🇺🇦 Xorhex 🇺🇦
@xorhex.bsky.social
Reposted by 🇺🇦 Xorhex 🇺🇦
We are less than a month away from #PIVOTcon26 #CfP deadline,come present your best research in a trusted,vetted environment attended by some of the best researchers. We created such an environment so that we can feel safe to exchange beyond the blogposts #CTI #ThreatResearch #ThreatIntel #MemeGuide
You asked for our traditional #CfP meme-guideline for #PIVOTcon26 - here it is 🥳🎉
Reminder:
- one track,30m
- no recording/streaming/tweeting.
- No TLP:WHITE
- Original content only
#CTI #ThreatIntel #ThreatResearch 1/7
Reminder:
- one track,30m
- no recording/streaming/tweeting.
- No TLP:WHITE
- Original content only
#CTI #ThreatIntel #ThreatResearch 1/7
January 12, 2026 at 3:20 PM
We are less than a month away from #PIVOTcon26 #CfP deadline,come present your best research in a trusted,vetted environment attended by some of the best researchers. We created such an environment so that we can feel safe to exchange beyond the blogposts #CTI #ThreatResearch #ThreatIntel #MemeGuide
Reposted by 🇺🇦 Xorhex 🇺🇦
Carl Svensson is bringing Age of Empires II Definitive Edition to RE//verse 2026 as a playground for tooling. This talk walks through Binary Ninja automation to decrypt and deobfuscate...
January 8, 2026 at 9:15 PM
Carl Svensson is bringing Age of Empires II Definitive Edition to RE//verse 2026 as a playground for tooling. This talk walks through Binary Ninja automation to decrypt and deobfuscate...
Reposted by 🇺🇦 Xorhex 🇺🇦
github.com/VirusTotal/y... - 1.11.0 is out! Lots of new features, modules and bug fixes. Read the release notes and congrats to Victor and the contributors!
Release v1.11.0 · VirusTotal/yara-x
Make the parser stricter (#502).
Implement dex module (#458).
Implement C api console log (#515).
Implement permhash for the crx module (#510).
Implement the imports() method for the Rules object i...
github.com
January 9, 2026 at 1:43 PM
github.com/VirusTotal/y... - 1.11.0 is out! Lots of new features, modules and bug fixes. Read the release notes and congrats to Victor and the contributors!
Reposted by 🇺🇦 Xorhex 🇺🇦
🚨#100DaysofYARA lives!!
2 time reigning champ Yashraj
has kindly offered to take the helm for this community effort! Give the homie a follow 👊
Check the repo to contribute: github.com/100DaysofYARA
And gear up for Jan 1 when #100DaysofYARA will kick off!
2 time reigning champ Yashraj
has kindly offered to take the helm for this community effort! Give the homie a follow 👊
Check the repo to contribute: github.com/100DaysofYARA
And gear up for Jan 1 when #100DaysofYARA will kick off!
a black and white photo of a man with a stethoscope around his neck screaming .
ALT: a black and white photo of a man with a stethoscope around his neck screaming .
media.tenor.com
December 28, 2025 at 11:21 PM
🚨#100DaysofYARA lives!!
2 time reigning champ Yashraj
has kindly offered to take the helm for this community effort! Give the homie a follow 👊
Check the repo to contribute: github.com/100DaysofYARA
And gear up for Jan 1 when #100DaysofYARA will kick off!
2 time reigning champ Yashraj
has kindly offered to take the helm for this community effort! Give the homie a follow 👊
Check the repo to contribute: github.com/100DaysofYARA
And gear up for Jan 1 when #100DaysofYARA will kick off!
Reposted by 🇺🇦 Xorhex 🇺🇦
You asked for our traditional #CfP meme-guideline for #PIVOTcon26 - here it is 🥳🎉
Reminder:
- one track,30m
- no recording/streaming/tweeting.
