me.c3

the developer helped to solve everything

How to fix the Yara signatures empty field? This tab stopped displaying information for me on any open file.

We are thrilled to announce the winners of the 2024 Hex-Rays Plugin Contest! 🥇1st Place: hrtng 🥈2nd Place: aiDAPal 🥉3rd Place: idalib Rust bindings Check out our reviews of the winners and other notable submissions here: eu1.hubs.ly/H0gRDRn0 Huge thank you to all participants for their innovative contributions. Your creativity continues to enhance the IDA community. #HexRays #IDAPro #PluginContest #ReverseEngineering

My colleagues wrote about unpacking PyArmor V8 #PyArmor cyber.wtf/2025/02/12/unp…

🚀 Today I'm launching ArgFuscator: an open-source platform documenting command-line obfuscation tricks AND letting you generate your own 🔥 68 executables supported out of the box - use right away, make tweaks, or create your own 👉 Now available at argfuscator.net

Bypass AMSI by uninitializing the IActiceScript object (zero ptr at 0x3c8). Slightly modified wscript no longer calls into AMSI.

I created a hypervisor-based emulator for Windows x64 binaries. This project uses Windows Hypervisor Platform to build a virtualized user-mode environment, allowing syscalls and memory accesses to be logged or intercepted. elastic.co/security-labs/… Project: github.com/x86matthew/Win…

@filip_dragovic try for another dir not C:\Config.Msi or with > medium IL

Seems that new windows update bring some changes in NTFS as its no longer possible to delete folders with ::$INDEX_ALLOCATION allocation trick with DeleteFile api.

DataExplorer is a plugin for @x64dbg that integrates the pattern language from @WerWolv's ImHex. You can quickly visualize data structures in memory!

Small gift for you! 🔺🟦🔺 Code to reliably stop almost any 3rd party Windows security system, via ci!CiValidateFileAsImageType. No privileges needed at all, user rights are enough. Shall work on most OS: 10 22H2, 11 24H2, WS2022. But: it requires CI policies (e.g. HVCI/UMCI on).

Updated #TinyTracer (v2.9) is out: github.com/hasherezade/ti… ! Now you can trace indirect #syscalls, and dump context before each logged instruction.

"Raspberry Robin uses an interesting approach to avoid detection while adding registry data. Rather than modifying the Windows registry directly using common Windows API functions (e.g. RegOpenKey, RegSetValueEx), Raspberry Robin first renames the target registry key to a random one, writes the registry data into the renamed key, and renames it back to its original name. However, if administrator privileges are available, Raspberry Robin uses a different approach. At first, it renames the registry key, creates an offline registry hive in the Windows temporary directory with a random filename. Then, it writes the registry data in the offline registry hive and loads the offline hive to the global registry tree using ZwRestoreKey." zscaler.com/blogs/security…

I wrote an article about known attacks on Elliptic Curve Cryptography, check it out! github.com/elikaski/ECC_A…

@threatactress flare-on11.ctfd.io lvl9 - serpentine

flareon serpentine.exe ?

@malcat4ever @joe4security does the option require a corporate tariff to the sandbox? no access to dumps on a free communitie account

TIL a new shortcut to download all process dumps in @joe4security. Very convenient to quickly unpack malware:

You've coded brilliant fallback codepath for case when menacing 𝐁𝐞𝐞𝐩 EDR is running, but have no rights to check its presence? EZ check: isBeepEdrDriverRunning = NtQueryFullAttributesFile( ObjAttr(L"\\Driver\\Beep"), NtCurrentTeb()) == STATUS_OBJECT_TYPE_MISMATCH;

@aldityairfan this lvl is crazy

I've picked up a lot from this #flareon11

Introducing Early Cascade Injection: from Windows process creation to stealthy injection outflank.nl/blog/2024/10/1…

@TriggerMeHappy Stuck on level 5. What should i pay more attention to: the LZMA algorithm, RSA or download symbolic names for some additional libraries?

Finished the first 5 challenges of #flareon11 and feeling already tired :D