Stéfan Le Berre - Heurs
LightNews LightNews
heurs.bsky.social
Stéfan Le Berre - Heurs
@heurs.bsky.social
20 followers 14 following 2 posts
Work at @ExaTrack, love rootkits
-> https://github.com/ExaTrack/Kdrill
Posts Replies Media Videos
heurs.bsky.social
I'm glad to share my talk at @botconf.infosec.exchange.ap.brid.gy 2025!
Do you want to know how we compare a sample with 150k others in seconds on @exalyze.bsky.social? This talk is made for you🚀
At the end, you'll get a hint on what's coming next for Exalyze 😉
youtube.com/watch?v=TS8X...
exalyze.io
10 Years of Large-Scale Malware Comparison: Going Deeper With Machoke
YouTube video by botconf eu
youtube.com
July 23, 2025 at 8:16 AM
Reposted by Stéfan Le Berre - Heurs
potato.software
#Podcast #Potatosécurité

Épisode #502 : détection vs. recherche de compromissions (suite de l'épisode #491), avec @heurs.bsky.social

www.nolimitsecu.fr/detection-vs...
May 12, 2025 at 6:31 AM
Reposted by Stéfan Le Berre - Heurs
nolimitsecu.bsky.social
#Podcast #Cybersécurité

Épisode #501 : détection vs. recherche de compromissions (suite de l'épisode #491), avec @heurs.bsky.social

www.nolimitsecu.fr/detection-vs...
Détection vs Recherche de Compromissions : La discussion continue - NoLimitSecu
Épisode #502 – Détection vs Recherche : La discussion continue (épisode #491) Avec Stéfan LE BERRE
www.nolimitsecu.fr
May 12, 2025 at 6:38 AM
heurs.bsky.social
Kdrill update 📢
ARM64 support added, hunt those rootkits before they adapt to your Winows!
github.com/ExaTrack/Kdr...
GitHub - ExaTrack/Kdrill: Python tool to check rootkits in Windows kernel
Python tool to check rootkits in Windows kernel. Contribute to ExaTrack/Kdrill development by creating an account on GitHub.
github.com
February 2, 2025 at 12:32 PM
Reposted by Stéfan Le Berre - Heurs
alexandreborges.bsky.social
The nineth article (38 pages) of the Malware Analysis Series (MAS) is available on:

exploitreversing.com/2025/01/08/m...

Even though I haven't been on this subject for years, I promised I would write a series of ten articles, and the last one will be released next week (JAN/15).

#malware
January 8, 2025 at 4:45 PM
Reposted by Stéfan Le Berre - Heurs
msm0.bsky.social
RULECOMPILE - Undocumented Ghidra decompiler rule language.
A blog post about how frustration with poor decompilation led me to dive deep into Ghidra's decompiler to discover (and reverse-engineer) - an obscure, undocumented DSL
msm.lt/re/ghidra/ru...
#reverseengineering #ghidra
A image that shows a piece of code. On top there is an expression (param_1 & 1) * 2 + (param_1 ^ 1). On the bottom is a deobfuscated version, param_1 + 1. In the middle there is a custom Ghidra DSL, explained in the post.
December 30, 2024 at 7:34 PM
Reposted by Stéfan Le Berre - Heurs
exatrack.bsky.social
3+ YEARS of stealth! We uncovered new tactics used by the perfctl malware, including a userland rootkit & an SSH backdoor (a single SPACE in /etc/passwd!). More insights: blog.exatrack.com/Perfctl-usin... #cybersecurity #threat_hunting #linux #infosec #perfctl #rootkit #ssh #exatrack
Perfctl malware exploiting exposed Portainer agent and using new SSH persistenceExaTrack
blog.exatrack.com
December 17, 2024 at 10:02 AM