Summary As Rust gains popularity for systems programming, threat actors have started adopting it for malware development — from ransomware (BlackCat/ALPHV) to cross-platform backdoors (RustBucket)....
Reverse Engineering With C++ STL Types
Summary When reversing C++ binaries, recognizing STL types like std::string, std::vector, and std::shared_ptr can make your analysis significantly more readable. However, IDA Pro does not natively ...
Using Syscall Tables in IDA Pro for Linux Reverse Engineering
Summary When reverse engineering Linux binaries, especially statically linked or stripped ELF files, understanding system calls is essential. Linux binaries often invoke syscalls directly via int 0...
Rust Malware
Summary Rust has quickly emerged as a popular language for malware development. Threat actors are adopting Rust to create cross-platform, highly optimized malware that can evade traditional detecti...
IDA Pro plugins (2025)
Summary Coming into the new year I did a personal review of plugins and frameworks that I currently use. There are also some that I am in the process of experimenting with as I may be able to appl...
Beavertail and InvisibleFerret malware
Summary FAMOUS CHOLLIMA, active since 2018, is a low-sophistication adversary almost certainly operates on behalf of the North Korean government (DPRK). The adversary primarily focuses on generatin...
Decoding Ebury Malware SSH Commands
Summary The Ebury malware family plays a role in a much larger multi-malware family operation that has been going on for over 10 years. The ESET company has over a decade of research into this and ...
Extracting out DarkGate malware from MSI
Summary According to malpedia, DarkGate malware is: “A commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) ...
Golang Reverse Engineering Tips
Summary The following document is a collection of information I discovered while reverse engineering Golang binaries. This is specific to the context of malware and generally speaking, stripped bi...
Reverse Engineering on Windows 11 ARM (Macbook Pro M1/M2)
Summary I have recently purchased the new Macbook Pro M2 Max 16” as I finally wanted to switch over into the ARM world on the desktop. One of my main concerns was around my focus on reverse engine...