gentlemen-decryptor: First-ever decryptor for The Gentlemen ransomware — recovers encryption keys from process memory dumps using X25519 ephemeral key extraction. 35/35 files decrypted.

nuitka-static-unpacker: Nuitka Static Unpacker — a static-first research tool for analyzing Nuitka-compiled binaries (constants/module extraction, .pyc recovery, reports).

StegoForge: steganography and digital forensics toolkit. Hide and extract data across images, audio, video, documents, and network packets, or run 11 detection engines to uncover hidden payloads.

claude-code-backdoor: Backdooring Claude Code via hooks in settings.json. Authorized use only!

PSI_BOF: A BOF designed to inspect processes memory and addresses

Launch WSL Applications from Windows with WslLaunch

Atomic BOFs

ohmypcap: A standalone web application for analyzing PCAP files using Suricata

KernelToUserInjector: Sample code that demonstrates code injection from kernel-mode into a user-land process using user-mode APC

MOVEit WAF Critical Security Bulletin – April 2026 – (CVE-2026-3517, CVE-2026-3518, CVE-2026-3519, CVE-2026-4048, CVE-2026-21876)

auditd rules - v0.2.0 - The goal of audit.rules is to collect broad, attributable, reusable host telemetry. It should not try to encode every suspicious binary, shell, admin tool, or attacker workflow

Tropic Trooper Reloaded: Unraveling the Invisible Supply Chain Mystery

Bitwarden Statement on Checkmarx Supply Chain Incident

Inside Lazarus: How North Korea uses AI to industrialize attacks on developers

Shai-Hulud: The Third Coming — Bitwarden CLI Backdoored in Latest Supply Chain Campaign

Foxit Impersonation: Fake PDF Installer Deploys VNC Malware

CVE-2026-34159: Exploiting llama.cpp’s RPC Server - From Null Buffer to RCE Against PIE + Full RELRO + NX

zig-pe: Reflective PE loader written in Zig. Loads and executes native and .NET PE files directly from memory.

FAQs on Recent Updates to FCC Covered List Regarding Routers Produced in Foreign Countries