Obfuscation vs The Optimizer: A Battle in LLVM Middle End.

@yates82 shows us how the continuous improvement of the LLVM optimizer defeats naive code obfuscation, and how the obfuscator can fight back.

An eternal fight in which all victories are ephemeral

https://blog.quarkslab.com/obfuscation-vs-the-optimizer-an-llvm-middle-end-arms-race.html

Tired of reversing the same libc for the 100th time? 👀

Meet SightHouse, our open-source tool that automatically detects third-party library functions in binaries.
High-confidence function mapping. Works with any disassembler. By @madsquirrel & Sami.

🔗 https://blog.quarkslab.com/sighthouse-automated-function-identification.html

The dragon has a VM. Of course it does.

Our latest blog walks through the analysis of a complex C++ binary hiding behind a virtual machine, themed as a classic RPG fight.
QBDI & TritonDSE are your weapons of choice. The dragon doesn't stand a chance. 🐉

🔗 https://blog.quarkslab.com/qbdi-vs-tritondse-against-a-vm-who-will-be-the-fastest.html

Rule 1️⃣ : "In WAF we (should not) trust"

Your WAF is doing its best. That's just not enough 😮‍💨
A deep dive into Web Application Firewall bypass techniques, discovering why blocked ⛔ doesn't always mean safe.

https://blog.quarkslab.com/in-waf-we-should-not-trust.html

"Intego X9: Never trust my updates"

Read @coiffeur0x90's research showing how XPC interprocess communications and the update mechanism of the Intego antivirus for MacOS can be abused for local privilege escalation.

https://blog.quarkslab.com/intego_lpe_macos_3.html

"How does it even work?"

The question that keeps hackers' hearts pumping, blood pressure rising, and curiosity growing.

This is @virtualabs's reverse engineering journey into a cheap smartwatch that measures at least one of those.

https://blog.quarkslab.com/nerd-life-weeks-firmware-teardown-we-were-right.html