I published an article how BlackByte evades EDR by removing kernel callbacks via abuse of vulnerable driver Rtcore64.sys news.sophos.com/en-us/2022/1… #reverseengineering #malware #infosec #windows #cybersecurity #blackbyte #ALPHV #sophos #ida #ransomware #endpoint

⚠️ RIFT Update ⚠️ We’ve just shipped a new update to RIFT: • Customize values and add missing libraries if crate extraction falls short • Configure RIFT more easily • Support for the latest Rust compilers • Improved installer script github.com/microsoft/RIFT #infosec #msft

⚠️Deep dive analysis of Gentlemen ransomware by MIRAGE/MSFT⚠️ microsoft.com/en-us/security… #malware #reverseengineering #ransomware #cybersecurity #infosec

RT @MalwareRE: The Gentlemen ransomware is a ransomware-as-a-service (RaaS) threat that is distinguished by its ability to pair its strong…

Kazuar (Secret Blizzard) is a highly sophisticated malware family. #MIRAGE takes a deep dive into its modular P2P botnet and how it enables covert, persistent access 👀 microsoft.com/en-us/security… #cybersecurity #reverseengineering #microsoft #infosec #malware #threatintel

RT @MalwareRE: Another quality technical blog from #MIRAGE, this time on Secret Blizzard’s beloved #Kazuar malware. This blog is an in-dept…

RT @MalwareRE: Microsoft Threat Intelligence uncovered a macOS‑focused cyber campaign by the North Korean threat actor Sapphire Sleet that…

The Russian military intelligence actor Forest Blizzard has conducted large-scale exploitation of vulnerable small office/home office (SOHO) devices to hijack DNS requests and enable persistent, passive visibility and reconnaissance at scale. msft.it/6012Q24hI By compromising edge devices that are upstream of larger targets, threat actors could take advantage of less closely monitored assets to pivot into enterprise environments. We have identified over 200 organizations and 5,000 consumer devices impacted by Forest Blizzard’s malicious DNS infrastructure. Microsoft Threat Intelligence is publishing this research to increase awareness of the risks associated with insecure home and small-office internet devices and to give users and organizations tools to mitigate, detect, and hunt for these threats where they might be impacted.

⭐ RIFT Major Rearchitecture! Now more modular, extensible, and easier to use New experimental build 3 modes: file analysis, direct generation, HTTP API service Improved IDA Plugin! github.com/microsoft/RIFT #reverseengineering #malware #cybersecurity #infosec #RIFT

Recently, Microsoft's Digital Crimes Unit (DCU) facilitated a disruption of RedVDS infrastructure and related operations. microsoft.com/en-us/security… #infosec #cybersecurity #digitalcrime #cybercrime

The IDA Pro 9.3 release is just around the corner. hex-rays.com/blog/ida-9.3-ty… #reverseengineering #idapro #malware #threatintel

🚨 RIFT Update 🚨 Improved rustc compiler detection ✅ Fixed bugs causing incorrect FLIRT signatures for nightly builds 🛠️ Plus, multiple stability fixes! We’re making RIFT easier to use—big features coming soon 😎 👉 github.com/microsoft/RIFT #RIFT #rust #microsoft #infosec

🚨 “A fake fix is all it takes.” ClickFix convinces users to run attacker commands themselves. Always verify before pasting anything into a terminal. Full analysis: microsoft.com/en-us/security… #malware #mstic #microsoft #infosec #cybersecurity

RIFT Update ⚡ Automate rustc_hashes.json updates with new Linux & Windows scripts! Easier than ever. 👉 github.com/microsoft/RIFT #CyberSec #MalwareResearch #RIFT

This is an amazing story about why companies should always think about who their customers are! Lesson: Don't mess with reverse engineers! codetiger.github.io/blog/the… #reverseengineering #cybersecurity #infosec

Just dropped: my RECON 2025 talk on Rust library recognition in malware! 🦀 Worth a watch if you're into RE or malware research. youtu.be/_JiuYkFzVgg?si=7GAV… #malware #RIFT #microsoft #reverseengineering #rust

Lots of frustration in the malware analysis and reverse engineering community. It's been discovered a DEFCON talk, presentation, and the code which coincided with it, was AI slop. The talk itself had hallucinated terminology which (apparently) no one at DEFCON noticed. Bad.

RT @MalwareRE: #PipeMagic is a highly modular backdoor used by the financially motivated threat actor Storm-2460. It masquerades as a legit…

🚨 Ever tangled with virtual machine-based code protection? 🚨 In 2020, I wrote a virtual machine deobfuscator for a crack me challenge. Check it out! malwareandstuff.com/taming-v… malwareandstuff.com/taming-v… 🔍 #ReverseEngineering #MalwareAnalysis #windows #idapro #deobfuscation

🚨 Microsoft reports Russian APT Secret Blizzard is targeting embassies in Moscow with AiTM attacks using ApolloShadow malware. It installs a trusted root cert to spoof legit sites & maintain persistence—ongoing since 2024. 🧵 Details: microsoft.com/en-us/security… #CyberSecurity #APT #ThreatIntel

🚨 RIFT update! Now supports FLIRT signature generation on Linux 🐧 🔗 github.com/microsoft/RIFT #RustLang #MalwareAnalysis #ReverseEngineering #DFIR #FLIRT