Jesko HüttenhainSo #BinaryRefinery 0.8.25 is out with support for the latest Inno Setup installer files, but more importantly the repo has 4000 commits!!
| Website | https://www.wallenborn.net |
| Podcast | https://armchairinvestigators.de |
| Reversing Classes | https://mal.re |
larsborn
@larsborn@infosec.exchange
- 94 Followers
- 128 Following
- 105 Posts
Malware Analyst, Reverse Engineer, Software Developer, Mathematician, Teacher, Podcaster, send cat pics
Asahi Lina (朝日リナ) // nullptr::liveYes, a file full of zero bits transfers faster over USB2.0 than a file full of one bits.
I've known this forever but it still feels ridiculous when you actually test it and it's true!
USB truly is cursed.
Natasha JayYou don't see toys like this around anymore. The Atomic Energy Lab set was available from 1951 to 1952 and sold for a whopping $50.
"The set came with four types of uranium ore, a beta-alpha source, a pure beta source, a gamma source, a spinthariscope, a cloud chamber, an electroscope, a geiger counter, and a manual."
More here 🤯:
https://interestingengineering.com/culture/radioactive-toy-deemed-world-most-dangerous
h3artbl33d 
The #homeautomation protocol is named #Thread, perhaps that is a typo as #Threat is more apt and accurate. If you roll your own device you might very well experience the full force of their blood thirsty lawyers.
What the actual F.
Dwarf Fortress Bugs0011882: A perfectly normal dwarf baron from a dwarf civ threw one of their 1 year infant child into a beast pit.
Andreas Klopsch🚨 RIFT Update:
We’ve boosted our compiler detection! 🛠️
Now with sharper insights into binaries built using GNU, MinGW, and MSVC toolchains.
More enhancements are on the way—stay tuned! 🔍✨
#ReverseEngineering #MalwareAnalysis #RIFT #malware #msft
GregDid you know that new #Emoji can be proposed by anyone, simply by following some guidelines laid out by the #Unicode consortium? There's a time window each year where they accept proposals, and a select few might make it into future sets.
This year I turned one in: "Circuit Board", which I was surprised to find 1. didn't exist and 2. had not been proposed before (though CPU and Microchip have both been submitted and declined in the last 5 years)
You can read my proposal here:
https://storage.googleapis.com/greg-kennedy.com/Proposal%20for%20Emoji%20%E2%80%9CCircuit%20Board%E2%80%9D.pdf
and you can see the Unicode emoji proposal guidelines here:
https://www.unicode.org/emoji/proposals.html
Anyway, the odds aren't great of getting accepted, but if it IS then you can say "hey! I know the guy who submitted that one!"
Attached are the sample images I drew up for the proposal - which, incidentally, are now Public Domain as well. Enjoy!
@SebastianWalla, Steffen Haas, @tillmannwerner, and myself will present a .NET instrumentation framework tomorrow at @recon 2025 in Montreal. Here's a humble brag sneak peek demo-ing how easy it is to write a function tracer!
For "all my new followers" here: if you are able to understand German, I'm podcasting since a couple of years now. Throughput is limited but we are at 10 episodes now (and counting). Chris' and my format is somewhere in between "two guys just talking" and "reading a lecture script". Hence the limited throughput: we just need a bit of time to prepare each episode.
Anyway, here's the URL: https://armchairinvestigators.de/ you can listen to it directly on the site or just search for "Armchair Investigators" on your favorite Podcast platform (how to actually get your self-hosted Podcast distributed is also a funny story, but more for a blag post, I think).
Oh yeah: our goal is to make cyber accessible to everyone (even your parents) while still being interesting for the average nerd. Topics for example are the Triton/Trisis case, cyber operations by the GRU, Olympic Destroyer, etc.
If you can't understand German but might have people who do, I'd very much appreciate a forward or mention 🙇
Joxean Koret (@matalaz)RULECOMPILE - Undocumented Ghidra decompiler rule language
RULECOMPILE - Undocumented Ghidra decompiler rule language
Or “How I got annoyed by a poor decompilation so I unearthed a hidden Ghidra feature” TLDR: there is a (undocumented and disabled by default) feature in the Ghidra decompiler that lets you create your own decompiler passes, using a custom DSL. I leverage it to write a deobfuscation rule for a simple obfuscation technique. Story Setup - introduction and problem statement Decompiler 101 - building and using Ghidra decompiler directly RULECOMPILE - a curious #define flag from the decompiler source A forgotten language of dragons - reverse-engineering a forgotten code pattern matching DSL How to train your dragon - how to write a rule that is actually useful Conclusion - parting thoughts Story setup It all started with this one missed deobfuscation:
AccordionBruce
Huw R
Sisby folk
MiSt
Anya "CZGoldEdition" Hueing - Artist for Hire 🎨
Calisti 🏳️🌈🦇 (2254 @ WHY)
Štěpán
HermitCyclop
Christian Kent 𝘊𝘒 :\﹥