https://github.com/alexander-hanel/pwinfected

For anyone else tired of having to start a VM to download a file.

@cxiao @pinkflawd Ha! Decompiler output is ugly compared to the esthetic simplicity of assembly.

Unicorn Engine (CPU emulator) v2.1.0 released with lots of goodies. I’m particularly interested in the

memory snapshots/CoW support, to enable approximate emulation of all code paths, like we do in FLOSS.

https://github.com/unicorn-engine/unicorn/releases/tag/2.1.0

#reverseengineering #emulation

We at CrowdStrike are looking for a highly technical colleague that helps me study threats to the cloud! We are a remote first company, have a great data set, and need additional headcount. You would work with me directly in the Technical Analysis Cell. Together we would be the first to analyze cloud activity logs to discover and document new techniques such as persistence via identity federation (https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a).
https://crowdstrike.wd5.myworkdayjobs.com/en-US/crowdstrikecareers/job/USA---Remote/Sr-Security-Researcher---Cloud-Intelligence-Mission--Remote-_R15460
If you have any questions, feel free to reach out to me via direct message. Note that I’m not the hiring manager.
We had to specify a region for our hiring portal which is why it states USA-/Canada-Remote. While this would be ideal to increase our window of coverage, we will consider candidates from all regions where we can hire. I myself am based in Europe.
#cloudsecurity #cloud #threatintel #hiring #aws #azure #gcp #FediHire #fedihired #remotework #remote

Are you not interested in analyzing/documenting cloud-conscious threat actor activities but would rather help catch them via cloud honeypots and search/reproduce vulnerabilities at cloud service providers? Then this position for a colleague in the ART team might be something for you: https://crowdstrike.wd5.myworkdayjobs.com/en-US/crowdstrikecareers/job/United-Kingdom---Remote/Sr-Security-Researcher--Cloud--Remote-_R15540

A while back I was researching A5/1 encryption (used in GSM) and I stumbled upon its fascinating history. I wrote about some of the notable points here https://github.com/alexander-hanel/asm-examples/tree/master/A51#background-aka-the-tmz-of-a51

@r3c0nst awesome job. This is some great content.

“FLOSS for Gophers and Crabs: Extracting Strings from Go and Rust Executables” https://www.mandiant.com/resources/blog/extracting-strings-go-rust-executables #go #rust #reverseengineering

Viewing Microsoft’s technical specifications in IDA? That’s possible with Alexander Hanel’s Plugin – msdocviewer. Read our new #PluginFocus article and learn more about this simple but helpful tool 🌐 https://hex-rays.com/blog/plugin-focus-msdocviewer/?utm_source=Social-Media-Post&utm_medium=Mastodon&utm_campaign=Plugin-Focus-msdocviewer

#IDAPython

As promised, here are my #BinaryRefinery solutions of #FlareOn10. Didn't quite refine them all, but there might be a nugget or two if you like static analysis:

https://github.com/binref/refinery/blob/master/tutorials/tbr-files.v0x08.flare.on.10.ipynb

Newly released: recording of Daniel Plohmann's #VB2023 presentation on applied one-to-many code similarity analysis using MCRIT. Watch out for more VB2023 presentations being released on our YouTube channel in the coming days. https://www.youtube.com/watch?v=CMu1r5IhpYE

Emily Gorcenski banned her phone from the bedroom and started reading again. “I started to take inventory of the hours I was losing. It was bad. I was worried I was wasting my life with bullshit I could not control and could do nothing about.” https://emilygorcenski.com/post/how-i-read-40-books-and-extinguished-the-world-on-fire/

My Hyper-V backdoor now fully supports Windows 11, both 21H2 and 22H2. All features and client program commands, including secure kernel related ones, works as expected 😀

https://github.com/Cr4sh/s6_pcie_microblaze/tree/master/python/payloads/DmaBackdoorHv

msdocsviewer is a simple tool that parses Microsoft's win32 API and driver documentation to be used within IDA. https://github.com/alexander-hanel/msdocsviewer

@jimfl @cxiao the author’s book A Burglar’s Guide to the City is an excellent read. https://burglarsguide.com/

@larsborn hahaha so basically same-same, but different.

I’m on my last week of a 12 week paternity leave and was looking to get caught up on notable research/blogs/videos/code/etc of the past three months. What would you recommend checking out?

@cyb3rkitties if you skip to the second paragraph I describe my approach to triaging a piece of malware. http://hooked-on-mnemonics.blogspot.com/2023/03/function-trapper-keeper-ida-plugin.html

In the spirit of "this talk could've been a tweet", I just pushed a button:

#BinDiff is now open source.

- This is a snapshot release, no major new functionality
- Release binaries will follow later today or tomorrow
- This is my 20% and I won't we able to act on PRs until end of Q4 (OOO traveling)

Thanks everyone for making this possible!

Shout out to @HalvarFlake, ObfuscaTHOR, Nils, Tora,
@shanehuntley, @erocarrera, 0xfffffffe

Happy diffing!

https://github.com/google/bindiff/releases/tag/v8

For anyone interested in barbell exercises (squat, deadlift, etc), I created a gist of my warmup routine. The stretches are also useful for countering stiffness from sitting. I do some of these throughout the day when I’m working. https://gist.github.com/alexander-hanel/4d253d89c67a98c4dc8846074e73ffee