Cybersecurity related awesome list: blog posts, write-ups, papers and tools related to cybersecurity, reverse engineering and exploitation
Author: @0xor0ne
github.com/0xor0ne/awesom…
#cybersecurity #infosec
English
cr3ghost
99 posts
cr3ghost
@cr3ghost
A student passionate about reverse engineering, windows internals, anti-cheat research, malware research, and exploit research. Aspiring red teamer.
Australia شامل ہوئے Mayıs 2026
239 فالونگ584 فالوورز
Thousands of GTA V Players Have Been Exposed After Cheat Service Has Been Hacked
A GTA V cheat service called Atlas Menu has reportedly been hacked, exposing data linked to around 64,000 user accounts.
The person behind the breach claims they gained full access to Atlas Menu’s systems and leaked the database online. This means user information tied to the service could now be in the hands of others.
English
While gamers debate kernel anti-cheat, ring-1[.]io was shipping a Themida-protected UEFI bootkit that injects into Hyper-V, manipulates EPT entries, clones game page tables, and hides memory contents below the OS entirely.
After partially deobfuscating their binaries and recovering critical functions, this is what was inside.
Bungie and Ubisoft sued them.
They found $12 million in Bitcoin and kept going.
This is what kernel anti-cheat is actually fighting.
back.engineering/blog/04/02/202…
Authors: @BackEngineerLab
#AntiCheat #Malware #InfoSec
cr3ghost@cr3ghost
Gamers worry about kernel anti-cheats when any user-mode software (ring-3) can already read your passwords, browser history, log your keystrokes, record your camera, steal your files, and exfiltrate your data. Spyware has never needed the kernel. Kernel access is not what makes something spyware. Cheaters have been loading kernel drivers and hypervisors for years to hide from detection. A usermode anti-cheat has no way to detect something already operating below it. Loading at boot is necessary. If anti-cheat loads after a cheat driver is already in the kernel, it has already lost. Read: Why Anti-Cheat Software Utilize Kernel Drivers secret.club/2020/04/17/ker… Author: @vm_call from @the_secret_club #AntiCheat #GameSecurity
English
@thedawgyg This might help you since it's all free: x.com/cr3ghost/statu…
cr3ghost@cr3ghost
Alexandre Borges has published over 700 pages of free security, malware and vulnerability research. A complete Malware Analysis Series covering Windows, macOS, iOS, Linux and shellcode. An Exploiting Reversing Series covering Windows kernel exploitation, Hyper-V, Chrome, and a three-part deep dive on CVE-2024-30085. No paywall. No course. Just research. Free as in beer. exploitreversing.com Author: @ale_sp_brazil #ReverseEngineering #MalwareAnalysis #InfoSec
English
As promised Rustypacker has released today.
A native Rust shellcode packer with a GUI
Repo:- github.com/Whitecat18/Rus…
What did I bring to the table :-
- Indirect syscalls for memory allocation and protection by default.
- AES-256-CBC, XOR, UUID-encoded shellcode encryption.
- Six self-injection paths through callback APIs.
- Fiber switch self injection.
- Three remote-process injection.
- Anti-debuging Techniques.
- NtDelayExecution sleep evasion with placement control.
- Domain pinning evasion.
- Output formats: EXE, DLL, DLL Sideload (Sideload or Proxy with auto-generated .def for unhandled
exports).
- Builds for x86_64-pc-windows-msvc and x86_64-pc-windows-gnu.
- DllMain stays a NO-OP. Payload rides four COM-friendly exports: Run, DllRegisterServer,
DllGetClassObject, DllUnregisterServer.
- crt-static link. No runtime DLL footprint.
- XOR-obfuscated NT API names embedded in the binary.
- Generated target/ auto-cleaned after each successful build.
#redteam #malwaredev #rust #offsec #infosec #windbg
English
@ChaoticEclipse0 @_xpn_ you should create a fund page (so we can donate), so you can get top lawyers. get the media involved as well. they are trying to make an example out of you. but you should make example out of them.
English
@Pirat_Nation tell me again why everyone is integrating AI into their organisation and technologies?
English
Meta confirmed a vulnerability in its AI-powered Instagram support assistant that was exploited to take over user accounts.
The AI could be convinced to change the email linked to an account without properly checking who was making the request.
Once the email was changed, hackers could reset the password and lock out the real owner.
Meta has fixed the vulnerability but they didnt explain how the hell this happened
English
@nnwakelam i agree. Ruined industry. it is getting harder and harder to determine skillset because of AI slop.
English
Alexandre Borges has published over 700 pages of free security, malware and vulnerability research.
A complete Malware Analysis Series covering Windows, macOS, iOS, Linux and shellcode. An Exploiting Reversing Series covering Windows kernel exploitation, Hyper-V, Chrome, and a three-part deep dive on CVE-2024-30085.
No paywall. No course. Just research. Free as in beer.
exploitreversing.com
Author: @ale_sp_brazil
#ReverseEngineering #MalwareAnalysis #InfoSec
English
Gamers worry about kernel anti-cheats when any user-mode software (ring-3) can already read your passwords, browser history, log your keystrokes, record your camera, steal your files, and exfiltrate your data.
Spyware has never needed the kernel. Kernel access is not what makes something spyware.
Cheaters have been loading kernel drivers and hypervisors for years to hide from detection. A usermode anti-cheat has no way to detect something already operating below it.
Loading at boot is necessary. If anti-cheat loads after a cheat driver is already in the kernel, it has already lost.
