@Heurs profile picture
LE BERRE Stéfan @Heurs

CEO/Co-Founder - @ExaTrack

Joined September 2009
  • Tweets 763
  • Following 412
  • Followers 1,879
11 Photos and videos
LE BERRE Stéfan retweeted
SwitHak (👁)
@SwitHak
14 Dec 2025
Analyse et recoupement de malwares avec #Exalyze By @ExaTrack At OSSIR meeting ↘️ youtu.be/VWa447RdLmg
3
6
777
LE BERRE Stéfan retweeted
ExaTrack@ExaTrack
Jan 6
🎯 Happy 2026, Threat Hunters! We compiled 12 battle-tested tips to hunt the unknown, no IOCs, just anomalies. 🔍 Windows/Linux 💥 Scaled to 10K endpoints 👉 blog.exatrack.com/Happy_2026… #ThreatHunting #Cybersecurity #DFIR #UnknownThreats
3
3
291
Discover a new linux backdoor hidden for 10 YEARS in a critical HTTP server, waiting for a "magic packet" to wake up. Undocumented TTP. Full report: blog.exatrack.com/Butoflex%2… #Malware #ThreatHunting #Cybersecurity @ExaTrack @LoginSecurite
1
12
19
1,349
LE BERRE Stéfan retweeted
Exalyze@Exalyze_io
9 Sep 2025
Exalyze 1.0 is out 🥳 What's new on it? - Analysis pipeline rebuild for transparent updates - Yara generation (opcodes) have been improved - Pivots added for IP/domains to @virustotal @shodanhq @censysio @onyphe @fofabot See you on exalyze.io

Exalyze

Accelerate your malware analysis. Instantly get actionable insights on unknown samples.

exalyze.io
6
2
680
I'm glad to share my talk at @Botconf 2025! Do you want to know how we compare a sample with 150k others in seconds on @Exalyze_io? This talk is made for you 🚀 At the end, you'll get a hint on what's coming next for Exalyze! 😉 youtube.com/watch?v=TS8XO2Eo… exalyze.io

10 Years of Large-Scale Malware Comparison: Going Deeper With Machoke

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

youtube.com
5
7
993
LE BERRE Stéfan retweeted
ö@r0keb
7 Jul 2025
Good morning! Just published a blog post diving into Windows Kernel Pool internals: basics, memory allocation functions, internal structures, and how Segment Heap, LFH, and VS work. r0keb.github.io/posts/Window…

Windows Kernel Pool Internals

Good morning! In today’s blog post we’re going to dive into a topic that has interested me for quite some time, the Windows kernel pool. It’s a topic that tends to have “scarce” documentation online...

r0keb.github.io
4
135
401
33,063
LE BERRE Stéfan retweeted
Alexandre Borges
@ale_sp_brazil
3 Jun 2025
A well-done article written by @memn0ps: Hypervisors for Memory Introspection and Reverse Engineering: secret.club/2025/06/02/hyper… #reverveengineering #infosec #hypervisor #memoryanalysis #windows #rust
1
16
47
3,873
🚀 Take your malware analysis skills to the next level with Exalyze Discover our unique capabilities to compare malware code with our entire database, identifying similar samples and uncovering hidden connections. 👉 exalyze.io @Exalyze_io

Exalyze

Accelerate your malware analysis. Instantly get actionable insights on unknown samples.

exalyze.io
13
11
989
LE BERRE Stéfan retweeted
NoLimitSecu@nolimitsecu
12 May 2025
#Podcast #Cybersécurité Épisode #501 : détection vs. recherche de compromissions (suite de l'épisode #491), avec @Heurs nolimitsecu.fr/detection-vs-…
7
12
1,390
LE BERRE Stéfan retweeted
Nathan Blondel@slowerzs
29 Mar 2025
Think HVCI and kCET mean the end of kernel code execution? I wrote a blogpost exploring an alternative way to execute a kernel payload! :) blog.slowerzs.net/posts/keyj…

