David Álvarez

2.2K posts

David Álvarez banner
David Álvarez

David Álvarez

@wormable

#TeamGen malware analyst 🖖 (Norton, Avast, Lifelock, MoneyLion...) | Author of the book Ghidra Software Reverse Engineering for Beginners

Galicia, Spain Katılım Ocak 2019
685 Takip Edilen680 Takipçiler
Sabitlenmiş Tweet
David Álvarez
David Álvarez@wormable·
🚀 Ghidra 12.1 released! Major update with improved decompiler analysis, Dockerized Ghidra, enhanced debugger/emulation support, new filesystem & processor features, and additional security hardening across the 12.x branch. ⬇️ Download github.com/NationalSecuri… #Ghidra #Cyber
David Álvarez tweet media
English
7
1
3
214
David Álvarez retweetledi
vx-underground
vx-underground@vxunderground·
Microsoft: PowerShell is simple and easy to use. Actual PowerShell command: Remove-MgIdentityAuthenticationEventFlowAsOnGraphAPretributeCollectionExternalUserSelfServiceSignUpAttributeIdentityUserFlowAttributeByRef No, this isn't a joke. This was noted by @NathanMcNulty
vx-underground tweet media
English
100
223
3.5K
128.9K
David Álvarez retweetledi
Gen Threat Labs
Gen Threat Labs@GenThreatLabs·
After months of active development, #Amatera has gradually become the most prevalent #infostealer in our userbase. And it's not slowing down – we're now observing fresh Amatera builds newly introducing control-flow flattening and indirect control-flow obfuscation. IoCs ↓ 0bf1eda8374ff2e3eb705e37eac8d65750a4d85454f535346100056399eba16f e72ec2cbe762ca672a14a7ee660c0cab61ba020267c56f9ab8982e3be1f61a8b 58fe4ed4bc57c28b4da6b9230ff4c9d62528cdc00bba79b9f105d2a742426f4b
Gen Threat Labs tweet mediaGen Threat Labs tweet media
English
1
14
35
3.1K
David Álvarez
David Álvarez@wormable·
▶️ Security & Hardening 👉 Recent releases in the 12.x branch mitigated multiple publicly disclosed vulnerabilities, including: • Zip Slip path traversal issues in theme imports • Unsafe @execute annotation behaviors • Command injection and Jython path-related risks.
English
0
1
0
120
David Álvarez
David Álvarez@wormable·
🚀 Ghidra 12.1 released! Major update with improved decompiler analysis, Dockerized Ghidra, enhanced debugger/emulation support, new filesystem & processor features, and additional security hardening across the 12.x branch. ⬇️ Download github.com/NationalSecuri… #Ghidra #Cyber
David Álvarez tweet media
English
7
1
3
214
David Álvarez
David Álvarez@wormable·
▶️ Processor & Architecture Support 👉 Enhancements across AArch64, ARM, PowerPC, Tricore, MIPS, Xtensa, SuperH, x86 SSE4a, and more. 👉 Improved calling conventions, thunk detection, and instruction semantics.
English
0
0
0
30
David Álvarez
David Álvarez@wormable·
▶️ Importers & Formats 👉 Improved ELF, Mach-O, PE, and dyld_shared_cache support. 👉 Added zstd filesystem compression support and expanded handling for packed relocations and runtime entries.
English
0
0
0
23
David Álvarez
David Álvarez@wormable·
▶️ Containerized Ghidra 👉 Added official Dockerized Ghidra support with dedicated entrypoints for GUI, headless, server, BSim, and PyGhidra workflows.
English
0
0
0
26
David Álvarez
David Álvarez@wormable·
▶️ Debugger & Emulation 👉 New debugger integrations and improvements for GDB, LLDB, dbgeng, rr, and drgn. 👉 Enhanced symbolic emulation support and experimental Z3-based analysis workflows. 👉 Improved transaction management and dynamic listing capabilities.
English
0
0
0
25
David Álvarez
David Álvarez@wormable·
▶️ Decompiler & Analysis 👉 Expanded abstract interpretation capabilities using LiSA integration. 👉 Improved switch analysis, boolean-expression recovery, and optimized string detection. 👉 Better RTTI analysis and enhanced handling of complex structures and namespaces.
English
0
0
0
31
David Álvarez retweetledi
Alexandre Borges
Alexandre Borges@ale_sp_brazil·
The Exploiting Reversing Series (ERS) currently features 1051 pages of exploit development based on real-world targets: [+] ERS 09: exploitreversing.com/2026/04/28/exp… [+] ERS 08: exploitreversing.com/2026/03/31/exp… [+] ERS 07: exploitreversing.com/2026/03/04/exp… [+] ERS 06: exploitreversing.com/2026/02/11/exp… [+] ERS 05: exploitreversing.com/2025/03/12/exp… [+] ERS 04: exploitreversing.com/2025/02/04/exp… [+] ERS 03: exploitreversing.com/2025/01/22/exp… [+] ERS 02: exploitreversing.com/2024/01/03/exp… [+] ERS 01: exploitreversing.com/2023/04/11/exp… Now is the time to take a break to dedicate all my energy and focus to security research and new projects that will be announced in the coming weeks and months. Have a great day and enjoy reading. #exploit #exploitation #windows #chrome #macOS #iOS #hypervisors #vulnerability #research
Alexandre Borges tweet media
English
1
124
394
17.6K
David Álvarez retweetledi
vx-underground
vx-underground@vxunderground·
Big news for Blue Team nerds That nerd who released those Microsoft 0days has created two new repos on GitHub with spooky sounding names indicating they will be releasing two new Windows 0days. Very cool github.com/Nightmare-Ecli…
English
35
211
1.8K
70.7K
David Álvarez retweetledi
eversinc33 🤍🔪⋆。˚ ⋆
eversinc33 🤍🔪⋆。˚ ⋆@eversinc33·
When practicing on a VM crackme recently, I created a devirtualizer which lifts the virtual machine to LLVM to defeat the protection. LLVM-based devirtualisation is a lot of fun and I wrote down my experience and lessons learned on my blog: eversinc33.com/2026/05/07/llv…
English
19
101
502
33.9K
David Álvarez retweetledi
chompie
chompie@chompie1337·
malwareOwl was one of the first (and only) people to solve my Windows kernel CTF challenge last year. at the time they had never exploited a Windows UAF before.. very to cool to see their progress in a short period of time 🙂
malware Owl@malware_owl

