frontpage.

Over the past few months I manually emulated 94 legacy remote tool builder applications (often used to create unauthorized remote control frameworks during the 2000s–2010s) inside isolated QEMU sandboxes.

Each builder was used to generate a unique binary sample. I then:

    Wrote one variant-specific YARA rule per builder output

    Extracted PE metadata (sections, timestamps, entropy, IAT)

    Captured static capability signatures with CAPA

    Logged obfuscation artifacts via Detect It Easy (DIE)

    Committed everything granularly (1.1k commits) for traceability

The focus is not generic detection — it’s forensic fingerprinting of distinct builder families.

All samples were sandbox-generated (not recycled from VT or hybrid analysis). For ethical reasons, I do not share raw binaries, but I do provide structural hashes and extracted metadata.

The repo includes full documentation, including my QEMU workflow, rule methodology, and internal hash policy.

Repo link: https://github.com/GokbakarE/RuleSetRAT

I’m currently 15. Feedback from RE researchers and signature writers is welcome — especially if you’ve dealt with old tooling or variant detection in the wild.

Show HN: DeSync – Decentralized Economic Realm with Blockchain-Based Governance

Automatic Programming Returns

Why Are There Still So Many Jobs? The History and Future of Workplace Automation [pdf]

The Search Engine Map

Show HN: Souls.directory – SOUL.md templates for AI agent personalities

Real-Time ETL for Enterprise-Grade Data Integration

Economics Puzzle Leads to a New Understanding of a Fundamental Law of Physics

Switzerland's Extraordinary Medieval Library

A new comet was just discovered. Will it be visible in broad daylight?

ESR: Comes the news that Anthropic has vibecoded a C compiler

Frisco residents divided over H-1B visas, 'Indian takeover' at council meeting

If CNN Covered Star Wars

Show HN: I built the first tool to configure VPSs without commands

AI agents from 4 labs predicting the Super Bowl via prediction market

EU bans infinite scroll and autoplay in TikTok case

Benchmarking how well LLMs can play FizzBuzz

Why I Joined OpenAI

Octave GTM MCP Server

Show HN: Portview what's on your ports (diagnostic-first, single binary, Linux)

Voyager CEO says space data center cooling problem still needs to be solved

Boilerplate Tax – Ranking popular programming languages by density

Zen: A Browser You Can Love

My GPT-5.3-Codex Review: Full Autonomy Has Arrived

Show HN: FastLog: 1.4 GB/s text file analyzer with AVX2 SIMD

God said it (song lyrics) [pdf]

I left Linus Tech Tips [video]

Program Theory

Show HN: Local DNA analysis skill for OpenClaw

Ask HN: Non-profit, volunteers run org needs CRM. Is Odoo Community a good sol.?

WiFi Could Become an Invisible Mass Surveillance System

Reverse engineered 90 legacy builder tools – created a YARA corpus