods for persistence, lateral movement and evasion using an expanded toolset: TightVNC Yuze & a persistent BYOVD technique leveraging the NSec driver trendmicro.com/en_us/research…

@bluegatar @hasherezade Thank you, I use it to capture API sequences and get the "first view" to learn about thinking and design; I'm still studying... 💙

@hasherezade @clibm079 Pin 适合： - 需要指令级精度的深度分析 - 分析有反调试/反Hook的恶意样本 - 学术研究、Fuzzing、符号执行 - 分析壳、shellcode、自修改代码 不适合： - 日常逆向分析 - 快速了解程序行为 - GUI 程序（太慢） - 需要实时交互的场景

Manual DLL debugging takes time. My "first view" approach: 1. DLL → EXE 2. TinyTracer to capture API behavior Quickly reason about malicious actions before deep analysis. #dll_to_exe #TinyTracer #BareTail

@hasherezade It works very well with DLL; you think a lot. Amazing job!💙

@clibm079 Just a tip: you don't have to convert a DLL to EXE to trace it with TinyTracer: github.com/hasherezade/ti…

@hasherezade Thank you! happy for learning new things again!🌹

Very impressive independent research into modern software obfuscation used by Anti-Cheats, conducted by @belabs_engineer and @belabs_james youtube.com/watch?v=3LtwqJ…