Mastodawn

https://blog.quarkslab.com/obfuscation-vs-the-optimizer-an-llvm-middle-end-arms-race.html

Obfuscation vs the Optimizer: An LLVM Middle-End Arms Race - Quarkslab's blog

How one Commit Broke Obfuscation: A blog post exploring the role of compilers and optimizations in the field of obfuscation and de-obfuscation.

Silma Apr 15

quarkslab Apr 14

🤔Ever wondered how your favorite tools work under the hood? During our work on SightHouse, we dug into BSIM, Ghidra's Binary function SIMilarity engine.

Many tools have been built around it, yet its internals remained undocumented. Until now 👇
https://blog.quarkslab.com/bsim-explained-once-and-for-all.html

Silma Apr 10

Silas Cutler Feb 24

Our blog at @censys now has a proper RSS feed https://censys.com/feed/
(cc: @Feedly #GoogleReader)

Silma Apr 8

Breaking the console: a brief history of video game security:

https://sergioprado.blog/breaking-the-console-a-brief-history-of-video-game-security/

Breaking the console: a brief history of video game security

Video game security has always been a moving target, as consoles evolved to full-blown computing platforms locked down with layers of protection — but for every lock ever invented, there has always been someone determined to pick it.

sergioprado.blog

Silma Mar 4

Linux #rootkit taxonomy and hooking techniques (part. 1):

https://www.elastic.co/security-labs/linux-rootkits-1-hooked-on-linux

#malware #reverseengineering

Hooked on Linux: Rootkit Taxonomy, Hooking Techniques and Tradecraft — Elastic Security Labs

In this first part of a two-part series, we explore Linux rootkit taxonomy, trace their evolution from userland shared object hijacking and kernel-space loadable kernel module hooking to modern eBPF- and io_uring-powered techniques.

Silma Feb 28

Deep dive into some C++ concepts:

* Object Creation
* (Virtual) Inheritance
* Virtual Functions

And maybe more to come?

https://jinjucat.github.io/

#reverseengineering #cplusplus #cpp

JinjuCat’s blog

JinjuCat's blog

Silma Feb 22

Washi Feb 21

Over the past couple years, I have come to know the #dotnet platform pretty well, from a developer's and a #reversing standpoint.

I can’t always say the same the #infosec community.

Today, I decided to rant a little (or maybe a lot 🙃)

👉 https://blog.washi.dev/posts/misconceptions-about-dotnet/

Silma Feb 19

https://github.com/xKiian/datadome-vm

"This repository documents the first public version of DataDome's in-browser JavaScript virtual machine (VM) used in their CAPTCHA/interstitial flow."

#reverseengineering #vm #javascript

GitHub - xKiian/datadome-vm: Reverse engineering the new Datadome VM 🔥

Reverse engineering the new Datadome VM 🔥. Contribute to xKiian/datadome-vm development by creating an account on GitHub.

GitHub

Silma Feb 14

For those who have the pleasure to reverse Go binaries:

https://azhlm.netlify.app/note/golang/

#golang #reverseengineering

Reverse Engineering Go Binaries: A Comprehensive Guide to Metadata Analysis | Azhlm

Comprehensive guide to analyzing Go binaries through pclntab, moduledata, and type information extraction across versions 1.2-1.26.

Azhlm

Silma Feb 14

I missed this one because of ~~beer~~ summer holidays.
Anyway, if you want to see how a Shellter protected binary looks like:

https://www.elastic.co/security-labs/taking-shellter

#malware #reverseengineering #shellter

Taking SHELLTER: a commercial evasion framework abused in-the-wild — Elastic Security Labs

Elastic Security Labs detected the recent emergence of infostealers using an illicitly acquired version of the commercial evasion framework, SHELLTER, to deploy post-exploitation payloads.