- No TLP:WHITE
- Original content only
#CTI #ThreatIntel #ThreatResearch 1/7
Reminder:
- one track,30m
- no recording/streaming/tweeting.
- No TLP:WHITE
- Original content only
#CTI #ThreatIntel #ThreatResearch 1/7
December 18, 2025 at 4:15 PM
You asked for our traditional #CfP meme-guideline for #PIVOTcon26 - here it is 🥳🎉
Reminder:
- one track,30m
- no recording/streaming/tweeting.
- No TLP:WHITE
- Original content only
#CTI #ThreatIntel #ThreatResearch 1/7
Reminder:
- one track,30m
- no recording/streaming/tweeting.
- No TLP:WHITE
- Original content only
#CTI #ThreatIntel #ThreatResearch 1/7
Reposted by 🇺🇦 Xorhex 🇺🇦
📣🦀 Announcing: TWO 2026 sessions for our Rust reverse engineering course, Deconstructing Rust Binaries!
1) Ringzer0 COUNTERMEASURE, March 23-26, Remote: ringzer0.training/countermeasu...
2) NorthSec (@nsec.io), May 11-13, Montréal & Remote: nsec.io/training/202...
#malware #infosec #rustlang
1) Ringzer0 COUNTERMEASURE, March 23-26, Remote: ringzer0.training/countermeasu...
2) NorthSec (@nsec.io), May 11-13, Montréal & Remote: nsec.io/training/202...
#malware #infosec #rustlang
Deconstructing Rust Binaries
Deconstructing Rust Binaries is the first comprehensive training course focused solely on reverse engineering Rust binaries. This course is for any reverse engineer who needs a rapid, practical upskil...
ringzer0.training
December 19, 2025 at 3:08 PM
📣🦀 Announcing: TWO 2026 sessions for our Rust reverse engineering course, Deconstructing Rust Binaries!
1) Ringzer0 COUNTERMEASURE, March 23-26, Remote: ringzer0.training/countermeasu...
2) NorthSec (@nsec.io), May 11-13, Montréal & Remote: nsec.io/training/202...
#malware #infosec #rustlang
1) Ringzer0 COUNTERMEASURE, March 23-26, Remote: ringzer0.training/countermeasu...
2) NorthSec (@nsec.io), May 11-13, Montréal & Remote: nsec.io/training/202...
#malware #infosec #rustlang
Reposted by 🇺🇦 Xorhex 🇺🇦
Excited to bring Deconstructing Rust Binaries to NorthSec in March! Chat with me here or at @decoderloop.com if you have questions about the training.
Take advantage of the early bird rate for the onsite option! Pricing is in CAD, take advantage of the exchange rate (:
nsec.io/training/202...
Take advantage of the early bird rate for the onsite option! Pricing is in CAD, take advantage of the exchange rate (:
nsec.io/training/202...
December 18, 2025 at 10:13 PM
Excited to bring Deconstructing Rust Binaries to NorthSec in March! Chat with me here or at @decoderloop.com if you have questions about the training.
Take advantage of the early bird rate for the onsite option! Pricing is in CAD, take advantage of the exchange rate (:
nsec.io/training/202...
Take advantage of the early bird rate for the onsite option! Pricing is in CAD, take advantage of the exchange rate (:
nsec.io/training/202...
Reposted by 🇺🇦 Xorhex 🇺🇦
Targeting of Lithuania's government today cc @lithuaniaineu.bsky.social 0c6ba3f0ab6f48c84175db68eb4f0d19
December 17, 2025 at 3:20 PM
Targeting of Lithuania's government today cc @lithuaniaineu.bsky.social 0c6ba3f0ab6f48c84175db68eb4f0d19
Reposted by 🇺🇦 Xorhex 🇺🇦
I spent a couple months arguing with Claude and Copilot while building FrostyGoop variants for DNP3 (and Modbus), keeping detailed notes on what worked and what didn't. At S4, I’ll share my honest assessment of these tools and how they might lower barriers to ICS malware dev. See you in Miami!
