clearbluejar

@clearbluejar@infosec.exchange
188 Followers
42 Following
112 Posts
Write | Code | Learn | Repeat | #InfoSec mostly...
twitterhttps://twitter.com/clearbluejar
bloghttps://clearbluejar.github.io/
clearbluejarMay 6

New blog post! 🚀 Learn how to leverage a Ghidra AI assisted workflow by integrating local LLMs using GhidraMCP, Ollama, and OpenWebUI.

Read more here:

https://medium.com/@clearbluejar/supercharging-ghidra-using-local-llms-with-ghidramcp-via-ollama-and-openweb-ui-794cef02ecf7

Supercharging Ghidra: Using Local LLMs with GhidraMCP via Ollama and OpenWeb-UI

Reverse engineering binaries often resembles digital archaeology: excavating layers of compiled code, interpreting obscured logic, and painstakingly naming countless functions and variables. While…

Medium
clearbluejarApr 28

New #ghidriff release! v0.9.0

- Set custom analysis options
- Set custom base address (bootloaders, etc)

https://github.com/clearbluejar/ghidriff/releases/tag/v0.9.0

Release v0.9.0 - Program Options Support · clearbluejar/ghidriff

What's Changed Use hash tables for FullName:Param matching in SimpleDiff by @v-p-b in #107 Support custom base address + program options by @clearbluejar in #113 New Contributors @v-p-b made the...

GitHub
clearbluejarApr 14
ReconApr 14
Recon CFP ends in less than 2 weeks on April 28. Prices for the training and conference increase on May 1st. Register now to save with early bird price. We have already announced a few talks and workshops, and more videos from last year have been released. https://recon.cx #reverseengineering #cybersecurity #offensivesecurity #hardwarehacking @hackingump1 @mr_phrazer @nicolodev @SinSinology @hunterbr72 @clearbluejar @phLaul @oryair1999 @hookgab @TheQueenofELF @So11Deo6loria @i0n1c @pedrib1337 @MalachiJonesPhD @Pat_Ventuzelo @KB_Intel @pinkflawd @Reverse_Tactics @OnlyTheDuck @t0nvi @drch40s @BrunoPujos @mhoste1 @andreyknvl @texplained_RE @jsmnsr @pulsoid @SpecterDev @richinseattle @yarden_shafir @aionescu @hackerschoice @SinSinology @sergeybratus @SpecterOps @oryair1999 @phLaul @trailofbits @HexRaysSA @nostarch
REcon - Home

REcon # Montreal Security Conference # Reverse Engineering Training

clearbluejarApr 1
Wrapped up an incredible time teaching #PatchDiffingInTheDark in Austin, TX with
@_ringzer0
! The city didn’t disappoint—amazing food, friendly people, and my first autonomous vehicle ride!🤖 🚗✨ #waymo
clearbluejarMar 16
#EverydayGhidra virtual course with
@_ringzer0
just wrapped up! 😅 Huge shoutout to my stellar students 🤓 who crushed a jam-packed CTF. Next stop: Austin, TX for my in-person #PatchDiffingInTheDark course next week. See you at #Bootstrap25 Conference next weekend! 🤠🎯
clearbluejarFeb 28
"Running #Ghidra on the same platform as the binaries you’re analyzing isn’t just convenient — it’s strategic."
https://medium.com/@clearbluejar/everyday-ghidra-how-platform-choice-influences-ghidras-binary-analysis-76c40db0e407
Everyday Ghidra: How Platform Choice Influences Ghidra’s Binary Analysis

In the dynamic world of reverse engineering, where you run your tools can be just as critical as how you run them. Ghidra, the NSA’s powerful open-source software reverse engineering (SRE) suite, is…

Medium
clearbluejarFeb 14

One more this week!

#CVE-2025-21418 2025-Feb Windows Ancillary Function Driver for WinSock 7.8 EoP Heap-based Buffer Overflow

This time in AfdAccept... 🧐
https://gist.github.com/clearbluejar/9c33282f3c579cbc00fa80791a0cb77e

Side by side: https://diffpreview.github.io/?9c33282f3c579cbc00fa80791a0cb77e 👀

#patchdiffinginthedark #Ghidra

CVE-2025-21418 2025-02-11 Windows Ancillary Function Driver for WinSock 7.8 Elevation of Privilege Heap-based Buffer Overflow

CVE-2025-21418 2025-02-11 Windows Ancillary Function Driver for WinSock 7.8 Elevation of Privilege Heap-based Buffer Overflow - afd.sys.x64.10.0.14393.7693-afd.sys.x64.10.0.14393.7785.ghidriff.md

Gist
clearbluejarFeb 12

Just released #ghidriff v0.8.0 - Ghidra 11.3 Support + PyGhidra 🔥👀

This release uses the latest PyGhidra now officially supported by Ghidra 🤓💪

https://github.com/clearbluejar/ghidriff/releases/tag/v0.8.0

🔋 included!

Show threadclearbluejarFeb 7
The new check previously checked for a null value, but now the free will only be called if the buffer was used based on the result of the RndisDevHostSetBuffers API 🤓
Show threadclearbluejarFeb 7
A new check was introduced to protect a call to a function that eventually calls free...