Profile avatar
alexandreborges.bsky.social
Vulnerability Researcher | Exploit Developer (speaker 3x at DEF CON)
170 posts 433 followers 58 following
Prolific Poster
Posts 47 Comments 3

The Key to COMpromise - Pwning AVs and EDRs by Hijacking COM Interfaces, Part 1, 2 and 3: neodyme.io/en/blog/com_... neodyme.io/en/blog/com_... neodyme.io/en/blog/com_... #edr #redteam #informationsecurity #edr #com #programming #cybersecurity

submitted 1 day ago • 0 comments

The Art of Breaking AI: Exploitation of large language models: 7h3h4ckv157.medium.com/the-art-of-b... #ai #informationsecurity #infosec #llm #exploitation #exploit

submitted 11 days ago • 0 comments

The fourth article (126 pages) of the Exploiting Reversing Series (ERS) is available on: exploitreversing.com/2025/02/04/e... I hope you enjoy reading it and have an excellent day. #apple #ios #macOS #architecture #cybersecurity #research #internals #vulnerability #idapro

submitted 24 days ago • 1 comment

Free & Affordable Training News Monthly: Dec 2024 - Feb 2025 - Newly released DFIR, OSINT, and Malware Analysis training, tools, and books from Dec 2024 & Jan 2025 - Upcoming CTFs and training for February, 2025 Link: dfirdiva.com/free-amp-aff... #DFIR #IncidentResponse #MalwareAnalysis #OSINT

submitted 26 days ago • 0 comments

Mitigating DMA Attacks Through Redirected Address Tables research.meekolab.com/mitigating-d... #informationsecurity #cybersecurity #hardware #dma #processor

submitted 35 days ago • 0 comments

Reverse Engineering Call Of Duty Anti-Cheat: ssno.cc/posts/revers... #reverseengineering #anticheat #informationsecurity #cybersecurity #assembly

submitted 35 days ago • 0 comments

Securing Cryptocurrency Organizations: cloud.google.com/blog/topics/... #crypto #cybersecurity #informationsecurity #threatintelligence #cryptocurrency

submitted 35 days ago • 0 comments

The third article (62 pages) of the Exploiting Reversing Series (ERS) is available on: exploitreversing.com/2025/01/22/e... I hope you like the reading and have an excellent day #chrome #browsers #architecture #cybersecurity #v8 #research #internals #vulnerability #google

submitted 37 days ago • 0 comments

The third article (62 pages) of the Exploiting Reversing Series (ERS) is available on: exploitreversing.com/2025/01/22/e... I hope you like the reading and have an excellent day #chrome #browsers #architecture #cybersecurity #v8 #research #internals #vulnerability #google

submitted 37 days ago • 0 comments

2025.01.18: As expensive as a plane flight: Looking at some claims that quantum computers won't work. blog.cr.yp.to/20250118-fli... #quantum #energy #variables #errors #rsa #secrecy #crypto #informationsecurity #cybersecurity #cryptography

submitted 40 days ago • 0 comments

A Brief JavaScriptCore RCE Story: qriousec.github.io/post/jsc-uni... #cybersecurity #informationsecurity #rce #javascript #vulnerability

submitted 41 days ago • 0 comments

The tenth article (35 pages) of the Malware Analysis Series (MAS) is available on: exploitreversing.com/2025/01/15/m... Next week (JAN/22) the third article of the Exploiting Reversing Series (ER 03) will be released. Have an excellent day. #linux #malware #elf #crypto #ransomware

submitted 44 days ago • 0 comments

The nineth article (38 pages) of the Malware Analysis Series (MAS) is available on: exploitreversing.com/2025/01/08/m... Even though I haven't been on this subject for years, I promised I would write a series of ten articles, and the last one will be released next week (JAN/15). #malware

submitted 51 days ago • 0 comments

BlackPill is a stealthy Linux rootkit made in Rust. github.com/DualHorizon/... #rootkit #malware #linux #rust #hypervisor

submitted 56 days ago • 0 comments

Diving into ADB protocol internals: part 01: www.synacktiv.com/publications... part 02: www.synacktiv.com/en/publicati... #adb #mobile #protocol #informationsecurity #cybersecurity #reverseengineering

submitted 57 days ago • 0 comments

All videos from The 38th Chaos Communication Congress (38C3) 2024: media.ccc.de/b/congress/2... #cybersecurity #informationsecurity #hacking #exploitation #iOS #android #apple #exploitation #reverseengineering #vulnerability

submitted 59 days ago • 0 comments

Introduction to Algorithms (from MIT): (PDF) ocw.mit.edu/courses/6-00... (videos) ocw.mit.edu/courses/6-00... #algorithms #crypto #informationsecurity #cybersecurity

submitted 61 days ago • 0 comments

Uncovering GStreamer secrets: github.blog/security/vul... #informationsecurity #cybersecurity #vulnerability #bug #fuzzing

submitted 64 days ago • 0 comments

CVE-2024-40896 Analysis: libxml2 XXE due to type confusion www.openwall.com/lists/oss-se... #cve #linux #libxml2 #xxe #vulnerability #exploitation #bug #typeconfusion

submitted 64 days ago • 0 comments

Syscall tables | Combined Windows syscall tables github.com/hfiref0x/Sys... #lowlevel #reverseengineering #programming #cybersecurity

submitted 66 days ago • 0 comments

Rules to avoid common extended inline assembly mistakes: nullprogram.com/blog/2024/12... #programming #informationsecurity #cybersecurity

submitted 67 days ago • 0 comments

Good and interesting presentation by Joe Bialek: Pointer Problems – Why We’re Refactoring the Windows Kernel: youtube.com/watch?v=-3jx... #microsoft #windows #kernelsecurity #programming #kernel

