Matthew GarrettIt's been the sort of day where I discover that I have a surprisingly useful ability to intuit fields in headers that are probably uuids and figure out what this structure is as a result
Did you know that you can impress people by just pasting some bytes into github search and then saying "Ah yes that's an EFI-spec RSA2048-SHA256 signature" (you do not need to do the github bit in front of them)
Anyway simply mechanically copying potentially interesting looking sequences of bytes into search engines is an incredibly underrated part of reverse engineering work
Trammell Hudson@mjg59 although you do have to wonder if any vendors are using Mulliner's Canary Tokens to detect reverse engineering https://www.mulliner.org/blog/blosxom.cgi/security/re_canary.html
veetee@th hmmm...
DNS canary + URL in .Data = early warning system?
https://docs.canarytokens.org/guide/dns-token.html
just need a version that can work on a subdomain
@vt52 @mjg59 in their talk the author mentions many techniques for creating reverse engineering canaries, including buying ads for the token strings. They would be cheap since the canaries are made up. https://www.mulliner.org/collin/publications/Detecting_Reverse_Engineering_with_Canaries_CanSecWest2018.pdf