Code reuse in the age of kCET and HVCI

blog.slowerzs.net
4
119
279
41,531
LE BERRE Stéfan retweeted
herrcore
@herrcore
1 Jan 2025
Probably worth reposting this for the first day of #100DaysofYARA
16:42
3
88
416
54,798
Kdrill update 📢 ARM64 support added, hunt those rootkits before they adapt to your Winows! github.com/ExaTrack/Kdrill

GitHub - ExaTrack/Kdrill: Python tool to check rootkits in Windows kernel

Python tool to check rootkits in Windows kernel. Contribute to ExaTrack/Kdrill development by creating an account on GitHub.

github.com
6
13
1,207
LE BERRE Stéfan retweeted
ExaTrack@ExaTrack
17 Dec 2024
3 YEARS of stealth! We uncovered new tactics used by the perfctl malware, including a userland rootkit & an SSH backdoor (a single SPACE in /etc/passwd!). More insights: blog.exatrack.com/Perfctl-us… #cybersecurity #threat_hunting #linux #infosec #perfctl #rootkit #ssh #exatrack
5
7
709
LE BERRE Stéfan retweeted
The Brofessor@Glacius_
2 Dec 2024
Hey :) If you missed your daily Frenglish dose, my talk about Octo at @virusbtn is now available on Youtube: youtube.com/watch?v=H8y9d_Xk… Talked about malware, infrastructure, bulletproof hoster, and more. The full paper is also available in the description :) @teamcymru_S2

Octopus Prime: it didn't turn into a truck, but a widely spread...

Presented at the VB2024 conference in Dublin, 2 - 4 October 2024.↓...

youtube.com
14
29
3,281
LE BERRE Stéfan retweeted
REverse_Tactics@Reverse_Tactics
25 Nov 2024
Slides & video from our @GrehackConf talk "Attacking Hypervisors - A Practical Case" are online! Learn how we exploited vulnerabilities to escape VirtualBox during Pwn2Own Vancouver 2024: reversetactics.com/publicati…
27
57
6,874
LE BERRE Stéfan retweeted
Clement Rouault@hakril
5 Nov 2024
In our search for new forensic artifacts at @ExaTrack, we sometimes deep dive into Windows Internals. This one is about COM and interacting with remote objects using a custom python LRPC Client. STUBborn: Activate and call DCOM objects without proxy: blog.exatrack.com/STUBborn/
38
57
13,242
LE BERRE Stéfan retweeted
Alexandre Borges
@ale_sp_brazil
14 Aug 2024
So far, I have written 706 pages to help the security community. My goal will be writing new articles of the Exploiting Reversing Series (ERS), which is focused on security research. However, I am planning to write one or two additional articles of my previous series MAS (Malware Analysis Series) to finish it off. 10. exploitreversing.com/2024/01… 09. exploitreversing.com/2023/04… 08. exploitreversing.com/2024/08… 07. exploitreversing.com/2023/01… 06. exploitreversing.com/2022/11… 05. exploitreversing.com/2022/09… 04. exploitreversing.com/2022/05… 03. exploitreversing.com/2022/05… 02. exploitreversing.com/2022/02… 01. exploitreversing.com/2021/12… #windows #idapro #kerneldrivers #kernel #infosec #reversing #malwareanalysis #vulnerability #securecode
10
222
772
43,594
LE BERRE Stéfan retweeted
Nicolas Krassas
@Dinosn
15 Jul 2024
Kdrill: Python tool to check rootkits in Windows kernel meterpreter.org/kdrill-pytho…
32
118
5,448
LE BERRE Stéfan retweeted
Can Bölük
@_can1357
28 Jun 2024
Excited to share my latest article: PgC - a novel approach to disable Patchguard during runtime using basic memory management principles. It has worked against every version of Patchguard for the last 7 years, without needing any updates! blog.can.ac/2024/06/28/pgc-g…

PgC: Garbage collecting Patchguard away

I have released another article about Patchguard almost 5 years ago, ByePg, which was about exception hooking in the kernel, but let’s be frank, it …

blog.can.ac
14
122
324
47,263
Load more