Alexandre Borges (@alexandreborges) Bsky

Malwoverview 8.0.1 is available:

github.com/alexandrebor...

To update it:

python -m pip install -U malwoverview

#threathunting #malware #cve #vulnerability #cybersecurity #informationsecurity #incidentresponse

4 days ago 1 1 0 0

The Exploiting Reversing Series (ERS) currently features 945 pages of exploit development based on real-world targets: https://exploitreversing.com In the coming weeks, I will publish new articles covering exploration in areas such as Windows, Chrome, iOS/macOS, and hypervisors. #exploit #exploitation

The Exploiting Reversing Series (ERS) currently features 945 pages of exploit development based on real-world targets:

exploitreversing.com

In the coming weeks, I will publish new articles covering exploration in areas such as Windows, Chrome, iOS/macOS, and hypervisors.

#exploit #exploitation

6 days ago 1 0 0 0

CFPsec is program to list Call For Papers or upcoming Hacking/Security Conferences based on cfptime.org website.

github.com/alexandrebor...

To install it:

python -m pip install -U cfpsec

#cybersecurity #informationsecurity #conferences

6 days ago 3 0 0 0

The eighth article of the Exploiting Reversing Series (ERS) is now live. Titled “Exploitation Techniques | CVE-2024-30085 (Part 02)” this 91-page technical guide offers a comprehensive roadmap for vulnerability exploitation:

exploitreversing.com/2026/03/31/e...

#exploit #exploitation

2 weeks ago 2 1 0 0

Exploiting Reversing (ER) series: article 06 | A Deep Dive Into Exploiting a Minifilter Driver (N-day) I am excited to release the extended version of the sixth article in the Exploiting Reversing Series (ERS). Titled “A Deep Dive Into Exploiting a Minifilter Driver (N-day)” this 296-pag…

Before dropping my next article (ERS_08), I’ve updated the ERS 06 article (rev C.1):

exploitreversing.com/2026/02/11/e...

This revision features a refined ALPC exploit with a new stage and an extended cleaner stage, ensuring a stable exit and preventing system crashes.

#exploitation

3 weeks ago 2 0 0 0

Malwoverview v8.0 (codename: Revolutions)

Malwoverview v8.0 (codename: Revolutions) has been released:

github.com/alexandrebor...

To install its complete version: pip install malwoverview[all]

#threathunting #malware #vulnerability #ai #informationsecurity #cybersecurity #cve

4 weeks ago 4 2 0 1

Exploiting Reversing (ER) series: article 07 | Exploitation Techniques | CVE-2024-30085 (part 01)

Exploiting Reversing (ER) series: article 07 | Exploitation Techniques | CVE-2024-30085 (part 01)

exploitreversing.com/2026/03/04/e...

Enjoy your reading and have an excellent day.

#exploit #vulnerability #cve #exploitation #infosec #informationsecurity #windows

1 month ago 1 1 0 0

I am excited to release the extended version of the sixth article in the Exploiting Reversing Series (ERS). Titled "A Deep Dive Into Exploiting a Minifilter Driver (N-day)" this 293-page deep dive offers a comprehensive roadmap for vulnerability exploitation:

exploitreversing.com/2026/02/11/e...

2 months ago 0 1 0 0

The sixth article in the Exploiting Reversing Series (ERS), "A Deep Dive Into Exploiting a Minifilter Driver (N-day)", a 251-page article provides a comprehensive look at a past vulnerability in a mini-filter driver, is available:

exploitreversing.com/2026/02/11/e...

#exploit #vulnerability

2 months ago 2 1 0 0

Decompiler Internals: Microcode YouTube video by Black Hat

This presentation remains the go-to reference for learning the inner workings of the IDA Pro Hex-Rays decompiler:

(video) www.youtube.com/watch?v=T-Yk...

(article) i.blackhat.com/us-18/Thu-Au...

#decompiler #reverseengineer #informationsecurity #cybersecurity

2 months ago 1 2 0 0

[Cryptodev-linux] Page-level UAF exploitation IntroductionIn november 2025 I started a fuzzing campaign against cryptodev-linux as part of a school project. I found +10 bugs (UAF, NULL pointer dereferences and integer overflows) and among all of

[Cryptodev-linux] Page-level UAF exploitation:

nasm.re/posts/crypto...