December 16, 2025 at 3:00 PM
I spent a couple months arguing with Claude and Copilot while building FrostyGoop variants for DNP3 (and Modbus), keeping detailed notes on what worked and what didn't. At S4, I’ll share my honest assessment of these tools and how they might lower barriers to ICS malware dev. See you in Miami!
Reposted by 🇺🇦 Xorhex 🇺🇦
Proud to share new research by Amazon Threat Intelligence detailing recent activity by Sandworm/APT44 🇷🇺 targeting US and European energy, critical infrastructure, and managed security provider networks via vulnerable and misconfigured network edge devices. #threatintel aws.amazon.com/blogs/securi...
Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure | Amazon Web Services
As we conclude 2025, Amazon Threat Intelligence is sharing insights about a years-long Russian state-sponsored campaign that represents a significant evolution in critical infrastructure targeting: a ...
aws.amazon.com
December 15, 2025 at 7:51 PM
Proud to share new research by Amazon Threat Intelligence detailing recent activity by Sandworm/APT44 🇷🇺 targeting US and European energy, critical infrastructure, and managed security provider networks via vulnerable and misconfigured network edge devices. #threatintel aws.amazon.com/blogs/securi...
Reposted by 🇺🇦 Xorhex 🇺🇦
Ongoing european government targeting from this susp ru actor. Surely others are focused on the politics of Transnistria, but not too many. strikeready.com/blog/russian...
December 15, 2025 at 8:31 PM
Ongoing european government targeting from this susp ru actor. Surely others are focused on the politics of Transnistria, but not too many. strikeready.com/blog/russian...
Reposted by 🇺🇦 Xorhex 🇺🇦
🦀 Looking for Rust malware samples to practice analyzing? Our Rust Malware Sample Gallery just received a major update, with 20 new families added! github.com/decoderloop/...
#rust #rustlang #malware #infosec #ReverseEngineering #MalwareAnalysis #reversing
#rust #rustlang #malware #infosec #ReverseEngineering #MalwareAnalysis #reversing
GitHub - decoderloop/rust-malware-gallery: A collection of malware families and malware samples which use the Rust programming language.
A collection of malware families and malware samples which use the Rust programming language. - decoderloop/rust-malware-gallery
github.com
December 15, 2025 at 3:41 PM
🦀 Looking for Rust malware samples to practice analyzing? Our Rust Malware Sample Gallery just received a major update, with 20 new families added! github.com/decoderloop/...
#rust #rustlang #malware #infosec #ReverseEngineering #MalwareAnalysis #reversing
#rust #rustlang #malware #infosec #ReverseEngineering #MalwareAnalysis #reversing
Reposted by 🇺🇦 Xorhex 🇺🇦
I'm hiring a senior threat researcher! If you want to help me build out a team to track the most advanced actors targeting cloud environments, this is the job for you. This job is open to remote, but us-bases only. Feel free to reach out with questions.
www.wiz.io/careers/job/...
www.wiz.io/careers/job/...
December 15, 2025 at 2:26 PM
I'm hiring a senior threat researcher! If you want to help me build out a team to track the most advanced actors targeting cloud environments, this is the job for you. This job is open to remote, but us-bases only. Feel free to reach out with questions.
www.wiz.io/careers/job/...
www.wiz.io/careers/job/...
Reposted by 🇺🇦 Xorhex 🇺🇦
Just posted my thoughts on maldev academy! Apologies if it’s a little messy, it’s reporting week at work so it’s all text editing all day right now.
www.winterknight.net/maldev-acade...
www.winterknight.net/maldev-acade...
Maldev Academy Review
2 years after starting, some false starts, and some requisite learning completed, I finally wrapped up Maldev Academy.
www.winterknight.net
December 11, 2025 at 6:07 AM
Just posted my thoughts on maldev academy! Apologies if it’s a little messy, it’s reporting week at work so it’s all text editing all day right now.
www.winterknight.net/maldev-acade...
www.winterknight.net/maldev-acade...