Happen to find CVE-2026-3006 :D TL;DR: A TOCTOU bug. When trying to understand it to implement in a project that I was working on. Kudos to maintainer @BZissimopoulos for swift actions and fixes! The Story: While trying looking for ready made drivers for a project that I am working on, I chanced upon WinFSP. The question I had at the time was whether we could extract some file information using the driver without the need to implement kernel driver. However, as I was reading the implementation in a single screen, I spotted the a common pattern (Multi-fetch of size which is used in ExAllocatePool). After writing an exploit to show crash and fully exploit the driver to get SYSTEM, I was given CVE-2026-3006. The affected driver version can be exploited from Low Integrity CMD as well. Licensees that are using WinFSP or users using any tool that uses WinFSP under the hood are advised to upgrade to the new version of WinFSP! Demo (YouTube): youtu.be/aHV7GEBgy5Q

English
2
28
308
38.9K
David Álvarez retweetledi
Gen Threat Labs
Gen Threat Labs@GenThreatLabs·
#Remus has officially caught up with #Lumma. Over the past few weeks, our telemetry shows Remus to be already nearly just as active as Lumma. Remus is a newly rebranded 64-bit variant of Lumma Stealer that emerged from the ashes earlier this year. More details about Remus ↓ gendigital.com/blog/insights/… #malware #infostealer
Gen Threat Labs tweet media
English
0
7
16
952
David Álvarez retweetledi
HyperDbg
HyperDbg@HyperDbg·
Major milestone forward for HyperDbg supporting #Linux. We've made a major progress on porting HyperDbg to Linux (still a long road ahead). Now the HyperDbg SDK can be compiled with GCC for both user/kernel modes on Linux. More updates coming soon...👀 github.com/HyperDbg/Hyper…
English
1
8
43
2.7K

Keşfet

@NathanMcNulty @phrack @offensive_con @execute @belabs_engineer @belabs_james @elonmusk @BarackObama