Kdrill, an open source tool to check if your kernel is rootkited🔥 A python tool to analyze memory dumps AND live kernel. No dep, py2/3, no symbols 💪 It rebuild on the fly kernel structs and check suspicious modifications (and if patchguard is running 👀) github.com/ExaTrack/Kdrill

🔍 Chercher des traces de rootkits (Kernel) sur des environnements Windows suite à une compromission ou en threat hunting peut être une des tâches les plus techniquement challengeantes. 🛡️ Microsoft possède un kernel des plus complexes mais aussi sensibles lorsqu'on le manipule,

A useful tool made by the ExaTrack team!

Excited to share my latest article: PgC - a novel approach to disable Patchguard during runtime using basic memory management principles. It has worked against every version of Patchguard for the last 7 years, without needing any updates! blog.can.ac/2024/06/28/pgc…

themida-unmutate - Static deobfuscator for Themida/WinLicense/Code Virtualizer's mutation-based obfuscation github.com/ergrelet/themi…

Kdrill: Python tool to check rootkits in Windows kernel meterpreter.org/kdrill-python-…

So far, I have written 706 pages to help the security community. My goal will be writing new articles of the Exploiting Reversing Series (ERS), which is focused on security research. However, I am planning to write one or two additional articles of my previous series MAS (Malware

In our search for new forensic artifacts at ExaTrack, we sometimes deep dive into Windows Internals. This one is about COM and interacting with remote objects using a custom python LRPC Client. STUBborn: Activate and call DCOM objects without proxy: blog.exatrack.com/STUBborn/

Slides & video from our GreHack talk "Attacking Hypervisors - A Practical Case" are online! Learn how we exploited vulnerabilities to escape VirtualBox during Pwn2Own Vancouver 2024: reversetactics.com/publications/2…

Hey :) If you missed your daily Frenglish dose, my talk about Octo at Virus Bulletin is now available on Youtube: youtube.com/watch?v=H8y9d_… Talked about malware, infrastructure, bulletproof hoster, and more. The full paper is also available in the description :) Team Cymru Threat Research

3+ YEARS of stealth! We uncovered new tactics used by the perfctl malware, including a userland rootkit & an SSH backdoor (a single SPACE in /etc/passwd!). More insights: blog.exatrack.com/Perfctl-using-… #cybersecurity #threat_hunting #linux #infosec #perfctl #rootkit #ssh #exatrack

Probably worth reposting this for the first day of #100DaysofYARA

Kdrill update 📢 ARM64 support added, hunt those rootkits before they adapt to your Winows! github.com/ExaTrack/Kdrill

Think HVCI and kCET mean the end of kernel code execution? I wrote a blogpost exploring an alternative way to execute a kernel payload! :) blog.slowerzs.net/posts/keyjumpe…

#Podcast #Cybersécurité Épisode #501 : détection vs. recherche de compromissions (suite de l'épisode #491), avec LE BERRE Stéfan nolimitsecu.fr/detection-vs-r…

🚀 Take your malware analysis skills to the next level with Exalyze Discover our unique capabilities to compare malware code with our entire database, identifying similar samples and uncovering hidden connections. 👉 exalyze.io Exalyze

A well-done article written by memN0ps: Hypervisors for Memory Introspection and Reverse Engineering: secret.club/2025/06/02/hyp… #reverveengineering #infosec #hypervisor #memoryanalysis #windows #rust

Good morning! Just published a blog post diving into Windows Kernel Pool internals: basics, memory allocation functions, internal structures, and how Segment Heap, LFH, and VS work. r0keb.github.io/posts/Windows-…

[Research] CVE-2025-24985: Windows Fast FAT Driver RCE Vulnerability hackyboiz.github.io/2025/07/17/ogu… The vulnerability was caused by the ability to control five variables within the VHD file that determine the number of clusters.

I'm glad to share my talk at Botconf 2025! Do you want to know how we compare a sample with 150k others in seconds on Exalyze? This talk is made for you 🚀 At the end, you'll get a hint on what's coming next for Exalyze! 😉 youtube.com/watch?v=TS8XO2… exalyze.io