Please don’t lie to me… I can respect a bad decision you made, but I can’t respect a lier!

New release: #PEbear 0.7.2: github.com/hasherezade/pe-be… - with important bugfixes and new features:

New #TinyTracer (4.0) is ready: github.com/hasherezade/tiny_… - refactored for compatibility with the latest PIN - and with some new features!

Hibernation Recon has recovered smoking guns in some of the highest-stakes cases involving digital forensics anywhere, ever. Here's a network packet recovered from the third level of a NetWire victim's Windows hibernation slack involving file transfer to an attacker's C2. #DFIR

It has been a long journey and I hope to run this account for many more! To all those who follow this account, THANK YOU - your support means a lot to me. #MyXAnniversary

All EZ Tools have been updated! New version is 2026.5.0 across the board. Nuget updates, control updates, bug fixes and general refreshing of everything. Enjoy!! #dfir

#FalCon2026 registration is open, bringing 10,000 cyber leaders and innovators to Las Vegas for four days of real-world strategy, technical depth, and industry-defining conversations. Be part of what's next. Join us in Las Vegas. → crwdstr.ke/6010B6j6P2 📍 Mandalay Bay | Aug 31-Sept 3

I’m excited to announce the inaugural CrowdStrike Day Zero 2026 Threat Research Summit, an invite-only event for researchers, defenders, and cost-imposing warriors on the front lines of cyber conflict. Day Zero will showcase cutting-edge technical work, advanced research into adversaries and technology, and foster the kind of discussion that challenges assumptions and sharpens ideas. CrowdStrike researchers are already submitting their ideas. The Call for Papers (CFP) is open, and these sessions will be closed-door, with strict information-sharing protocols in place. Evening kickoff: Aug 30th | Day Zero 2026 Summit: Aug 31st *Ahead of Fal.Con Vegas | 📍Mandalay Bay, Las Vegas Register for updates and submit your paper. crowdstrike.com/en-us/events…

The Evidence Locker new additions: - @MagnetForensics MUS/MVS CTF images including 2026's (thanks to @Hexordia) - Ashemery challenges (@binaryz0ne) - MemLabs memory challenges (@_abhiramkumar) - HackForge forensic challenges #CTF #TestImages #DFIR theevidencelocker.github.io/

I am excited to release the seventh article in the Exploiting Reversing Series (ERS). Titled “Exploitation Techniques | CVE-2024-30085 (part 01)” this 119-page technical guide offers a comprehensive roadmap for vulnerability exploitation: exploitreversing.com/2026/03… Key features of this edition: [ ] Dual Exploit Strategies: Two distinct exploit versions using Token Stealing and I/O Ring techniques. [ ] Exploit ALPC PreviousMode Flip Token Stealing: elevation of privilege of a regular user to SYSTEM. [ ] Exploit ALPC Pipes I/O Ring: elevation of privilege of a regular user to SYSTEM. [ ] Solid Reliability: Two complete working and stable exploits, including an improved cleanup stage. [ ] Optimized Exploit Logic: Significant refinements to the codebase and technical execution for better stability and predictability. The article guides you through the two distinct techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow vulnerability. I would like to thank Ilfak Guilfanov (@ilfak on X) and Hex-Rays SA (@HexRaysSA on X) for their constant and uninterrupted support, which has helped me write these articles over time. I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback! Enjoy your reading and have an excellent day.

Calling all threat hunters, reverse engineers, and intel experts 🕵️‍♂️💻 The inaugural Day Zero Threat Research Summit hits Las Vegas (Aug 30–Sept 1). We’re gathering intelligence experts to expose the latest adversary tradecraft. 🔍 crwdstr.ke/6018hAWe8 Call for Research is OPEN: ✅ AI Tradecraft ✅ Reverse Engineering ✅ Detection

Two more screenshots as you ponder the current state of #DFIR education involving Windows swap.

You don't learn reverse engineering by reading about it. You learn by doing it. That's why I built malops.io, a free platform with hands-on RE challenges using real malware: Whether you're starting out or sharpening your skills, this is how you level up.

I am pleased to announce the publication of the sixth article in the Exploiting Reversing Series (ERS). Titled "A Deep Dive Into Exploiting a Minifilter Driver (N-day)", this 251-page article provides a comprehensive look at a past vulnerability in a mini-filter driver: exploitreversing.com/2026/02… It guides readers through the entire investigation process—beginning with binary diffing and moving through reverse engineering, deep analysis and proof-of-concept stages into full exploit development. I hope this serves as a valuable resource for your research. If you enjoy the content, please feel free to share it or reach out with feedback. Have an excellent day!

CrowdStrike has identified WARP PANDA, a China-nexus actor targeting vCenter and cloud environments with custom implants and long-term covert access. 🔗 Full analysis and recommendations: crwdstr.ke/601374Kwx

5 Signs of Genuinely Good Person... ‼️‼️

It’s official! The new #tsurugi #linux release is online ready for you! It has been almost one year of work in our free time and we reduced the iso image size about 5GB mainly keeping the same tools. We hope you’ll find it useful! #Enjoy!

Check out our latest Insights article "Quick Tour Of New Features In Arsenal Image Mounter v3.12.331" to see highlights (lots of screenshots!) of the latest AIM functionality: arsenalrecon.com/insights/qu…. #DFIR

TERABYTES OF FORENSIC TEST IMAGES HUNDREDS OF CTFs dfir.training/downloads/test… #DFIR #CTF