I came across another simple no-name Linux espionage RAT by coincidence and starting to wonder what else we're missing in that space 👀
11.03.2026 03:56
👍 4
🔁 0
💬 1
📌 0
I came across another simple no-name Linux espionage RAT by coincidence and starting to wonder what else we're missing in that space 👀
En route to Orlando 😱 #REverse2026 #Squeee
Another gem, here is all you ever wanted to know about Itanium C++ ABI exception handling and how its implemented in Linux C++ binaries maskray.me/blog/2020-12...
BlackHat US Call for Paper is open, and we're eagerly awaiting your submissions! I'm proud to be shepherding the Reverse Engineering track again this year and I'll be actively soliciting for cool research 😏😏😏
usa-briefings-cfp.blackhat.com
Randomly came across this downloader, which seems to want to download and built itself some kernel rootkit. The internet suggests this malware belongs to some relatively recent FnOS attack campaign on Feiniu private cloud. Tell me again Linux malware is boring.
My note taking pencil for the serious notes!
This is a phenomenal little blog post about Linux C++ binary analysis ❤️❤️❤️
oneraynyday.github.io/dev/2020/05/...
And I've got to look whether that has been visualization in a graph yet 🤓
Id need to look but I'm almost sure this has been done, I'm curious now though. It also has to be a hard problem since not all paths are deterministic statically. Anyhow, have you looked into symbolic execution? One can mathematically determine the flow of data through a program.
Interesting, pathfinder as in data flow analysis, as in depending on input code takes said path through a given function? My scripts are definitely not advanced enough, but I believe there is prior research in that direction, and additional I'd think that a higher level representation would help
Mini blog: I promised I'd publish the binary pewpew project I created with the help of Claude, and here we are, blog with link to Github. Works-on-my-machine type of project ;)
hackandcheese.com/posts/blog2_...
Ok weird stuff. I have a flat earther in my family and am genuinely puzzled. Torn between plain curiosity, screaming at them for ignoring physics, and really worried for their future. What.. does one do with these people?
Save the date! @blackhoodie.bsky.social is coming to Luxembourg! On May 6th we're partnering with #BSidesLuxembourg for a day of binary fun and joy 🥳🥳🥳
Maaaaan GCC for 32-bit Intel really didn't like push instructions huh
Omg that could be two bestsellers 😱
The cathartic effect of reverse engineering without a business objective should have its own therapy book.
Its a function of a piece of malware, the graph is the flow graph of the function, and the fact that there are so many branches indicates code obfuscation :)
😍😍😍
Totally, this one was 4dc06ecee904b9165fa699b026045c1b6408cc7061df3d2a7bc2b7b4f0879f4d, from this blog post www.trendmicro.com/en_us/resear..., and they list some more hashes, link at the very bottom!
Keep me posted if you find anything interesting, Im short on time for fun projects these days 😭
I've only spent a hot 5 min, but the level of obfuscation in the September version of Lockbit for Linux is marvelous
Do Windows sandboxes these days run full blown Win11? Asking for a friend; a friend who's been waiting for their Win11 VM to update and is bored out of their mind.
Wow Claude, that input was supposed to go to this API, not THAT one; that loop counter really didn't need increasing here; and this sanitization check returns a value ffs
HAPPY FRIDAY!!! Our Agenda is now live! Check it out!
Check it out: www.districtcon.org/speakers
In November I joined @elykdeer.bsky.social on the @binaryninja.bsky.social podcast to chat about Linux malware reverse engineering, advances in analysis tools, and my upcoming training at RE//verse conference. Check out the recording!
www.youtube.com/watch?v=R72m...
We still have seats open for @blackhoodie.bsky.social at @districtcon.bsky.social on January 23rd in Washington DC! The class will be reverse engineering their way through an integer overflow bug in libpng 🤓
blackhoodie.re/DistrictCon2...
Im on all platforms these days, it drives me nuts, but I miss my people, so
👀
Wag The Dog wasn't supposed to be a documentary..
Squeee so excited 😍😍😍 @blackhoodie.bsky.social will be at @districtcon.bsky.social next year, on January 23rd @synapticrewrite.bsky.social and I will teach a day of Reverse Engineering for Vulnerability Discovery, registration is now open blackhoodie.re/DistrictCon2...
Wonderful little blog post about the Windows Process and Thread Environment blocks metehan-bulut.medium.com/understandin...