As promised, here are my #BinaryRefinery solutions of #FlareOn10. Didn't quite refine them all, but there might be a nugget or two if you like static analysis:

https://github.com/binref/refinery/blob/master/tutorials/tbr-files.v0x08.flare.on.10.ipynb

I'm excited to announce that I'll be presenting my talk, "Unveiling Secrets in Binaries using Code Detection Strategies" at REcon Montreal 2023 (@recon)! This talk explores the challenges reverse engineers face when navigating large, unknown binaries and introduces a range of efficient, architecture-agnostic heuristics for quickly detecting key code locations in real-world applications.

During the presentation, I'll demonstrate how these innovative heuristics can identify cryptographic algorithms, complex state machines in firmware, and string decryption routines in malware. Additionally, we'll delve into detecting API functions in statically-linked executables and uncovering obfuscated code in commercial applications. These powerful techniques are based on code complexity metrics and statistical analysis, making them applicable to a wide array of reverse engineering scenarios.

For those interested in diving deeper into the world of software protection and how to break them, I'll also be conducting a hands-on training session on "Software Deobfuscation Techniques." More details and sign-up information for the training can be found here: https://recon.cx/2023/trainingSoftwareDeobfuscationTechniques.html

Check out the full details of my talk at the conference page: https://recon.cx/2023/presentations.html and stay tuned for more updates coming soon!

#reverseengineering #malware #malwareanalysis #softwaresecurity #REcon2023

I have written a brief article explaining how compilation units matching work in #Diaphora:

https://github.com/joxeankoret/diaphora/blob/master/doc/articles/compilation_units.md

New version of my #binaryninja to identify obfuscated code. Besides major performance improvements it includes a new heuristic to detect frequently called functions which identifies string decryption and API hashing routines in #malware.

Code: https://github.com/mrphrazer/obfuscation_detection

📢 In a recent report, Microsoft Digital Threat Analysis Center (DTAC) attributes a recent influence operation targeting French satirical magazine Charlie Hebdo to an Iranian nation-state actor, NEPTUNIUM.

💧 In January, a hacker group known as "Holy Souls" claimed to have obtained the personal information of over 200,000 Charlie Hebdo customers. They released a sample of the data, which included full names, telephone numbers, and email and home addresses, putting subscribers at risk of targeting by extremist organizations.

🛡️ To help against these influence operations, DTAC also released their Influence Attribution Framework. This tool helps organizations understand, attribute, and mitigate the impact of these operations. For more information on how the framework works, I've put together a simple infographic that summarizes its key components. 👇 #microsoft #threatintelligence #influence #infosec #cybersecurity #microsoftsecurity

📰 Report: https://lnkd.in/gwp7Aq9m

⚙ Framework: https://lnkd.in/gVuv6D8S