Marc ᓚᘏᗢ
@jagaimokawaii.bsky.social
RE and Malware Hunting and fancy projects I never finish :D
Reposted by Marc ᓚᘏᗢ
Disrupting the first reported AI orchestrated cyber espionage campaign
github.com/blackorbird/...
github.com/blackorbird/...
November 14, 2025 at 3:35 AM
Disrupting the first reported AI orchestrated cyber espionage campaign
github.com/blackorbird/...
github.com/blackorbird/...
Reposted by Marc ᓚᘏᗢ
Reposted by Marc ᓚᘏᗢ
The Linux Boot Process: From Power Button to Kernel www.0xkato.xyz/linux-boot/
The Linux Boot Process: From Power Button to Kernel
A detailed walkthrough of the Linux boot process from power button to kernel initialization
www.0xkato.xyz
October 26, 2025 at 4:54 PM
The Linux Boot Process: From Power Button to Kernel www.0xkato.xyz/linux-boot/
Reposted by Marc ᓚᘏᗢ
Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
October 21, 2025 at 2:57 PM
Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
Reposted by Marc ᓚᘏᗢ
Presentations about getting started with Linux kernel exploitation
"Linux Kernel Exploitation for Beginners" by Kevin Massey:
rvasec.com/slides/2025/...
"Control Flow Hijacking in the Linux Kernel" by Valeriy Yashnikov
pt-phdays.storage.yandexcloud.net/Yashnikov_Va...
#Linux #infosec
"Linux Kernel Exploitation for Beginners" by Kevin Massey:
rvasec.com/slides/2025/...
"Control Flow Hijacking in the Linux Kernel" by Valeriy Yashnikov
pt-phdays.storage.yandexcloud.net/Yashnikov_Va...
#Linux #infosec
October 19, 2025 at 11:34 AM
Presentations about getting started with Linux kernel exploitation
"Linux Kernel Exploitation for Beginners" by Kevin Massey:
rvasec.com/slides/2025/...
"Control Flow Hijacking in the Linux Kernel" by Valeriy Yashnikov
pt-phdays.storage.yandexcloud.net/Yashnikov_Va...
#Linux #infosec
"Linux Kernel Exploitation for Beginners" by Kevin Massey:
rvasec.com/slides/2025/...
"Control Flow Hijacking in the Linux Kernel" by Valeriy Yashnikov
pt-phdays.storage.yandexcloud.net/Yashnikov_Va...
#Linux #infosec
Reposted by Marc ᓚᘏᗢ
"We're basically outsourcing empathy and outsourcing relationships to these machines without considering the consequences…”
I tested an AI-powered pet designed to 'ease stress and bring comfort' to Gen Z—it went exactly how a psychologist predicted
My week with Moflin, Casio's first AI-powered companion robot.
www.cnbc.com
October 16, 2025 at 6:47 PM
"We're basically outsourcing empathy and outsourcing relationships to these machines without considering the consequences…”
Reposted by Marc ᓚᘏᗢ
LinkPro: new stealthy #Linux rootkit based on eBPF 🔍️
Our #CSIRT team discovered and named LinkPro, a new Linux rootkit, during an incident response. It exploits eBPF for evasion and persistence.
Here are the four key technical points in the image below. 💡
🔗 www.synacktiv.com/en/publicati...
Our #CSIRT team discovered and named LinkPro, a new Linux rootkit, during an incident response. It exploits eBPF for evasion and persistence.
Here are the four key technical points in the image below. 💡
🔗 www.synacktiv.com/en/publicati...
October 14, 2025 at 2:33 PM
LinkPro: new stealthy #Linux rootkit based on eBPF 🔍️
Our #CSIRT team discovered and named LinkPro, a new Linux rootkit, during an incident response. It exploits eBPF for evasion and persistence.
Here are the four key technical points in the image below. 💡
🔗 www.synacktiv.com/en/publicati...
Our #CSIRT team discovered and named LinkPro, a new Linux rootkit, during an incident response. It exploits eBPF for evasion and persistence.
Here are the four key technical points in the image below. 💡
🔗 www.synacktiv.com/en/publicati...
Reposted by Marc ᓚᘏᗢ
Reposted by Marc ᓚᘏᗢ
Seqrite Threat Research reports Spanish language judicial notification lures targeting Colombian users, using SVG HTA VBS and PowerShell stages to download and decode a loader, ending with AsyncRAT injected into a legitimate Windows process. www.seqrite.com/blog/judicia...
October 14, 2025 at 8:19 AM
Seqrite Threat Research reports Spanish language judicial notification lures targeting Colombian users, using SVG HTA VBS and PowerShell stages to download and decode a loader, ending with AsyncRAT injected into a legitimate Windows process. www.seqrite.com/blog/judicia...
