Evilcry_

Possible APT34 domain lebanonbuilder[.]com was registered on 2/2 through THCservers using cd.redel@protonmail[.]com and is hosted on a probable dedicated server at 23.106.160[.]127. In @ThreatConnect: https://app.threatconnect.com/auth/incident/incident.xhtml?incident=2989360197 …pic.twitter.com/vokwbytFai

KDU, Kernel Driver Utility - driver loader (and not only) bypassing Windows x64 Driver Signature Enforcement with support of various "functionality" providers - including Unwinder's RTCore, https://github.com/hfiref0x/KDU pic.twitter.com/s154qYlIKR

Reversing C++ executables with OOAnalyzer Ghidra Plugin https://insights.sei.cmu.edu/sei_blog/2019/07/using-ooanalyzer-to-reverse-engineer-object-oriented-code-with-ghidra.html …pic.twitter.com/rK2k4Q17Gd

Reversing XignCode3 Anticheat – Registering Notify and Callback Routines Part 4.1 is out! Anti-cheats use callbacks and notification routines to control what is happening on your system, let's dig into this https://niemand.com.ar/2020/01/31/reversing-xigncode3-driver-part-4-1-registering-notify-and-callback-routines/ … #reversing #hacking #infosec #securitypic.twitter.com/5tmM5JOyBe

New #VB2019 paper & presentation: Rich headers: leveraging the mysterious artifact of the PE format - by @ESETresearch researchers Peter Kálnai and Michal Poslušný https://www.virusbulletin.com/blog/2020/01/vb2019-paper-rich-headers-leveraging-mysterious-artifact-pe-format/ …pic.twitter.com/C9dYSXTU5e

I pushed my intel FSP header parsing library: It includes a tool to dump your flashimages fsp images. Also the printing code is shamelessly stolen from @insomniacslk s tiano fsp parser. Thanks man! https://github.com/mimoja/intelfsp pic.twitter.com/oiO3j1TAIZ