Exciting times. I'm publishing Dittobytes today after presenting it at @OrangeCon_nl !
Dittobytes is a true metamorphic cross-compiler aimed at evasion. Use Dittobytes to compile your malware. Each compilation produces unique, functional shellcode.
github.com/tijme/dittobyt…
blog.malicious.group/the-quiet-side…
This is a living document at the moment, but here it is for now. 😅As mentioned in the paper, if you are a researcher and have questions after reading, just reach out to me and I will answer everything I can.
Wintel is coming for your SMEP bypasses!
No more flipping the U/S bit in a PTE to mark a user-mode page as supervisor-mode on Intel Arrow Lake CPUs :)
(note: this is meant for protection against speculative attacks, with the side effect of becoming SMEP 2.0)
Published the third part of my blog series about Hydroph0bia (CVE-2025-4275) vulnerability, this one is about the fix as Insyde applied it, and my thoughts on improvements for it.
coderush.me/hydroph0bia-pa…
Releasing this fun tool Golem based on @0xdea, LLVM, LLM and @semgrep
Golem automates C/C++ vulnerability discovery by combining Semgrep rule scans, LLVM call-graph & CFG slicing, and AI-driven context analysis.
Tool: github.com/20urc3/golem
Article: bushido-sec.com/index.php/2025…
Here's our new blog on hiding your implant in VTL1, where even an EDR's kernel sensor can't see it.🧑🦯
Post includes full operational details. Plus our OST offering has been updated with a Cobalt Strike sleep mask exploiting secure enclaves.
Full read ➡️ outflank.nl/blog/2025/06/1…
Dive deep into malware detection with the latest article by John Uhlmann: "Call Stacks: No More Free Passes for Malware." Discover how call stacks provide vital insights into malware behavior. Read more: go.es.io/4kDWjgr
New post: dawnslab.jd.com/%E4%B9%8B%E6%A… writeup for CVE-2025-22056, which we also found but collide with other researchers. A nice bug that can be stably exploited to get kernel privilege on Ubuntu.
Good morning! Just published a deep dive into PatchGuard internals: how it works, key internal functions, context init, and possible bypasses. r0keb.github.io/posts/PatchGua…
New blog post: Fuzzing Microsoft Defender's mpengine.dll using snapshot fuzzing (WTF, kAFL/NYX). We uncovered several out-of-bounds read & null dereference bugs that can crash the main Defender process on a file scan. Details -> labs.infoguard.ch/posts/attackin…
I wrote-up how I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation. Link to the blog post below 👇
25K Followers 26K FollowingA Hacker who is A Lover of People, and Life @RetroTwinz @Secbsd, @GrumpyHackers, @NovaHackers, @deadpixelsec @hacknotcrime Advocate @PositivelyBlue_ OSCP, OSWP
219 Followers 775 FollowingDisclaimer: Does not represent professional advice, opinions, or employer. CTI-League Member. Former Fortinet. Former Symantec. Former Big4. Former Transformer.
8K Followers 6K FollowingDiagnostician. Author of Diagnomicon. Gang of One. Software Surgeon. Machine Learning and AI for Software Diagnostics and Observability. Generative Debugging.
4K Followers 4K FollowingInterested in C/C++, ASM, Windows internals, reverse engineering, exploit & shellcode development and advanced web exploitation. GitHub: https://t.co/nyWUyFo0KW
1K Followers 3K Following„Westoid Cyberhawk“ Remember to talk to your CISO about activating EventID 4688 with commandline logging via GPO. Забирайся звідси, Сталкер
129K Followers 60 FollowingProviding Cyber Threat Intelligence from the Dark Web & Clearnet: Breaches, Ransomware, Darknet Markets, Threat Alerts & more. https://t.co/Fi7VW9lg94
8K Followers 6K Following#InfoSec professional, husband & father of two (in random order). #BlueTeam #DFIR #APT #CTI #RedTeaming #BSidesZH (RT/Likes ≠ endorsement) 👀➡️#MalwareChallenge
488 Followers 322 FollowingCTFer@Dubhe / 2024 & 2025 MSRC MVR / Windows security / Web security/ Red Teamer / BlackHat USA
Graduate for Ph.D. in Fudan University
2K Followers 1K FollowingDebug Engineer.
Windows, drivers and all things kernel mode.
I express my views, not my employer's. My views are my own and just my personal opinions.
434 Followers 34 FollowingWe are a small band of engineers that work intimately with our clients to develop risk-based approaches to improve the overall security of their business.
822 Followers 295 FollowingA malware analyst, forensic investigator, incident responder and researcher. A conference speaker and trainer such as Black Hat, Virus Bulletin and FIRST.