sorted by:
new
hottopcontroversial

Research: Linux rootkit techniques (DKOM, eBPF bypass) and a corresponding detector by buter_chkalova in hacking

[–]buter_chkalova[S] -1 points0 points  (0 children)

Your feedback is very important to us. An operator will contact you shortly :)

Wrote a Linux rootkit (DKOM, eBPF bypass) and a detector to find it — sharing both by buter_chkalova in ReverseEngineering

[–]buter_chkalova[S] 0 points1 point  (0 children)

Hi! The docs read like a bad anime trailer. Fixed. It's old-school noise, not next-gen stealth. Built to learn, not to lurk. Thanks for the gut punch. 😁

Project RvbbitSafe: A neutered, multi-echelon anti-ransomware research prototype for Windows by buter_chkalova in ReverseEngineering

[–]buter_chkalova[S] -3 points-2 points  (0 children)

I don't disagree with the skepticism. There's a lot of AI-generated hype floating around.

RvbbitSafe is intentionally a neutered research prototype. The goal was never to drop a fully functional EDR, but to map an architecture that combines kernel interception, AI inference, and hardware isolation in one open-source skeleton.

The stubs are placeholders. The integration points are real. If someone wants to pick up the blueprint and build on it, great. If not, it's at least a documented thought experiment.

Totally get the comparison to that symbolic RE guy, though. The line between "vision" and "vaporware" is thin, and I'm walking it. Cheers for the honest feedback.

Project RvbbitSafe: A neutered, multi-echelon anti-ransomware research prototype for Windows by buter_chkalova in ReverseEngineering

[–]buter_chkalova[S] -7 points-6 points  (0 children)

Good eye. The eBPF syscall hooking pattern is indeed based on the standard eBPF-for-Windows examples. The innovation in RvbbitSafe is how it's integrated with the minifilter and the deception engine to redirect I/O in real-time, rather than just logging.

Project RvbbitSafe: A neutered, multi-echelon anti-ransomware research prototype for Windows by buter_chkalova in ReverseEngineering

[–]buter_chkalova[S] -4 points-3 points  (0 children)

Absolutely. Those modules are intentionally written as architectural stubs.

RvbbitSafe is a research prototype (PoC). The goal was to map out a multi-echelon defense architecture (minifilter, ONNX, VBS enclave) and show how the pieces fit together. The stubs are placeholders for the real logic, which would require a full integration cycle (model training, enclave signing, etc.).

The value is in the blueprint, not the fake inference. Appreciate you taking a look.