Summary As Rust gains popularity for systems programming, threat actors have started adopting it for malware development — from ransomware (BlackCat/ALPHV) to cross-platform backdoors (RustBucket)....

Summary When reversing C++ binaries, recognizing STL types like std::string, std::vector, and std::shared_ptr can make your analysis significantly more readable. However, IDA Pro does not natively ...

Summary When reverse engineering Linux binaries, especially statically linked or stripped ELF files, understanding system calls is essential. Linux binaries often invoke syscalls directly via int 0...

Summary Rust has quickly emerged as a popular language for malware development. Threat actors are adopting Rust to create cross-platform, highly optimized malware that can evade traditional detecti...

Summary Coming into the new year I did a personal review of plugins and frameworks that I currently use. There are also some that I am in the process of experimenting with as I may be able to appl...

Summary FAMOUS CHOLLIMA, active since 2018, is a low-sophistication adversary almost certainly operates on behalf of the North Korean government (DPRK). The adversary primarily focuses on generatin...

Summary The Ebury malware family plays a role in a much larger multi-malware family operation that has been going on for over 10 years. The ESET company has over a decade of research into this and ...

Summary According to malpedia, DarkGate malware is: “A commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) ...

Summary The following document is a collection of information I discovered while reverse engineering Golang binaries. This is specific to the context of malware and generally speaking, stripped bi...

Summary I have recently purchased the new Macbook Pro M2 Max 16” as I finally wanted to switch over into the ARM world on the desktop. One of my main concerns was around my focus on reverse engine...