Reposted by 🇺🇦 Xorhex 🇺🇦
Quality of life improvement for yara-x:
I realized the functions that output hash values do not have constraints on them like the hash module functions do. See virustotal.github.io/yara-x/blog/... for details on why this is useful to extend everywhere.
PR that fixes it: github.com/VirusTotal/y...
I realized the functions that output hash values do not have constraints on them like the hash module functions do. See virustotal.github.io/yara-x/blog/... for details on why this is useful to extend everywhere.
PR that fixes it: github.com/VirusTotal/y...
feat: More constraints on hashes by wxsBSD · Pull Request #509 · VirusTotal/yara-x
The imphash implementation always returns a lowercase md5. This commit switches
the type of the returned value so that it can be used to generate warnings.
Warnings are now generated if you use an ...
github.com
December 9, 2025 at 9:16 PM
Quality of life improvement for yara-x:
I realized the functions that output hash values do not have constraints on them like the hash module functions do. See virustotal.github.io/yara-x/blog/... for details on why this is useful to extend everywhere.
PR that fixes it: github.com/VirusTotal/y...
I realized the functions that output hash values do not have constraints on them like the hash module functions do. See virustotal.github.io/yara-x/blog/... for details on why this is useful to extend everywhere.
PR that fixes it: github.com/VirusTotal/y...
#BinYars (write #YARA-X rules inside of #BinaryNinja) is now available in Binja's plugin manager!
I want to give a special shout out to @cxiao.net (Thank You 🙏) who provided valuable feedback making the plugin experience better.
Happy rule writing!
Learn more @ github.com/xorhex/BinYars
I want to give a special shout out to @cxiao.net (Thank You 🙏) who provided valuable feedback making the plugin experience better.
Happy rule writing!
Learn more @ github.com/xorhex/BinYars
December 8, 2025 at 7:08 PM
#BinYars (write #YARA-X rules inside of #BinaryNinja) is now available in Binja's plugin manager!
I want to give a special shout out to @cxiao.net (Thank You 🙏) who provided valuable feedback making the plugin experience better.
Happy rule writing!
Learn more @ github.com/xorhex/BinYars
I want to give a special shout out to @cxiao.net (Thank You 🙏) who provided valuable feedback making the plugin experience better.
Happy rule writing!
Learn more @ github.com/xorhex/BinYars
Reposted by 🇺🇦 Xorhex 🇺🇦
the amount of businesses that use GoPhish as an otherwise legitimate mailer is ... concerning
December 8, 2025 at 3:51 PM
the amount of businesses that use GoPhish as an otherwise legitimate mailer is ... concerning
Reposted by 🇺🇦 Xorhex 🇺🇦
A new blog this evening from Amazon Threat Intelligence detailing ongoing China-nexus cyber actors leveraging React2Shell (CVE-2025-55182): aws.amazon.com/blogs/securi...
China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182) | Amazon Web Services
Within hours of the public disclosure of CVE-2025-55182 (React2Shell) on December 3, 2025, Amazon threat intelligence teams observed active exploitation attempts by multiple China state-nexus threat g...
aws.amazon.com
December 5, 2025 at 1:06 AM
A new blog this evening from Amazon Threat Intelligence detailing ongoing China-nexus cyber actors leveraging React2Shell (CVE-2025-55182): aws.amazon.com/blogs/securi...
Reposted by 🇺🇦 Xorhex 🇺🇦
1/ Today we release a new report exposing previously undisclosed entities connected to the wider #Intellexa ecosystem as well as newly identified activity clusters in Iraq and indications of activity in Pakistan: www.recordedfuture.com/research/int...
