We are excited to announce our keynotes for this year!

Joshua Reynolds, Founder, Invoke RE
and
Michael Spaling, Principal Security Architect, University of Alberta

🧙‍♂️ Did you know you can easily hook, patch, or change arguments to functions both in user mode and kernel mode by using #HyperDbg?

Here’s a quick example 👇

Don’t miss Cindy Xiao’s talk on Reconstructing Rust Types from RE//verse 2025 if you’re dealing with Rust in your day to day. It’s one worth adding to your watchlist: https://youtu.be/SGLX7g2a-gw?feature=shared

komorebi v0.1.37 "RAHAF" is out

As always, there's a relaxing video with demos and high level explanations of new features

If you donate to the Palestine Children's Relief Fund in May or June, DM me a screenshot of your donation and I'll do my best to match it

https://www.youtube.com/watch?v=MuR1-w-rLZI

#rust #windows #komorebi #software #youtube

@REverseConf If you ever need to find both the talk video and the slides again, they are collected in one place on my site and on GitHub, for your convenient bookmarking:

https://cxiao.net/posts/2025-02-28-reconstructing-rust-types-re-verse-2025/
https://github.com/cxiao/reconstructing-rust-types-talk-re-verse-2025/

#rust #rustlang #ReverseEngineering #reversing #malware #MalwareAnalysis #infosec

@REverseConf The slides for "Reconstructing Rust Types: A Practical Guide for Reverse Engineers" are also available! There is a convenient single-page HTML version if you want to use the material in the presentation as a reference, for your own reversing!

https://cxiao.net/posts/2025-02-28-reconstructing-rust-types-re-verse-2025/
https://github.com/cxiao/reconstructing-rust-types-talk-re-verse-2025/

#rust #rustlang #ReverseEngineering #reversing #malware #MalwareAnalysis #infosec

Hi Rust reversing fans - the recording of my talk at @REverseConf: Reconstructing Rust Types: A Practical Guide for Reverse Engineers, is available for you to watch!

https://www.youtube.com/watch?v=SGLX7g2a-gw

#rust #rustlang #ReverseEngineering #reversing #malware #MalwareAnalysis #infosec

🔔 Today at 12:30 pm ET/9:30 am PT: Join us for a conversation about Trump's attacks on Voice of America and other publicly funded media outlets, featuring press freedom reporter Liam Scott, Archive Team Co-founder Jason Scott, and FPF's Caitlin Vogus.

Microsoft employee bypasses ‘Palestine’ block to email thousands of staff in protest https://www.theverge.com/microsoft/673568/microsoft-palestine-email-block-defeated-employee

2025-05-22 (Thursday): After the recent #LummaStealer disruption, I found an active sample today, so how effective was the disruption, really?

SHA256 hash for the installer EXE for Lumma Stealer:

8619bea9571a4dcc4b7f4ba494d444b8078d06dea385dc0caa2378e215636a65

Analysis:

- https://tria.ge/250523-afpxxsfm5t
- https://app.any.run/tasks/add82eaa-bdb8-43b9-885b-c0a58cc2530c

To be fair, I investigated a campaign that was pushing Lumma Stealer earlier this week, and it had switched to #StealC v2 malware earlier today (2025-05-22):

- https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-05-22-campaign-switches-from-Lumma-to-StealC-v2.txt

So the disruption was at least somewhat effective based on what I'm seeing. I don't have eyes on the criminal underground, though, so I don't know what's happening with Lumma Stealer's customers.

What *exactly* happens between panic!() and your program going down?

You will learn it all at this years https://rustforgeconf.com!!

Im so very excited to be there and you should be too! (i got something special planned too 👀)

If you haven’t seen it yet, make time for this one! Peter Garba and Vikas Gupta break down De-Obfuscating WebAssembly using LLVM at RE//verse 2025. Check it out here: https://youtu.be/gKRdOcuXbYI?feature=shared

Every so often somebody forwards me a mail from a CTI sharing forum where it’s marked TLP:RED, it’s been sent to a mailing list with 4000 different orgs on it, and they’re IOCs from a vendor blog.

Cybersecurity is very broken.

The #FBI and #DCIS disrupted #Danabot. #ESET was one of several companies that cooperated in this effort. https://www.welivesecurity.com/en/eset-research/danabot-analyzing-fallen-empire/
#ESETresearch has been involved in this operation since 2018. Our contribution included providing technical analyses of the malware and its backend infrastructure, as well as identifying Danabot’s C&C servers. Danabot is a #MaaS #infostealer that has also been seen pushing additional malware – even #ransomware, such as #LockBit, #Buran, and #Crisis – to compromised systems.
We have analyzed Danabot campaigns all around the world and found a substantial number of distinct samples of the malware, as well as identified more than 1,000 C&Cs.
This infostealer is frequently promoted on underground forums. The affiliates are offered an administration panel application, a backconnect tool for real-time control of bots, and a proxy server application that relays the communication between the bots and the C&C server.
IoCs are available in our GitHub repo. You can expect updates with more details in the coming days. https://github.com/eset/malware-ioc/tree/master/danabot

@tendstofortytwo art

It appears federal funding cuts to MS-ISAC , albeit to an outsider of the program, is going to exact some significant changes to the org, including the introduction of some new membership fees for some services.

https://www.cisecurity.org/ms-isac/defending-americas-critical-infrastructure

More details reportedly coming to a members June 10 webinar. I was never part of the org when was I was in higher ed ops so I have nothing much else to say about what this will ultimately mean.

Freedom House awarded its 2025 Beacon Award to the government and civil society of Taiwan for their "steadfast efforts to protect their own vibrant democracy, and to support the global struggle for freedom, in the face of escalating pressure from the Chinese Communist Party."

https://freedomhouse.org/article/freedom-house-announces-2025-award-recipients

#Taiwan #FreedomHouse #democracy #HumanRights #台灣

🔥 DFIR Labs is Evolving! Have You Seen What's New? 🔥

Big things are happening at DFIR Labs! We've been hard at work implementing a wave of exciting changes and improvements, all designed to enhance your experience!

But we're not stopping there – even more updates are on the horizon!

➡️ Check it out now! https://dfirlabs.thedfirreport.com

#DFIR #DigitalForensics #IncidentResponse #Cybersecurity

While Rust celebrated its 10th birthday last Thursday, I've been served notice the same day; my garden leave start soon. I'm not superstitious, but this ironic coincidence itches my drive towards Rust.
So, as I'm going to "enjoy" my spare time, I'd like to offer my help with learning #Rust (especially transition from C++), code reviews, help writing code for your project or adopting it into your existing projects (in #C or #C++), eventually help with software design decisions.