@larsborn has moved

@larsborn
2 Followers
76 Following
85 Posts
My new profile is at @larsborn
Websitehttps://www.wallenborn.net
Podcasthttps://armchairinvestigators.de
Reversing Classeshttps://mal.re
Show thread@larsborn has movedJan 2, 2024
I first stumbled upon this in the #Hellsing malware family but this rule is not characteristic to that family. It just makes sure that next time there's aPLib in something I'm analyzing, I save a ton of time.
Show thread@larsborn has movedJan 2, 2024

An easy way to speed up reverse engineering is to build up a repository of YARA rules covering benign algorithms.

This rule matches on aPLib, a compression algorithm on the more exotic side. It doesn't use assembly instructions or strings necessary to actually run the algorithm but merely a copyright string, version information, and authorship reference.

@larsborn has movedJan 2, 2024

```
rule APLib_Strings
{
strings:
$ = "aPLib v1.1.1 – the smaller the better :)"
$ = "Copyright (c) 1998-2014 Joergen Ibsen, All Rights Reserved."
$ = "More information: http://www.ibsensoftware.com/"
condition:
any of them
}
```

https://github.com/100DaysofYARA/2024/pull/5 #100DaysofYARA

Ibsen Software   [ home ]

Ibsen Software - the home of the aPLib compression library and the aPACK executable compressor.

@larsborn has movedJan 1, 2024
Super SheepJan 1, 2024
import "time" rule year_2024 { condition: time.now() >= 1704067200 }
#100DaysofYARA
@larsborn has movedDec 29, 2023
c3voc releasesDec 28, 2023
Breaking "DRM" in Polish trains has been released on media.ccc.de https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains
Breaking "DRM" in Polish trains

We've all been there: the trains you're servicing for a customer suddenly brick themselves and the manufacturer claims that's because you...

media.ccc.de
@larsborn has movedDec 26, 2023
On my way to #37c3. HMU if you want to meet and chat. I can offer malware reverse engineering, normal software forward engineering, salsa dancing, high school maths++, and podcasting as topics.
@larsborn has movedDec 24, 2023
David BuchananDec 18, 2023
I finally got around to explaining how I made this partial hash collision https://www.da.vidbuchanan.co.uk/blog/colliding-secure-hashes.html
Colliding Secure Hashes | Blog

@larsborn has movedDec 23, 2023

#ghidra 11.0 just dropped. BSim, Go, Rust, GhidraGo URLs... that's all well and good. But have you seen the anniversary video?! The dragon is munching!

https://www.youtube.com/watch?v=0rz5tg6LKcU

Ghidra's Fifth Anniversary: Revolutionizing Reverse Engineering

YouTube
@larsborn has movedDec 18, 2023
Hal 9000Dec 17, 2023

Does anyone know the contact details of someone on the "Open Source Team Endgeräte" at Telekom?

I would very much like to contact them regarding the GPL source code for the Telekom Speedport Pro router 😍

@larsborn has movedDec 16, 2023
[realhackhistory@home]#Dec 16, 2023
Top tier apes escape 🙈