frontpage.

Over the past few months I manually emulated 94 legacy remote tool builder applications (often used to create unauthorized remote control frameworks during the 2000s–2010s) inside isolated QEMU sandboxes.

Each builder was used to generate a unique binary sample. I then:

    Wrote one variant-specific YARA rule per builder output

    Extracted PE metadata (sections, timestamps, entropy, IAT)

    Captured static capability signatures with CAPA

    Logged obfuscation artifacts via Detect It Easy (DIE)

    Committed everything granularly (1.1k commits) for traceability

The focus is not generic detection — it’s forensic fingerprinting of distinct builder families.

All samples were sandbox-generated (not recycled from VT or hybrid analysis). For ethical reasons, I do not share raw binaries, but I do provide structural hashes and extracted metadata.

The repo includes full documentation, including my QEMU workflow, rule methodology, and internal hash policy.

Repo link: https://github.com/GokbakarE/RuleSetRAT

I’m currently 15. Feedback from RE researchers and signature writers is welcome — especially if you’ve dealt with old tooling or variant detection in the wild.

Sony BMG copy protection rootkit scandal

The Future of Systems

NASA now allowing astronauts to bring their smartphones on space missions

Claude Code Is the Inflection Point

Show HN: MicroClaw – Agentic AI Assistant for Telegram, Built in Rust

Show HN: Omni-BLAS – 4x faster matrix multiplication via Monte Carlo sampling

The AI-Ready Software Developer: Conclusion – Same Game, Different Dice

AI Agent Automates Google Stock Analysis from Financial Reports

Voxtral Realtime 4B Pure C Implementation

I Was Trapped in Chinese Mafia Crypto Slavery [video]

U.S. CBP Reported Employee Arrests (FY2020 – FYTD)

Show HN: I built a free UCP checker – see if AI agents can find your store

Show HN: SVGV – A Real-Time Vector Video Format for Budget Hardware

Study of 150 developers shows AI generated code no harder to maintain long term

Spotify now requires premium accounts for developer mode API access

When Albert Einstein Moved to Princeton

Agents.md as a Dark Signal

System time, clocks, and their syncing in macOS

McCLIM and 7GUIs – Part 1: The Counter

So whats the next word, then? Almost-no-math intro to transformer models

Ed Zitron: The Hater's Guide to Microsoft

UK infants ill after drinking contaminated baby formula of Nestle and Danone

Show HN: Android-based audio player for seniors – Homer Audio Player

Starter Template for Ory Kratos

LLMs are powerful, but enterprises are deterministic by nature

Make your iPad 3 a touchscreen for your computer

Internationalization and Localization in the Age of Agents

Building a Custom Clawdbot Workflow to Automate Website Creation

Why the "Taiwan Dome" won't survive a Chinese attack

Xkcd: Game AIs