ph0wnJun 17, 2025

Free workshop: ph0wn Labs #3

Nicolas Rouviรจre, of Ph0wn and SHL, will show you how to use Qiling in practice, for dynamic binary emulation.

Don't miss it! This is on-site only, at SHL, on June 19 at 7pm.

Venue:
Sophia Hack Lab
2323 Chem. de Saint-Bernard
Space Antipolis Batiment 9
06220 Vallauris - Sophia Antipolis, France

https://www.linkedin.com/feed/update/urn:li:activity:7339203932214181888

In 2024, Nicolas used Qiling to solve the Ph0wn CTF teaser. See how here:

https://github.com/ph0wn/writeups/blob/master/ph0wnmag/issue-02/04-teaser.md

#Qiling #binary #emulation #CTF #MIPS #SHL #ph0wn #lab #workshop

Stygian LizardOct 3, 2023
Getting back into #TheSoundoftheProvidence (thanks iQIYI) and I like this cast a lot better than the Lost Tomb 2. This #Qiling has EMOTIONS. He cares enough to ask about #WuXie! And he's super cute.๐Ÿ˜Œ Now if only this show would stop trying to kill the lot of them, that'd be great. This is only episode 3. Like, give my heart a break!
Hugo CaronNov 15, 2022

Finally, my research on Gracewire and a P2P malware that used the same VFS.

https://blog.codsec.com/posts/malware/gracewire_adventure/

https://github.com/y0ug/gracewire_research/

After so long, this took way more time than expected to compile my notes and scripts.

A lot of python scripts, some @qiling too

@[email protected] post https://www.msreverseengineering.com/blog/2021/3/2/an-exhaustively-analyzed-idb-for-flawedgrace was a saver, thank you.

#malware #malwareanalysis #threatintel #qiling #gracewire #flawedgrace

GraceWire / FlawedGrace malware adventure

This is some note about the Gracewire malware that I come across in last year during some investigation. Maybe this will help people who are working on it. Iโ€™ve documented the persistence mechanism and the recovery mechanism for the Virtual File System (aka the configuration) The persistence mechanism was well hidden beneath a lot of layers and allowed it to be fileless. They change the ComHandler of an existing Windows Task schedule.