brk, a.k.a. @evanrichter

@[email protected]
124 Followers
286 Following
1.9K Posts
Security, Rust, Reverse Engineering, CTF with PwnFirstSearch
githubhttps://github.com/evanrichter
bird@evanrichter
CTFbigrick
brk, a.k.a. @evanrichter3d ago
Max B3d ago

Inlining: the hard parts

https://bernsteinbear.com/blog/inlining-heuristics/

A survey of inlining heuristics

Compilers, especially method just-in-time compilers, operate on one function at a time. It is a natural code unit size, especially for a dynamic language JIT: at a given point in time, what more information can you gather about other parts of a running, changing system?

Max Bernstein
brk, a.k.a. @evanrichterMay 29
Hard to believe that a granola company turned into a prediction market
brk, a.k.a. @evanrichterMay 28
Kevin BeaumontMay 28

Iโ€™m deeply uncomfortable with Microsoft attempting to weaponise their extensive law enforcement contacts to arrest people who post zero days in the products.

It comes after the researcher was kicked off GitHub (owned by Microsoft), Gitlab (a Microsoft partner), after they were doxxed on Twitter and had their MSRC - Microsoft vulnerability reporting portal - account disabled.

https://www.microsoft.com/en-us/msrc/blog/2026/05/a-shared-responsibility-protecting-customers-through-coordinated-vulnerability-disclosure

brk, a.k.a. @evanrichterMay 22
NikiMay 22
Wait guys you were still using Google?
brk, a.k.a. @evanrichterMay 20
mahalozMay 20

For years, Rust binaries made reversing a nightmare. Modern decompilers only support C, lacking meaningful types, constructs, and language-specific functions. Led by @34r7hm4n, we're releasing our S&P work Oxidizer, the first deep Rust decompiler, built on angr!

Interested? ๐Ÿงต๐Ÿ‘‡

brk, a.k.a. @evanrichterMay 15
Ben 'epi' RisherMay 15

after a few years of building, feroxbuster-pro is live!

i always knew it could be better. some early design decisions made things like adaptive scans impossible. feroxbuster-pro is built on feroxfuzz, which was always the foundation i needed to take it further.

highlights:
- semantic javascript analysis (not just regex)
- expanded endpoint extractors
- per-URL discovery provenance
- tiered wordlists
- adapts to live target behavior
- scan diffing

one-time payment for a lifetime license

https://feroxbuster.pro

Feroxbuster Pro - Professional Content Discovery

Professional content discovery tool for security professionals. 3-5x faster, 70% lower memory, advanced extraction, and intelligent heuristics.

Feroxbuster Pro
brk, a.k.a. @evanrichterMay 10
jnpnMay 9

You can now use paredit to edit rust code

https://github.com/ThatXliner/rust-but-lisp

#lisp #sexp #rust #plt #cs

GitHub - ThatXliner/rust-but-lisp: Rust but LISP

Rust but LISP. Contribute to ThatXliner/rust-but-lisp development by creating an account on GitHub.

GitHub
brk, a.k.a. @evanrichterMay 3
74ใƒŸ [angelspit]May 2
friends don't send friends links with unnecessary query parameters
brk, a.k.a. @evanrichterApr 29
Advanced Fuzzing LeagueApr 29
Blog post on understanding and mastering coverage analysis is out: https://srlabs.de/blog/coverage-analysis
Fuzzing Made Easy #8: How to perform coverage analysis - SRLabs Research

Coverage analysis is an essential step for a successful fuzzing campaign, to identify uncovered code regions and change the campaign to reach them.

SRLabs
brk, a.k.a. @evanrichterApr 24
Damien CauquilApr 24

Hey fellow hackers and CTF players and cybersecurity enthusiasts, wanna participate in a small experiment?

I created a small CTF task designed to be solved with AI and I need to collect as much feedback as possible to determine if the core principles I used to create it are relevant.

For now, a few people I know already solved it but I definitely need more people to test it so I made it public:

https://virtualabs.fr/ctfai/

Try it, solve it, and send feedback! ๐Ÿ˜

CTF Task Experiment