#linux #cybersecurity #informationsecurity #uaf #exploitation #vulnerability

2 months ago 0 0 0 0

TP-Link ER605 DDNS Pre-Auth RCE: Chaining CVE-2024-5242, CVE-2024-5243, CVE-2024-5244

TP-Link ER605 DDNS Pre-Auth RCE: Chaining CVE-2024-5242, CVE-2024-5243, CVE-2024-5244:

oobs.io/posts/er605-...

#exploit #vulnerability #rce #informationsecurity #cybersecurity #infosec

2 months ago 0 0 0 0

Before Vegas: The “Red Hackers” Who Shaped China’s Cyber Ecosystem

Before Vegas: The “Red Hackers” Who Shaped China’s Cyber Ecosystem:

ethz.ch/content/dam/...

#cybersecurity #redteam #informationsecurity #threathunting #exploitation #infosec

2 months ago 0 0 0 0

Malwoverview 7.0

Malwoverview 7.0 has been released:

github.com/alexandrebor...

This version introduces a new vulnerability-focused approach, and the first feature is NIST support, which allows listing and searching for registered vulnerabilities.

#vulnerabilities #cve #cybersecurity #informationsecurity

3 months ago 0 1 0 0

Malwoverview 7.0

Malwoverview 7.0 has been released:

github.com/alexandrebor...

This version introduces a new vulnerability-focused approach, and the first feature is NIST support, which allows listing and searching for registered vulnerabilities.

#vulnerabilities #cve #cybersecurity #informationsecurity

3 months ago 0 1 0 0

Phantom Grid

Phantom Grid:

Phantom Grid is an enterprise-grade, kernel-level active defense system that transforms Linux servers into a controlled, deceptive attack surface.

github.com/haidang-info...

#kernel #linux #honeypot #informationsecurity #cybersecurity #defense #ebpf

3 months ago 1 0 0 0

Achieving remote code execution in LangSmith Playground using unsafe template formatting

Achieving remote code execution in LangSmith Playground using unsafe template formatting:

lab.ctbb.show/research/lan...

#webapp #exploit #exploitation #infosec #informationsecurity #cybersecurity #ai

3 months ago 0 0 0 0

Dangling pointers, fragile memory – from an undisclosed vulnerability to a Pixel 9 Pro escalation

Dangling pointers, fragile memory – from an undisclosed vulnerability to a Pixel 9 Pro escalation:

dawnslab.jd.com/Pixel_9_Pro_...

#android #vulnerability #eop #cybersecurity #infosec #informationsecurity #cve

3 months ago 0 0 0 0

CVE-2025-32432: Craft CMS RCE Vulnerability Explained - OPSWAT Learn about CVE-2025-32432 in Craft CMS—how the remote code execution vulnerability works, affected versions, exploitation details, and mitigation steps.

CVE-2025-32432: Unauthenticated Remote Code Execution in Craft CMS:

www.opswat.com/blog/cve-202...

#exploitation #cms #vulnerability #cybersecurity #informationsecurity #cve

3 months ago 0 0 0 0

Blind trust: what is hidden behind the process of creating your PDF file? Every day, thousands of web services generate PDF (Portable Document Format) files—bills, contracts, reports. This step is often treated as a technical routine, “just convert the HTML,” but in practic...

Blind trust: what is hidden behind the process of creating your PDF file?

swarm.ptsecurity.com/blind-trust-...

#vulnerability #cve #exploitation #infosec

3 months ago 8 5 0 0

MongoBleed explained simply

MongoBleed explained simply:

bigdata.2minutestreaming.com/p/mongobleed...

#exploit #exploitation #cve #vulnerability #mongodb #informationsecurity #infosec

3 months ago 0 0 0 0

From Coverage to Causes: Data-Centric Fuzzing for JavaScript Engines:

(paper) arxiv.org/pdf/2512.18102
(project) github.com/KKGanguly/Da...

#fuzzing #vulnerability #javascript #exploitation #llm

3 months ago 0 0 0 0

Callback hell: abusing callbacks, tail-calls, and proxy frames to obfuscate the stack:

klezvirus.github.io/posts/Callba...

#cybersecurity #infosec #windows #reverseengineering #programming