avallach

@[email protected]
458 Followers
1.2K Following
2.2K Posts
πŸ‡ΊπŸ‡¦ Malware Researcher πŸ‡ΊπŸ‡¦
Posts are my own and do not reflect my employer.
mlgethttp://github.com/xorhex/mlget
bloghttps://blog.xorhex.com
twittodonhttps://twittodon.com/share.php?t=xorhex&[email protected]
avallach4d ago

When I sign up for services/subscriptions, I use a dedicated email for that service/subscription - so when I start getting spam or the like to that email address, I have an idea as to the source.

Took longer than I thought (since I started doing this), but today I got my first one. Not going to name the service/subscription, but either they or one of their downstream partners (yes the service/subscription clear states in the TOS that my info will be shared) disclosed/got hacked/leaked/etc. the email address to some miscreants.

It's nothing special, they just want me to call and cancel my Geek Squad subscription renewing my Internet Security Plan or else it's going to auto-renew. My favorite part is the copyright; 2024 Windows Defender πŸ˜†

avallachFeb 12
Nice to see my #BinaryNinja plugins getting some use
avallachFeb 7

I'm not a Ghidra user but I do think it's awesome that Binary Ninja supports exporting to Ghidra.

#Ghidra #BinaryNinja

avallachFeb 4

Changed just 2 things in Binary Ninja's HLIL representation to get the Mersenne Twister initialize_state formula to match what's on Wikipedia:

seed = f * (seed ^ (seed >> (w-2))) + i;

w: word size (in number of bits). 32-2 = 30
f: is the constant 0x6c078965

Can you spot the 2 things? πŸ™‚

#BinaryNinja #DynoWiper

avallachDec 8

#BinYars (write #YARA-X rules inside of #BinaryNinja) is now available in Binja's plugin manager!

I want to give a special shout out to @cxiao (Thank You πŸ™) who provided valuable feedback making the plugin experience better.

Happy rule writing!

Learn more @ https://github.com/xorhex/BinYars

avallachOct 26

Still testing 🀞

For those able to use #BinaryNinja projects; #BinYars can sort the files into folders based upon the #Yara-X rule metadata field, BNFolder. The folder nesting structure is determined by the number of matches that reside under each folder - check out the video below!

Show threadavallachOct 24

Video: Part 2 of 2

#BinYars

avallachOct 24

It's getting close to being done - #BinYars a #YARA-X #BinaryNinja plugin! Still testing, but plan on open sourcing it for all to use.

Shout out to Remco Sprooten for making this tool (also shown in the video) for quickly drafting Yara rules πŸ’ͺ https://github.com/1337-42/SimpleYaraBN

Video: Part 1 of 2

avallachJun 11, 2025

#mlget has been updated - your 1 stop shop for finding malware across different services!

Grab an updated copy at https://github.com/xorhex/mlget/releases/tag/v3.4.2

Happy to add additional services if folks know of more!

Some services I no longer have access to for testing - see the Alt text for more info.

avallachMay 23, 2025
#binaryninja doing the math for me