Read: Why Anti-Cheat Software Utilize Kernel Drivers
secret.club/2020/04/17/ker…
Author: @vm_call from @the_secret_club
#AntiCheat #GameSecurity
cr3ghost@cr3ghost
Vanguard runs at boot because cheats run at boot. Riot clones the PML4 table, inserts a shadow entry into a free slot, hooks SwapContext, and swaps CR3 per-thread at context switch time. If it was spyware, researchers would have found it. They found this instead. Reverse engineering is an art. When in doubt, reverse it. #ReverseEngineering #Vanguard #InfoSec Full RE breakdown by @Xyrem256: reversing.info/posts/guardedr…
English
@IAMERICAbooted @filip_dragovic Perhaps they should stop using AI, especially for important features.
English
@Pirat_Nation You can read about why this is important here:
cr3ghost@cr3ghost
Vanguard runs at boot because cheats run at boot. Riot clones the PML4 table, inserts a shadow entry into a free slot, hooks SwapContext, and swaps CR3 per-thread at context switch time. If it was spyware, researchers would have found it. They found this instead. Reverse engineering is an art. When in doubt, reverse it. #ReverseEngineering #Vanguard #InfoSec Full RE breakdown by @Xyrem256: reversing.info/posts/guardedr…
English
Windows on ARM Gaming Gets Major Anti-Cheat Support
Nvidia’s new RTX Spark platform is helping solve one of the biggest problems of Windows on ARM gaming: anti-cheat support.
Anti-cheat software runs at a very low level of the operating system and is required by many online games, If the anti-cheat doesn’t support ARM, the game usually won’t launch, regardless of how powerful the hardware is.
Nvidia is working with major anti-cheat providers like Easy Anti-Cheat, BattlEye, and Denuvo to add support for games including Fortnite, VALORANT, League of Legends, and PUBG.
English
@ShitSecure @x33fcon do you have the syllabus? i may try make it. Congrats btw!
English
@msftsecresponse “Misunderstanding”? LOL 😂 did your communications team write this?
English
Over the past several days, we have been listening to the conversation around coordinated disclosure and the relationship between security researchers and vendors. We recognize that this relationship is both critical and, at times, fragile. We deeply value the security community, and will continue to take your feedback seriously.
To be clear about our approach to legal matters, we have no intention to pursue action against individuals conducting or publishing their security research. When an individual breaks the law and engages in malicious activity causing real harm to our customers, we will work with law enforcement as appropriate.
We recognize the work that goes into researching and submitting a vulnerability. We are committed to approaching every interaction with transparency, clear communication, and professionalism. We continue to believe strongly in Coordinated Vulnerability Disclosure as the foundation for protecting customers and improving our products. Each year we process a high volume of vulnerability reports. That volume continues to grow and will continue with the rise of AI-enabled research. We acknowledge that some interactions have fallen short and are working to learn from them.
Many of us have experience on both sides of this work, as researchers reporting vulnerabilities and as responders triaging and assessing them. That perspective informs how we approach this feedback and the importance we place on getting it right, particularly as the volume and complexity of research continues to grow.
The security community plays a vital role in helping us protect customers. We are committed to maintaining a constructive and respectful relationship and growing together. We know that, given the nature of this work, there will at times be misunderstandings. We remain committed to engaging in good faith and to providing a respectful and professional experience for all researchers, regardless of past interactions.
English
@mr_phrazer @nicolodev @reconmtl im a big fan of your work @mr_phrazer . in the future I look forward to some of your training. Do you have any plan on remote training?
English
I fully agree: even targets such as anti-cheats and gaming DRMs have become significantly easier to analyze with agents, if you know how to guide them and validate their results.
@nicolodev and I will about that at @reconmtl:
cfp.recon.cx/recon-2026/tal…
Alex Matrosov@matrosov
Previous generations of software protection (DRM perspective) have always relied on code complexity (for RE), compute limitations, and human limitations as the guarantees that kept hacking timelines reasonably long. That's changed now. Beyond the acceleration in vulnerability research and malware analysis, the same new reality applies to software protection, and security by obscurity, or assuming the attacker is limited in compute and motivation, no longer works.
English
@eversinc33 looks awesome. how long did you take? And what do you plan on adding next?
English
Spent the last 2 weeks working on a devirtualizer for VMProtect 3.5 and learning Remill. Idk yet if I will blog about it, but I at least wanted to publish the code:
github.com/eversinc33/Mog…
The approach is different from my last blog, as it lifts the whole x86 code of the VM
English
@C5venom I'm very happy that I don't care about competitive multiplayers because all this stuff is horrifying. Would never play any game that needs privileged kernel access for any reason whatsoever. Regular DRMs like Denuvo are bad enough sometimes but at least userland.
English
People complain about kernel anti-cheat until they see what EAC actually does to stay ahead.
CR3 encrypted inside EPROCESS. KdpTrap hooked to catch anything touching it during context switches. NtCreateUserProcess emulated so cheats grabbing DirectoryTableBase at process creation get a fake one.
This is what fighting kernel-level cheats actually looks like.
Full breakdown by 0xavx: web.archive.org/web/2025042514…
#AntiCheat #GameSecurity
cr3ghost@cr3ghost
People complain about kernel anti-cheat while cheat devs are literally writing custom hypervisors to hide from detection. The threat model demands ring-0. Read how anti-cheats actually detect system emulation and tell me they're overreacting: secret.club/2020/04/13/how… Authors: @the_secret_club #AntiCheat #InfoSec #GameSecurity
English