Reposted by Marc ᓚᘏᗢ
eSentire Threat Response Unit details ChaosBot, a Rust-based backdoor using Discord for command and control. It was first seen in late September 2025 in a financial services environment, targeting mainly, though not exclusively, Vietnamese speakers. www.esentire.com/blog/new-rus...
October 10, 2025 at 8:40 AM
eSentire Threat Response Unit details ChaosBot, a Rust-based backdoor using Discord for command and control. It was first seen in late September 2025 in a financial services environment, targeting mainly, though not exclusively, Vietnamese speakers. www.esentire.com/blog/new-rus...
Reposted by Marc ᓚᘏᗢ
Working on a fun Crystal Palace loader that hooks APIs and pushes them through a call stack spoofing PICO.
October 4, 2025 at 8:00 PM
Working on a fun Crystal Palace loader that hooks APIs and pushes them through a call stack spoofing PICO.
Reposted by Marc ᓚᘏᗢ
If you're based in Berlin, there's an event this Tuesday on spyware, hosted by @amnestyuk.bsky.social and @papertrailmedia.de. It includes workshops by @donncha.is, @jurrevanbergen.nl, and others, drop-in sessions, and a panel. Tickets are still available: www.hebbel-am-ufer.de/programm/pde...
Amnesty International
Digital Surveillance: How States Are Spying on the Resistance
www.hebbel-am-ufer.de
September 28, 2025 at 12:11 PM
If you're based in Berlin, there's an event this Tuesday on spyware, hosted by @amnestyuk.bsky.social and @papertrailmedia.de. It includes workshops by @donncha.is, @jurrevanbergen.nl, and others, drop-in sessions, and a panel. Tickets are still available: www.hebbel-am-ufer.de/programm/pde...
Reposted by Marc ᓚᘏᗢ
Two malicious packages with nearly 8,500 downloads in Rust's official crate repository scanned developers' systems to steal cryptocurrency private keys and other secrets.
Malicious Rust packages on Crates.io steal crypto wallet keys
Two malicious packages with nearly 8,500 downloads in Rust's official crate repository scanned developers' systems to steal cryptocurrency private keys and other secrets.
www.bleepingcomputer.com
September 25, 2025 at 3:43 PM
Two malicious packages with nearly 8,500 downloads in Rust's official crate repository scanned developers' systems to steal cryptocurrency private keys and other secrets.
Reposted by Marc ᓚᘏᗢ
New EDR-Freeze tool uses Windows WER to suspend security software #cybersecurity #hacking #news #infosec #security #technology #privacy
New EDR-Freeze tool uses Windows WER to suspend security software
A new method and proof-of-concept tool called EDR-Freeze demonstrates that evading security solutions is possible from user mode with Microsoft's Windows Error Reporting (WER) system.
www.bleepingcomputer.com
September 23, 2025 at 4:03 AM
New EDR-Freeze tool uses Windows WER to suspend security software #cybersecurity #hacking #news #infosec #security #technology #privacy
Reposted by Marc ᓚᘏᗢ
DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
September 21, 2025 at 12:42 PM
DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
Reposted by Marc ᓚᘏᗢ
Security researcher Mehmet Ergene has published the Microsoft Vulnerable Driver Block Lists after Microsoft stopped publishing the list in a browsable web page
github.com/Cyb3r-Monk/M...
github.com/Cyb3r-Monk/M...
GitHub - Cyb3r-Monk/Microsoft-Vulnerable-Driver-Block-Lists: Microsoft Vulnerable Driver Block Lists in CSV and JSON for SIEM lookups
Microsoft Vulnerable Driver Block Lists in CSV and JSON for SIEM lookups - Cyb3r-Monk/Microsoft-Vulnerable-Driver-Block-Lists
github.com
September 21, 2025 at 3:46 PM
Security researcher Mehmet Ergene has published the Microsoft Vulnerable Driver Block Lists after Microsoft stopped publishing the list in a browsable web page
github.com/Cyb3r-Monk/M...
github.com/Cyb3r-Monk/M...
Reposted by Marc ᓚᘏᗢ
Open-source multi-purpose remote access tool for Microsoft Windows🕵️♂️
github.com/DarkCoderSc/...
#infosec #cybersecurity #pentest #opensource #windows
github.com/DarkCoderSc/...
#infosec #cybersecurity #pentest #opensource #windows
GitHub - DarkCoderSc/OptixGate: Open-source multi-purpose remote access tool for Microsoft Windows
Open-source multi-purpose remote access tool for Microsoft Windows - DarkCoderSc/OptixGate
github.com
September 8, 2025 at 7:59 AM
Open-source multi-purpose remote access tool for Microsoft Windows🕵️♂️
github.com/DarkCoderSc/...
#infosec #cybersecurity #pentest #opensource #windows
github.com/DarkCoderSc/...
