🛡️ Launched BinHex.Ninja Security – browser extension blocking ClickFix attacks ✅ Real-time detection ✅ Clipboard protection ✅ Privacy-first & actively developed 📥 binhex.ninja/extension.html 📧 Feedback: re.team@binhex.ninja 🙏 Thanks to all who share anonymous data

Recently my RE workflow moved into sandboxed VMs where agents have full control over the environment. I needed an MCP server that runs headless in the same sandbox and exposes way more of the #BinaryNinja API than others. Here's the release: github.com/mrphrazer/binary-…

🛡️ Deep dive into ClickFix attack protection! Just demoed the ClickFix Security extension - created by binhex.ninja / @ExploitedSite . 🔗 Extension: chromewebstore.google.com/de… 📖 Analysis: binhex.ninja/extension.html In this demo, we: ✅ Walk through its multi-layer defense system ✅ Break down dual-world execution (ISOLATED MAIN) ✅ Show 5 layers of clipboard protection catching attacks live ✅ Analyze live ClickFix sites blocking malicious payloads instantly 🔍 Detects 100 attack patterns: • Base64 PowerShell • curl | bash payloads • WSH exploitation • Fake CAPTCHA tricks • Clipboard hijacking 💡 How ClickGrab fits in: github.com/MHaggis/ClickGrab ClickGrab hunts campaigns extracts IOCs BinHex.Ninja blocks them in-browser Huge shout-out to @ExploitedSite for the amazing work and the time spent building and sharing this with the community. 👏 Together = full ClickFix defense pipeline 🔄 📺 youtu.be/XuXsfg-yEts

This is awesome - Video inbound on it's use and breakdown of how it works.

Unlock forbidden Windows knowledge! 🤫💻 Find the PEB through truly undetected means and pop calculator 💥 The non-golf form will be available below 👇 #redteamtips #windowsinternals #rust

My new article, "Writing a Full Windows ARM64 Debugger for Reverse Engineering," covers the topic in detail, including its internals and the core differences between Windows on Intel and ARM64: keowu.re/posts/Writing-a-Win…

Thanks for your attention, it was fun! I crafted a working Doom polyglot : Dos executable, Portable executable and PDF. youtube.com/live/nG2RZrD4kAo…

Georgia Tech and Ruhr University Bochum researchers have uncovered new side-channel attacks on #Apple Silicon. My latest blog post briefly introduces these #vulnerabilities along with links to the full #research papers. Check it out to learn more: afine.com/slap-flop-apple-si…

Personally had not seen Chinese Fake Captcha's until now... 🔍Censys Query: "按住Windows键" 📡IP Address: http[:]//101.32.40[.]22 Unfortunately the HTA payload is returning 404 currently. 🔗Payload: http://101.32.40[.]22/recaptcha-verify

Another Day - 🐍More VenomLNK in OpenDavs 🤔 📡Domain/IP: - hxxp[://]65[.]20[.]99[.]10:8080/api/ - hxxp[://]waveax[.]net:8080/api - Hosted on @Namecheap @anyrun_app Analysis: https://app.any[.run/tasks/5728b357-a7e5-481b-97af-e1306ac8e646 This one is different than others i've seen prior and might be one that a few analysers might enjoy to dig into #⃣Hashes: 207c283b7877f26e57b555dc638a297633920d3a3df81a492dd4e121d52d1872 - XS.lnk 01f41e3118f483a8cd0c691a8fb7daff3cfcf5dbf23ea1e660836e2bb48e4809 - chrome.lnk 42810b92c97ffb98af76f5884cd6c5f691fe80cde6c0a56fbaafe80b51a26c30- 58100.ocx CC: @RussianPanda9xx @g0njxa @UK_Daniel_Card @ExploitedSite

Can we somehow avoid making these false attributions without concrete evidence?

Happy New Year, everyone! 🎉 Started the year by updating my blog’s theme and diving into a detailed analysis of the encryption/encoding methods used by one of the current Amos Stealer variants targeting macOS. Big thanks to @ValidinLLC and @censysio platforms for allowing me to track related infrastructure pivoting from the C2 in this specific IOC and providing valuable insights. No better way to kick off 2025! 💥 binhex.ninja/malware-analysi… @RussianPanda9xx @DaveLikesMalwre

A small gift for the community! 🎁 Very excited to publicly release our blog on #LegionLoader - our final blog of 2024. We believe it’s the perfect way to close out the year. Thank you for being so supportive, and we can’t wait to share more in 2025! 🚀 trac-labs.com/advancing-thro…

Enjoy decrypting the new #AMOSStealer osascript. Code available here - github.com/saptarshi-laha/Ma… @RussianPanda9xx @DaveLikesMalwre

#AMOSStealer @DaveLikesMalwre @RussianPanda9xx Will be writing a blog post soon! :)

Well... Hello there

A nice writeup by @ExploitedSite! Still seeing lots of signed malware roaming around 👀 binhex.ninja/re-malware-anal…