Ghidralib development continues: py3 support, binary/asm patching, and symbolic propagation: I also write docs for people who want to try it. Newest chapter: emulation #ghidra #reverseengineering

@fles_on No worries, it was easy to miss. Actually I forgot it was there and almost uploaded it for the second time. I hope it's useful. As for the band, hard question. Probably "Death" (the Chuck Schuldiner's band).

@fles_on Sure! It's already there: (This is a small example binary with that obfuscation recreated, I can't share the original sample)

🚀Excited to announce ghidralib - a library that makes #Ghidra scripts drastically shorter and easier to write. I've been using it daily for #reverseengineering and decided it’s time to share! Check it out: And the docs: #infosec

Hi #Ghidra users. I've created a quick search/command palette/launcher plugin called "Ctrl+P". You can search for functions, labels, data, bookmarks, focus windows, launch scripts and trigger available action. #reversing #reverseengineering #infosec

RT @CERT_Polska: 🚨 Uwaga na fałszywe reklamy na dużych platformach internetowych! Oszuści nadal skutecznie omijają mechanizmy weryfikacji,…

@jciesz @PrzJar @MagdalenaGawin1 @kultura_gov_pl "skoro się pan na to zgodził, to chyba czuł pan, że są nie halo, prawda?" - jestem pod wrażeniem. A: oddaj mi swój portfel albo dostaniesz! B: [oddaje] A: "skoro oddałeś portfel to chyba czułeś potrzebę podzielenia się, prawda?"

RT @gynvael: [PL] Oprócz Paged Out!, wypuściliśmy dzisiaj też wywiad z 𝗣𝗼𝗹𝗮𝗻𝗱 𝗖𝗮𝗻 𝗜𝗻𝘁𝗼 𝗦𝗽𝗮𝗰𝗲, tj. (@p4_team + @DragonSectorCTF + przyjaciel…

@PELock Thanks! Yeah, I'm quite happy with it. IMO it's more robust than the technique Checkpoint used (. DotRunpeX may be a state of the art .NET protector, but it's very hard for packers/protectors to evade dynamic analysis.

Slides (PL) from my yesterday's presentation at @OMHconf #ohmyhack are here: I've talked a bit about my recent research about stealers in a - hopefully - approachable way.

I had the pleasure to conduct a 1.5 day #workshop about Threat Intel Pipelines and CTI to a room full of security experts during the #ITU Interregional #Cyberdrill for Europe and Asia-Pacific. I hope everyone had fun and maybe see you at the next Cyberdrill.

@1devlife No worries :). I time allows, I'll try to publish my writeups from my solutions when this Flare-On ends. Other than that I don't have any good resources to point to.

@1devlife I oversimplified a bit (blame X word limit) - I also used x86dbg (and Python) for dynamic stuff and verifying my theses. My main point was: no Ida and other paid software. And only Ghidra for decompilation (worked surprisingly nice, even decompiled things Ida had problems with)

@6502_ftw 40% the built-in debugger, 60% a small wrapper ( around I manually disasmed the important functions to a .txt file using that and it was easy to fill the missing pieces using dbg. It was one of the nicer challenge, thanks!p

RT @virusbtn: CERT Poland's Jarosław Jedynak has posted a detailed and technical description of the XWorm analysis process, including the u…

I wrote a detailed writeup about #XWorm #Malware reverse-engineering. The stealer itself is nothing fancy, but check it out if you're interested in dissecting malware step by step. And if not, hey I share some code and IoCs too.

RT @CERT_Polska_en: Better documentation, YARA scanning limitation, easier scaling, better user roles. Those are only some of the changes i…