clearbluejar

@[email protected]
208 Followers
43 Following
119 Posts
Security Researcher | Founder @clearseclabs |
Author of #ghidriff | Agentic #PatchDiffing |
Stuck in a loop: Build • Reverse • Learn • Share
twitterhttps://twitter.com/clearbluejar
bloghttps://clearbluejar.github.io/
clearbluejarFeb 4
Rick OFeb 4

I've been actively avoiding using generative AI tools. After a recent conversation with some friends about their positive experiences with AI tools, I walked away feeling a bit grumpy. After some reflection, I came to the realization that I was afraid of AI tools. But then after writing down all the reasons I was afraid of AI tools, I discovered I'm actually afraid of something else.

https://www.richardosgood.com/posts/am-i-afraid-of-ai/

Am I Afraid of AI?

Am I Afraid of AI?I'm not afraid AI is going to take over the world and enslave us all. But recently I realized that I'm afraid to use AI tools. And I'm simultaneously afraid I'm missing the boat. I h…

Am I Afraid of AI?
clearbluejarFeb 3

Patch diffing + RCA for clfs.sys can take awhile.

I gave the diff + binary to a local LLM.

It mapped the UAF path, race condition, all IOCTLs in <20 min

LLMs don't replace the work, they are momentum.

New blog post following the UAF trail of CVE-2025-29824:

https://clearbluejar.github.io/posts/how-llms-feed-your-re-habit-following-the-uaf-trail-in-clfs/

How LLMs Feed Your RE Habit: Following the Use-After-Free Trail in CLFS

Dive into how LLMs and pyghidra-mcp accelerate reverse engineering by tracing a UAF vulnerability in CLFS through a patch diff.

clearbluejar
clearbluejarAug 19, 2025
Clément LabroAug 19, 2025

🆕 PrivescCheck update!

New features:
- NTLM downgrade detection - Base
- Named Kernel device DACL check - Extended
- DPAPI enumeration rewritten (similar to WinPEAS implementation) - Extended
- BIOS install/update date check - Audit
- ClickOnce trust prompt behavior check - Audit

Note that PrivescCheck remains my main project. As such it is the only one I actively maintain (feature dev, bug fixing). :)

clearbluejarAug 19, 2025

new blog post, new tool 👀

Unlock project-wide, multi-binary analysis with pyghidra-mcp, a headless Ghidra MCP server for automated, LLM-assisted reverse engineering.

https://clearbluejar.github.io/posts/pyghidra-mcp-headless-ghidra-mcp-server-for-project-wide-multi-binary-analysis/

pyghidra-mcp: Headless Ghidra MCP Server for Project-Wide, Multi-Binary Analysis

Unlock project-wide, multi-binary analysis with pyghidra-mcp, a headless Ghidra MCP server for automated, LLM-assisted reverse engineering.

clearbluejar
clearbluejarAug 17, 2025
Been testing local LLM tool calling with openai/gpt-oss-20b (even at 4-bit) using pyghidra-mcp. It made 22 tool calls in a one-shot run to analyze multiple binaries and traced the call chain from user-mode through kernelbase.dll to the final syscall in ntdll! 🤯
clearbluejarAug 14, 2025

📢 Incoming release: pyghidra‑mcp

🛠️ Meet your new RE best friend. Harness frontier models or a local gpt-oss-20b llm brain to power Ghidra multi‑binary, project‑wide analysis. You’ll be slicing through code like butter 🧈😆

ETA: imminent. Keep your shells warm 🔥🐙⚡🐉

clearbluejarMay 6, 2025

New blog post! 🚀 Learn how to leverage a Ghidra AI assisted workflow by integrating local LLMs using GhidraMCP, Ollama, and OpenWebUI.

Read more here:

https://medium.com/@clearbluejar/supercharging-ghidra-using-local-llms-with-ghidramcp-via-ollama-and-openweb-ui-794cef02ecf7

Supercharging Ghidra: Using Local LLMs with GhidraMCP via Ollama and OpenWeb-UI

Reverse engineering binaries often resembles digital archaeology: excavating layers of compiled code, interpreting obscured logic, and painstakingly naming countless functions and variables. While…

Medium
clearbluejarApr 28, 2025

New #ghidriff release! v0.9.0

- Set custom analysis options
- Set custom base address (bootloaders, etc)

https://github.com/clearbluejar/ghidriff/releases/tag/v0.9.0

Release v0.9.0 - Program Options Support · clearbluejar/ghidriff

What's Changed Use hash tables for FullName:Param matching in SimpleDiff by @v-p-b in #107 Support custom base address + program options by @clearbluejar in #113 New Contributors @v-p-b made the...

GitHub
clearbluejarApr 14, 2025
ReconApr 14, 2025
Recon CFP ends in less than 2 weeks on April 28. Prices for the training and conference increase on May 1st. Register now to save with early bird price. We have already announced a few talks and workshops, and more videos from last year have been released. https://recon.cx #reverseengineering #cybersecurity #offensivesecurity #hardwarehacking @hackingump1 @mr_phrazer @nicolodev @SinSinology @hunterbr72 @clearbluejar @phLaul @oryair1999 @hookgab @TheQueenofELF @So11Deo6loria @i0n1c @pedrib1337 @MalachiJonesPhD @Pat_Ventuzelo @KB_Intel @pinkflawd @Reverse_Tactics @OnlyTheDuck @t0nvi @drch40s @BrunoPujos @mhoste1 @andreyknvl @texplained_RE @jsmnsr @pulsoid @SpecterDev @richinseattle @yarden_shafir @aionescu @hackerschoice @SinSinology @sergeybratus @SpecterOps @oryair1999 @phLaul @trailofbits @HexRaysSA @nostarch
REcon - Home

REcon # Montreal Security Conference # Reverse Engineering Training

clearbluejarApr 1, 2025
Wrapped up an incredible time teaching #PatchDiffingInTheDark in Austin, TX with
@_ringzer0
! The city didn’t disappoint—amazing food, friendly people, and my first autonomous vehicle ride!🤖 🚗✨ #waymo