Andreas Klopsch

I published an article how BlackByte evades EDR by removing kernel callbacks via abuse of vulnerable driver Rtcore64.sys news.sophos.com/en-us/2022/10/… #reverseengineering #malware #infosec #windows #cybersecurity #blackbyte #ALPHV #sophos #ida #ransomware #endpoint

⭐ RIFT Major Rearchitecture! Now more modular, extensible, and easier to use New experimental build 3 modes: file analysis, direct generation, HTTP API service Improved IDA Plugin! github.com/microsoft/RIFT #reverseengineering #malware #cybersecurity #infosec #RIFT

Recently, Microsoft's Digital Crimes Unit (DCU) facilitated a disruption of RedVDS infrastructure and related operations. microsoft.com/en-us/security… #infosec #cybersecurity #digitalcrime #cybercrime

The IDA Pro 9.3 release is just around the corner. hex-rays.com/blog/ida-9.3-t… #reverseengineering #idapro #malware #threatintel

🚨 RIFT Update 🚨 Improved rustc compiler detection ✅ Fixed bugs causing incorrect FLIRT signatures for nightly builds 🛠️ Plus, multiple stability fixes! We’re making RIFT easier to use—big features coming soon 😎 👉 github.com/microsoft/RIFT #RIFT #rust #microsoft #infosec

🚨 “A fake fix is all it takes.” ClickFix convinces users to run attacker commands themselves. Always verify before pasting anything into a terminal. Full analysis: microsoft.com/en-us/security… #malware #mstic #microsoft #infosec #cybersecurity

RIFT Update ⚡ Automate rustc_hashes.json updates with new Linux & Windows scripts! Easier than ever. 👉 github.com/microsoft/RIFT #CyberSec #MalwareResearch #RIFT

This is an amazing story about why companies should always think about who their customers are! Lesson: Don't mess with reverse engineers! codetiger.github.io/blog/the-day-m… #reverseengineering #cybersecurity #infosec

Just dropped: my RECON 2025 talk on Rust library recognition in malware! 🦀 Worth a watch if you're into RE or malware research. youtu.be/_JiuYkFzVgg?si… #malware #RIFT #microsoft #reverseengineering #rust

Lots of frustration in the malware analysis and reverse engineering community. It's been discovered a DEFCON talk, presentation, and the code which coincided with it, was AI slop. The talk itself had hallucinated terminology which (apparently) no one at DEFCON noticed. Bad.

#PipeMagic is a highly modular backdoor used by the financially motivated threat actor Storm-2460. It masquerades as a legitimate open-source ChatGPT Desktop Application. Microsoft Threat Intelligence encountered PipeMagic as part of research on an attack chain involving the exploitation of CVE-2025-29824, an elevation of privilege vulnerability in Windows Common Log File System (CLFS). PipeMagic is a sophisticated malware framework designed for flexibility and persistence. Quality blog by MSTIC malware intelligence, research and analysis (MIRAGE) team: microsoft.com/en-us/security… #pipemagic #mstic #mirage #threatintelligence

🚨 Ever tangled with virtual machine-based code protection? 🚨 In 2020, I wrote a virtual machine deobfuscator for a crack me challenge. Check it out! malwareandstuff.com/taming-virtual… malwareandstuff.com/taming-virtual… 🔍 #ReverseEngineering #MalwareAnalysis #windows #idapro #deobfuscation

🚨 Microsoft reports Russian APT Secret Blizzard is targeting embassies in Moscow with AiTM attacks using ApolloShadow malware. It installs a trusted root cert to spoof legit sites & maintain persistence—ongoing since 2024. 🧵 Details: microsoft.com/en-us/security… #CyberSecurity #APT #ThreatIntel

🚨 RIFT update! Now supports FLIRT signature generation on Linux 🐧 🔗 github.com/microsoft/RIFT #RustLang #MalwareAnalysis #ReverseEngineering #DFIR #FLIRT

🚨 RIFT Update: We’ve boosted our compiler detection! 🛠️ Now with sharper insights into binaries built using GNU, MinGW, and MSVC toolchains. More enhancements are on the way—stay tuned! 🔍✨ #ReverseEngineering #MalwareAnalysis #RIFT #malware #msft github.com/microsoft/RIFT

Do you find analyzing Rust binaries/malware tedious and unpleasant? You’re not alone! If you’re attending #REcon this year, our own @hackingump1 will be unveiling #RIFT today at 2PM EST (not at REcon? We got you covered, stay tuned). We have been using RIFT internally for some time and it has truly transformed the way we handle and analyze Rust binaries. cfp.recon.cx/recon-2025/tal… #RIFT #Rust #REon25 #MSTIC #MIRAGE

Unpacking VMProtect 3 (x64) 🤷‍♂️

Presenting "Unveiling RIFT: Advanced Pattern Matching for Rust Libraries" at RECON Montreal 2025! Sharing research on discovering Rust dependencies in compiled binaries. See you there! 🚀 #RECON2025 #RustLang #ReverseEngineering

@gavzik This was a repost from 2020, so I don't have the code anymore unfortunately!

@hackingump1 Hi I am interested to get your python source code to decrypt PebbleDash TLS traffic

The deep dive below into PebbleDash’s FakeTLS C2 protocol shows how North Korean APTs fake TLS handshakes and use hardcoded RC4 encryption to blend in with legit HTTPS traffic. malwareandstuff.com/reversing-pebb… #malware #infosec #reverseengineering #pebbledash #cybersecurity #windows

Recon CFP ends in less than 2 weeks on April 28. Prices for the training and conference increase on May 1st. Register now to save with early bird price. We have already announced a few talks and workshops, and more videos from last year have been released. recon.cx #reverseengineering #cybersecurity #offensivesecurity #hardwarehacking @hackingump1 @mr_phrazer @nicolodev @SinSinology @hunterbr72 @clearbluejar @phLaul @oryair1999 @hookgab @TheQueenofELF @So11Deo6loria @i0n1c @pedrib1337 @MalachiJonesPhD @Pat_Ventuzelo @KB_Intel @pinkflawd @Reverse_Tactics @OnlyTheDuck @t0nvi @DrCh40s @BrunoPujos @mhoste1 @andreyknvl @texplained_RE @jsmnsr @pulsoid @SpecterDev @richinseattle @yarden_shafir @aionescu @hackerschoice @SinSinology @sergeybratus @SpecterOps @oryair1999 @phLaul @trailofbits @HexRaysSA @nostarch @hexnomad @netspooky