Intellexa’s Global Corporate Web
www.recordedfuture.com
December 4, 2025 at 4:18 AM
1/ Today we release a new report exposing previously undisclosed entities connected to the wider #Intellexa ecosystem as well as newly identified activity clusters in Iraq and indications of activity in Pakistan: www.recordedfuture.com/research/int...
Reposted by 🇺🇦 Xorhex 🇺🇦
Videos and papers from this year's @virusbtn.bsky.social in Berlin are now available online. Amazing conference and looking forward to the next one: www.youtube.com/@virusbtn
Virus Bulletin
www.youtube.com
November 28, 2025 at 6:47 AM
Videos and papers from this year's @virusbtn.bsky.social in Berlin are now available online. Amazing conference and looking forward to the next one: www.youtube.com/@virusbtn
Reposted by 🇺🇦 Xorhex 🇺🇦
And #FlareOn12 Task 8: wp.me/p2mVNF-2Qf
Flare-On 12 – Task 8
In this mini-series I describe the solutions of my favorite tasks from this year’s Flare-On competition. To those of you who are not familiar, Flare-On is a marathon of reverse engineering. This ye…
wp.me
November 27, 2025 at 9:55 PM
And #FlareOn12 Task 8: wp.me/p2mVNF-2Qf
Reposted by 🇺🇦 Xorhex 🇺🇦
#PIVOTcon26 #CfP is open and you can submit your proposals till 6 FEB 2026
CfP rules and submissions here: pretalx.com/pivotcon26/cfp
#ThreatIntel #ThreatResearch #CTI
CfP rules and submissions here: pretalx.com/pivotcon26/cfp
#ThreatIntel #ThreatResearch #CTI
a little boy is driving a toy car down a street .
ALT: a little boy is driving a toy car down a street .
media.tenor.com
November 27, 2025 at 2:06 PM
#PIVOTcon26 #CfP is open and you can submit your proposals till 6 FEB 2026
CfP rules and submissions here: pretalx.com/pivotcon26/cfp
#ThreatIntel #ThreatResearch #CTI
CfP rules and submissions here: pretalx.com/pivotcon26/cfp
#ThreatIntel #ThreatResearch #CTI
As tempting as it might be, don’t use recursion when writing a #binaryninja workflow.
November 27, 2025 at 12:19 AM
As tempting as it might be, don’t use recursion when writing a #binaryninja workflow.
Reposted by 🇺🇦 Xorhex 🇺🇦
I'm offering a rare public Applied #CTI training course for cyber threat intelligence in evening North America/morning Australia/Asia in January - register your interest soon if you would like to attend mission-focused #ThreatIntel training!
forms.gle/i3n4srD6hWzf...
forms.gle/i3n4srD6hWzf...
Paralus LLC: Applied Threat Intelligence
Hello and thank you for your interest in a workshop focusing on Applied Threat Intelligence!
Scheduling:
12-16 January 2026 (Five Days)
1700-1900 US Eastern/2200-0000 Central European/0900-1100 Austr...
forms.gle
November 24, 2025 at 10:52 PM
I'm offering a rare public Applied #CTI training course for cyber threat intelligence in evening North America/morning Australia/Asia in January - register your interest soon if you would like to attend mission-focused #ThreatIntel training!
forms.gle/i3n4srD6hWzf...
forms.gle/i3n4srD6hWzf...
First release is ready! Hoping to have it included soon in @binary.ninja's plugin manager 🤞
Still testing 🤞
For those able to use #BinaryNinja projects; #BinYars can sort the files into folders based upon the #Yara-X rule metadata field, BNFolder. The folder nesting structure is determined by the number of matches that reside under each folder - check out the video below!
For those able to use #BinaryNinja projects; #BinYars can sort the files into folders based upon the #Yara-X rule metadata field, BNFolder. The folder nesting structure is determined by the number of matches that reside under each folder - check out the video below!
November 24, 2025 at 10:02 PM
First release is ready! Hoping to have it included soon in @binary.ninja's plugin manager 🤞