submitted 75 days ago • 0 comments

Practical Use Cases of Exploiting MS Exchange in External Penetration Tests static.ptsecurity.com/events/exch-... #vulnerability #exploitation #exploit #msexchange #microsoft #cybersecurity #informationsecurity

submitted 77 days ago • 0 comments

Malwoverview version 6.1.0 has just been released: github.com/alexandrebor... To install it: $ python -m pip install -U malwoverview This release includes several new features: [+] Virus Exchange support. [+] IPInfo and BGPView support. [+] Global directory support. #malware #threathunting

submitted 78 days ago • 0 comments

(QR) Coding My Way Out of Here: C2 in Browser Isolation Environments: cloud.google.com/blog/topics/... #C2 #browser #google #informationsecurity #infosec #threatanalysis

submitted 79 days ago • 0 comments

Forensic Science International: Digital Investigation (issue 2024/51): www.sciencedirect.com/journal/fore... #dfir #cybersecurity #digitalforensics #informationsecurity #research

submitted 83 days ago • 0 comments

Decrypting CryptProtectMemory without code injection: blog.slowerzs.net/posts/cryptd... #crypto #decryption #cybersecurity #informationsecurity #rdp #windows #programming

submitted 85 days ago • 1 comment

OtterRoot: Netfilter Universal Root 1-day (by my colleague Pedro @0xten.bsky.social): osec.io/blog/2024-11... #linux #vulnerability #doublefree #kernel #cybersecurity #exploitation

submitted 88 days ago • 1 comment

How to develop n-day chrome exploit for electron applications: github.com/p3rr0x/Blog/... #exploit #cybersecurity #chrome #nday #informationsecurity #vulnerability #exploitation

submitted 92 days ago • 0 comments

Defects-in-Depth: Analyzing the Integration of Effective Defenses against One-Day Exploits in Android Kernels: www.usenix.org/system/files... #kernel #cybersecurity #linux #zerodays #exploit #android #informationsecurity

submitted 94 days ago • 0 comments

Learning LLVM series (by sh4dy on X): sh4dy.com/2024/06/29/l... sh4dy.com/2024/07/06/l... sh4dy.com/2024/11/24/l... #llvm #reversing #programming

submitted 97 days ago • 0 comments

Leveling Up Fuzzing: Finding more vulnerabilities with AI: security.googleblog.com/2024/11/leve... #fuzzing #google #vulnerabilities #ai #informationsecurity #cybersecurity

submitted 100 days ago • 0 comments

Reverse Engineering iOS 18 Inactivity Reboot naehrdine.blogspot.com/2024/11/reve... #ios #cybersecurity #reverseengineering #informationsecurity #apple

submitted 101 days ago • 0 comments

Bluetooth Low Energy GATT Fuzzing: blog.quarkslab.com/bluetooth-lo... #informationsecurity #cybersecurity #fuzzing #bluetooth #hacking #vulnerability #bug #cve

submitted 102 days ago • 0 comments

Retrofitting spatial safety to hundreds of millions of lines of C++: security.googleblog.com/2024/11/retr... #securecode #infosec #informationsecurity #cpp #programming #cybersecurity

submitted 103 days ago • 0 comments

r2con2024 (PDF + videos) radare.org/con/2024/ #reversing #cybersecurity #informationsecurity #malwareanalysis #reverseengineering

submitted 104 days ago • 0 comments

Protecting Signal Keys on Desktop cryptographycaffe.sandboxaq.com/posts/protec... #reverseengineering #crypto #infosec #informationsecurity #cybersecurity

submitted 104 days ago • 0 comments

We have now hit 16 million users. We're looking like we might onboard another million today, we'll see. Regardless we'll be far past 16.5 million I'm quite certain.

submitted 106 days ago • 146 comments

Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575: labs.watchtowr.com/hop-skip-for... #cybersecurity #fortinet #cyberthreats #vulnerability #exploitation #cve

submitted 106 days ago • 0 comments

2023 Top Routinely Exploited Vulnerabilities: media.defense.gov/2024/Nov/12/... #informationsecurity #cybersecurity #vulnerability #exploitation #windows #linux #exploit

submitted 107 days ago • 0 comments

CVE-2024-47575: attackerkb.com/topics/OFBGp... #cve #vulnerability #exploitation #exploit #cybersecurity #bug

submitted 107 days ago • 0 comments

ProcDump (from SysInternals) for macOS: github.com/Sysinternals... #macos #infosec #informationsecurity #process #informationsecurity #cybersecurity

submitted 107 days ago • 1 comment

This is probably the simplest case where we see "JUMPOUT" statements, and the solution for such a case is really easy. #ida #reversing

submitted 108 days ago • 0 comments

Inside M4 chips: P cores: eclecticlight.co/2024/11/11/i... #apple #performance #processor #m4 #informationsecurity

submitted 109 days ago • 0 comments

Proxmox VE CVE-2024-21545 - Tricking the API into giving you the keys: snyk.io/articles/pro... #virtualization #cybersecurity #hacking #api #redteam #cve #vulnerability #exploitation

submitted 109 days ago • 0 comments

Abusing Ubuntu 24.04 features for root privilege escalation: snyk.io/blog/abusing... #cybersecurity #infosec #linux #ubuntu #vulnerability #eop #privescalation #redteam #informationsecurity #blueteam

submitted 111 days ago • 0 comments

A deep dive into Linux’s new mseal syscall: blog.trailofbits.com/2024/10/25/a... #syscalls #linux #reverseengineering #cybersecurity

submitted 116 days ago • 0 comments