clearbluejar

@[email protected]
208 Followers
43 Following
119 Posts
Security Researcher | Founder @clearseclabs |
Author of #ghidriff | Agentic #PatchDiffing |
Stuck in a loop: Build • Reverse • Learn • Share
twitterhttps://twitter.com/clearbluejar
bloghttps://clearbluejar.github.io/
clearbluejarAug 17, 2025
Been testing local LLM tool calling with openai/gpt-oss-20b (even at 4-bit) using pyghidra-mcp. It made 22 tool calls in a one-shot run to analyze multiple binaries and traced the call chain from user-mode through kernelbase.dll to the final syscall in ntdll! 🤯
clearbluejarAug 14, 2025

📢 Incoming release: pyghidra‑mcp

🛠️ Meet your new RE best friend. Harness frontier models or a local gpt-oss-20b llm brain to power Ghidra multi‑binary, project‑wide analysis. You’ll be slicing through code like butter 🧈😆

ETA: imminent. Keep your shells warm 🔥🐙⚡🐉

clearbluejarApr 28, 2025

New #ghidriff release! v0.9.0

- Set custom analysis options
- Set custom base address (bootloaders, etc)

https://github.com/clearbluejar/ghidriff/releases/tag/v0.9.0

Release v0.9.0 - Program Options Support · clearbluejar/ghidriff

What's Changed Use hash tables for FullName:Param matching in SimpleDiff by @v-p-b in #107 Support custom base address + program options by @clearbluejar in #113 New Contributors @v-p-b made the...

GitHub
clearbluejarApr 1, 2025
Wrapped up an incredible time teaching #PatchDiffingInTheDark in Austin, TX with
@_ringzer0
! The city didn’t disappoint—amazing food, friendly people, and my first autonomous vehicle ride!🤖 🚗✨ #waymo
clearbluejarMar 16, 2025
#EverydayGhidra virtual course with
@_ringzer0
just wrapped up! 😅 Huge shoutout to my stellar students 🤓 who crushed a jam-packed CTF. Next stop: Austin, TX for my in-person #PatchDiffingInTheDark course next week. See you at #Bootstrap25 Conference next weekend! 🤠🎯
clearbluejarFeb 14, 2025

One more this week!

#CVE-2025-21418 2025-Feb Windows Ancillary Function Driver for WinSock 7.8 EoP Heap-based Buffer Overflow

This time in AfdAccept... 🧐
https://gist.github.com/clearbluejar/9c33282f3c579cbc00fa80791a0cb77e

Side by side: https://diffpreview.github.io/?9c33282f3c579cbc00fa80791a0cb77e 👀

#patchdiffinginthedark #Ghidra

CVE-2025-21418 2025-02-11 Windows Ancillary Function Driver for WinSock 7.8 Elevation of Privilege Heap-based Buffer Overflow

CVE-2025-21418 2025-02-11 Windows Ancillary Function Driver for WinSock 7.8 Elevation of Privilege Heap-based Buffer Overflow - afd.sys.x64.10.0.14393.7693-afd.sys.x64.10.0.14393.7785.ghidriff.md

Gist
clearbluejarFeb 12, 2025

Just released #ghidriff v0.8.0 - Ghidra 11.3 Support + PyGhidra 🔥👀

This release uses the latest PyGhidra now officially supported by Ghidra 🤓💪

https://github.com/clearbluejar/ghidriff/releases/tag/v0.8.0

🔋 included!

Show threadclearbluejarFeb 7, 2025
The new check previously checked for a null value, but now the free will only be called if the buffer was used based on the result of the RndisDevHostSetBuffers API 🤓
Show threadclearbluejarFeb 7, 2025
A new check was introduced to protect a call to a function that eventually calls free...
Show threadclearbluejarFeb 7, 2025
An ideal diff... only one function changed!