Andreas Klopsch

57 Followers
16 Following
74 Posts

⚠️ RIFT Update 🚨
New release:
• Custom values + add missing libs if crate extraction fails
• Guided config setup via improved installer
• Updated support for latest Rust compilers

https://github.com/microsoft/RIFT

Feedback welcome as always!

#malware #reversengineering #cybersecurity #infosec #microsoft

GitHub - microsoft/RIFT: Rust Library Recognition Project for Rust Malware by the MSTIC-MIRAGE Team

Rust Library Recognition Project for Rust Malware by the MSTIC-MIRAGE Team - microsoft/RIFT

GitHub
The Gentlemen ransomware: Dissecting a self-propagating Go encryptor | Microsoft Security Blog

Microsoft Threat Intelligence presents a comprehensive analysis of The Gentlemen, a Go-based ransomware deployed by affiliates of Storm-2697 that combines per-file ephemeral key encryption with an aggressive self-propagation module to deploy itself across an entire network using series of simultaneous lateral movement techniques per target.

Microsoft Security Blog

Kazuar (Secret Blizzard) is a highly sophisticated malware family. #MIRAGE takes a deep dive into its modular P2P botnet and how it enables covert, persistent access 👀

https://microsoft.com/en-us/security/blog/2026/05/14/kazuar-anatomy-of-a-nation-state-botnet/

#cybersecurity #reverseengineering #microsoft #infosec #malware #threatintel

Kazuar: Anatomy of a nation-state botnet | Microsoft Security Blog

Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused operations. Over time, Kazuar has expanded from a relatively traditional backdoor into a highly modular peer-to-peer (P2P) botnet ecosystem designed to enable persistent, covert access to target environments.

Microsoft Security Blog

⭐ Announcing a Major Architectural Update to RIFT ⭐

RIFT has undergone a complete rearchitecture to enhance its modularity, extensibility, and usability. An experimental build has been released on our GitHub repository, while the stable build remains available. The experimental build will continue to receive updates and improvements over time.

❓ What is RIFT?

RIFT is a valuable tool for reverse engineers, designed to generate on-demand FLIRT signatures for Rust binaries.

❗ What's new?

⚙️ Three Operation Modes:
- File Analysis Mode: Point RIFT directly at a binary.
- Direct Generation Mode: Target specific crate versions and compiler combinations.
- HTTP API Server Mode: Run RIFT as a service with an async job queue.

🔧 Modernized Ida Pro Plugin: The Ida Plugin has been rebuilt with server integration, enabling FLIRT signature generation while reversing without needing to leave the window.

For more details, visit: https://github.com/microsoft/RIFT

#reverseengineering #malware #rift #infosec #opensource #binaryanalysis

Ever heard about RedVDS? A criminal marketplace selling illegal software and services that facilitated and enabled cybercrime.

Recently, Microsoft's Digital Crimes Unit (DCU) facilitated a disruption of RedVDS infrastructure and related operations.

https://www.microsoft.com/en-us/security/blog/2026/01/14/inside-redvds-how-a-single-virtual-desktop-provider-fueled-worldwide-cybercriminal-operations/

#infosec #cybersecurity #digitalcrime #cybercrime

Inside RedVDS: How a single virtual desktop provider fueled worldwide cybercriminal operations | Microsoft Security Blog

Microsoft’s investigation into RedVDS services and infrastructure uncovered a global network of disparate cybercriminals purchasing and using to target multiple sectors. In collaboration with law enforcement agencies worldwide, Microsoft’s Digital Crimes Unit (DCU) recently facilitated a disruption of RedVDS infrastructure and related operations.

Microsoft Security Blog

Samplepedia update: Users can submit their own images with the samples and there is a platform field.

https://samplepedia.cc

IDA 9.3: Practical Improvements to the Type System

IDA 9.3 improves the type system: parse Objective-C headers directly, cleaner exports, and full round-trip types without losing structure.

I have created a website, where you can share your sample analysis (via links or posts) and search samples for training based on tags and difficulty.

If you write analysis blogs, you can share them there.
https://samplepedia.cc

I'll be at #39c3 this year. Interested in anything malware analysis or podcasting about cyber. I help maintain #malshare if that's your cup of tea.

RE: https://infosec.exchange/@larsborn/115786127689710651

Speaking of which: I will also.be at #39c3, in close vicinity of this gentleman. I can offer some cyber of my own, #BinaryRefinery , or classically, math & crypto stuff.