#infosec #cybersecurity #pentest #opensource #windows
Reposted by Marc ᓚᘏᗢ
BlackHoodie will be back at @reconmtl.bsky.social this year ☺️ It'll be two days of Breaking Down Binaries: Introduction to Reverse Engineering & Malware Analysis by @bitmaize.bsky.social and Souweera de Souza, registration is now open blackhoodie.re/recon/
Blackhoodie at RECon 2025
Meet us in Montrèal for two days of fun reverse engineering!
blackhoodie.re
May 11, 2025 at 11:44 AM
BlackHoodie will be back at @reconmtl.bsky.social this year ☺️ It'll be two days of Breaking Down Binaries: Introduction to Reverse Engineering & Malware Analysis by @bitmaize.bsky.social and Souweera de Souza, registration is now open blackhoodie.re/recon/
Reposted by Marc ᓚᘏᗢ
In case if you wonder what broke #ProcessHollowing on Windows 11 24H2, I have something for you: hshrzd.wordpress.com/2025/01/27/p...
Process Hollowing on Windows 11 24H2
Process Hollowing (a.k.a. RunPE) is probably the oldest, and the most popular process impersonation technique (it allows to run a malicious executable under the cover of a benign process). It is us…
hshrzd.wordpress.com
January 26, 2025 at 11:55 PM
In case if you wonder what broke #ProcessHollowing on Windows 11 24H2, I have something for you: hshrzd.wordpress.com/2025/01/27/p...
Reposted by Marc ᓚᘏᗢ
Cool project: a hypervisor-based emulator for Windows x64 user-mode executables. One of my first thoughts upon seeing it - "I wonder if it's also possible to call the Windows hypervisor APIs from C#". github.com/x86matthew/W...
GitHub - x86matthew/WinVisor: WinVisor - A hypervisor-based emulator for Windows x64 user-mode executables using Windows Hypervisor Platform API
WinVisor - A hypervisor-based emulator for Windows x64 user-mode executables using Windows Hypervisor Platform API - x86matthew/WinVisor
github.com
January 24, 2025 at 7:52 AM
Cool project: a hypervisor-based emulator for Windows x64 user-mode executables. One of my first thoughts upon seeing it - "I wonder if it's also possible to call the Windows hypervisor APIs from C#". github.com/x86matthew/W...
Reposted by Marc ᓚᘏᗢ
#ESETresearch discovered + named 🇨🇳 China-aligned #APT group #PlushDaemon who did a supply-chain compromise of a 🇰🇷 South Korean #VPN provider, trojanizing its legitimate software installer with a Windows backdoor we named #SlowStepper www.welivesecurity.com/en/eset-rese...
🧵1/6
🧵1/6
January 22, 2025 at 8:50 AM
#ESETresearch discovered + named 🇨🇳 China-aligned #APT group #PlushDaemon who did a supply-chain compromise of a 🇰🇷 South Korean #VPN provider, trojanizing its legitimate software installer with a Windows backdoor we named #SlowStepper www.welivesecurity.com/en/eset-rese...
🧵1/6
🧵1/6
Reposted by Marc ᓚᘏᗢ
PUMAKIT (rootkit touchant les systèmes Linux) est un véritable ninja pour se cacher et agir. Plus de détail dans l'article.
thehackernews.com/2024/12/new-...
thehackernews.com/2024/12/new-...
New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection
PUMAKIT, a stealthy Linux rootkit, uses syscall hooking, memory-resident execution, and advanced privilege escalation techniques.
thehackernews.com
December 13, 2024 at 3:56 PM
PUMAKIT (rootkit touchant les systèmes Linux) est un véritable ninja pour se cacher et agir. Plus de détail dans l'article.
thehackernews.com/2024/12/new-...
thehackernews.com/2024/12/new-...
Reposted by Marc ᓚᘏᗢ
Denuvo Analysis www.reddit.com/r/ReverseEng...
Denuvo Analysis
www.reddit.com
January 22, 2025 at 5:53 AM
Denuvo Analysis www.reddit.com/r/ReverseEng...
Reposted by Marc ᓚᘏᗢ
Analysis of VMProtect 2 internals (2021)
Part 1: blog.back.engineering/17/05/2021/
Part 2: blog.back.engineering/21/06/2021/
Credits @_xeroxz
#vmprotect #cybersecuriy
Part 1: blog.back.engineering/17/05/2021/
Part 2: blog.back.engineering/21/06/2021/
Credits @_xeroxz
#vmprotect #cybersecuriy
December 21, 2024 at 6:12 PM
Analysis of VMProtect 2 internals (2021)
Part 1: blog.back.engineering/17/05/2021/
Part 2: blog.back.engineering/21/06/2021/
Credits @_xeroxz
#vmprotect #cybersecuriy
Part 1: blog.back.engineering/17/05/2021/
Part 2: blog.back.engineering/21/06/2021/
Credits @_xeroxz
#vmprotect #cybersecuriy
Reposted by Marc ᓚᘏᗢ
December 20, 2024 at 12:47 AM