| Website | https://hnsecurity.it |
| https://www.linkedin.com/company/hnsecurity | |
| https://twitter.com/hnsec |
Just shipped updates for rhabdomancer, haruspex, and augur. Now compatible with @HexRaysSA IDA 9.3 and @xorpse's idalib-rs 8.0.
These headless #IDA plugins are built for #VulnerabilityResearch workflows where you want IDA's power without the GUI. This release brings a bunch of small improvements and bug fixes.
While waiting for the upcoming release of #IDAPro 9.3 by @HexRaysSA, I have made some updates and bug fixes to my idalib-based headless IDA #plugins rhabdomancer, haruspex, and augur.
Check out the changelogs for all the details and enjoy!
This is my experience with LLMs. To paraphrase @apps3c “sometimes you just need to ask nicely”
https://hnsecurity.it/blog/attacking-genai-applications-and-llms-sometimes-all-it-takes-is-to-ask-nicely/
https://mastodon.cloud/@slashdot/115742100395423331
The ninth article of the series "Extending Burp Suite for fun and profit - The Montoya way" is out! The topics of this ninth part is "Custom scan checks - An improved quick way to extend Burp Suite Active and Passive Scanner"!
https://hnsecurity.it/blog/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-9/
In this latest article in our long-running series on #BurpSuite #Extension #Development, @apps3c illustrates how to extend the Active and Passive Scanner in your favorite #WebApplication #PenetrationTesting tool with Custom Scan Checks:
https://hnsecurity.it/blog/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-9/
Check it out!
Hey developers and vulnerability researchers!
I'm currently working on improving my #Semgrep ruleset for C/C++ static code analysis, and I've just published the new v1.1.0 release: https://github.com/0xdea/semgrep-rules
Some notable changes since the previous battle-tested release: new rules for detecting high-entropy assignments and ReDoS vulnerabilities, numerous enhancements to existing rules, reduced false positives without sacrificing coverage, optimized patterns across the board, and overall better documentation. Check the changelog for the full list (yes, there’s a changelog now).
Please test it inside and out, and feel free to open issues or submit pull requests. Your feedback is invaluable and will help shape the project roadmap. I'm aiming for a major release sometime before spring.
Our senior security analyst @[email protected] has published a follow-up to his popular #Groovy Template Engine #Exploitation writeup:
https://hnsecurity.it/blog/groovy-template-engine-exploitation-part-2/
Check out some new practical exploitation tricks that he figured out while working on a real-world scenario.
I released an updated version of Brida (0.6), fully compatible with Frida >= 17! You can download the new release from GitHub and soon from the Burp Suite BAppStore.
#Brida 0.6 is here! The bridge between #BurpSuite and #Frida is now fully compatible with Frida 17+.
As of this release, Brida 0.6 supports only Frida 17 and later. For users who still rely on older Frida versions, Brida 0.6pre remains available on GitHub.
Get the latest release here:
https://hnsecurity.it/blog/brida-0-6-released/
Coming soon to the PortSwigger BApp Store (pending approval).
Kudos to our @apps3c for keeping this essential integration tool up to date with Frida's fast-evolving ecosystem!
We've just published "Streamlining Vulnerability Research with the idalib Rust Bindings for IDA 9.2" by @raptor, now live on our freshly restyled blog:
Originally featured last week as a guest post on the @HexRaysSA blog, this article shows how Marco's headless #IDA plugins written in #Rust can be used to scale up #vulnerability research and uncover real-world security issues efficiently.
If you’re into reverse engineering, automation, or vulnerability discovery, this one's a must-read! 💻 🦀
raptor 
Federico Dotta
