Olivia
Online
Nofix
@N0Fix
interested in rust, malware, hypervisors and deobfuscation
Joined September 2018
388 Following
646 Followers
163 Posts
Pinned Tweet
Hello twitter, made an IDA script/plugin to comment your decompiled Rust code with... Rust source code !
It fetches panic information and reads fetch the associated source code to print it to you in the form of a comment.
https://t.co/KRDB4HKaTf
Spent some time battle-testing my LLVM Python bindings by building a basic lifter for x86: https://t.co/Z1T1073RkU
Made a little experiment of lifting IDA microcode to z3 to automatically resolve opaque predicates. It works quite well on a few malware families I tested on.
In the gif you can see Lumma stealer's opaque predicates being solved automatically:
This 1-pager from Xusheng Li on GDB internals of how watchpoints are implemented is a delight to read! (especially that double-write behaviour false positive - I did not know about that)
Who to follow
Kaluche 
@kaluche_
Red Team 🎯 at @QuarksLab | Windows & Active Directory 💗 | @BreizhCTF co-founder 🚩
Noiche
@_Noiche
❤️ RE & PWN
📱iOS security researcher and TeamLead @FuzzingLabs
⛳️Playing around w/ @MedusHack
Worty
@_Worty
Organizer of @HeroCTF || ctf w/ @FlatNetworkOrg || TeamFR 2021, 2022 & 2025 🇫🇷 || Breaking stuff @ Depi
https://t.co/VxkaiANAAT
We probably need to start transitioning to the new name...
Ever wanted to draw a triangle with OpenGL as a 2kb position-independent shellcode? No? Me neither.
But you can do it anyway: https://t.co/qCd88gK0GR
I'm glad to announce the release of my VS Code Extension: Multi-Search 🔍
If you find it useful, don't hesitate to share it with your colleagues or friends 🙏
- https://t.co/CELCr6QiYq
- https://t.co/Safp5lPEm9
https://t.co/x8ky37TEwb
In today's episode of programming horror...
In the Python docs of random.seed() def, we're told
"If a is an int, it is used directly." [1]
But if you seed with 3 or -3, you actually get the exact same rng object, producing the same streams. (TIL). In nanochat I was using the sign as a (what I thought was) clever way to get different rng sequences for train/test splits. Hence gnarly bug because now train=test.
I found the CPython code responsible in cpython/Modules/_randommodule.c [2], where on line 321 we see in a comment:
"This algorithm relies on the number being unsigned. So: if the arg is a PyLong, use its absolute value." followed by
n = PyNumber_Absolute(arg);
which explicitly calls abs() on your seed to make it positive, discarding the sign bit.
But this comment is actually wrong/misleading too. Under the hood, Python calls the Mersenne Twister MT19937 algorithm, which in the general case has 19937 (non-zero) bits state. Python takes your int (or other objects) and "spreads out" that information across these bits. In principle, the sign bit could have been used to augment the state bits. There is nothing about the algorithm that "relies on the number being unsigned". A decision was made to not incorporate the sign bit (which imo was a mistake). One trivial example could have been to map n -> 2*abs(n) + int(n < 0).
Finally this leads us to the contract of Python's random, which is also not fully spelled out in the docs. The contract that is mentioned is that:
same seed => same sequence.
But no guarantee is made that different seeds produce different sequences. So in principle, Python makes no promises that e.g. seed(5) and seed(6) are different rng streams. (Though this quite commonly implicitly assumed in many applications.) Indeed, we see that seed(5) and seed(-5) are identical streams. And you should probably not use them to separate your train/test behaviors in machine learning. One of the more amusing programming horror footguns I've encountered recently. We'll see you in the next episode.
[1] https://t.co/srv1ZBlDsi
[2] https://t.co/qpnKdvfVNS
![karpathy's tweet photo. In today's episode of programming horror...
In the Python docs of random.seed() def, we're told
"If a is an int, it is used directly." [1]
But if you seed with 3 or -3, you actually get the exact same rng object, producing the same streams. (TIL). In nanochat I was using the sign as a (what I thought was) clever way to get different rng sequences for train/test splits. Hence gnarly bug because now train=test.
I found the CPython code responsible in cpython/Modules/_randommodule.c [2], where on line 321 we see in a comment:
"This algorithm relies on the number being unsigned. So: if the arg is a PyLong, use its absolute value." followed by
n = PyNumber_Absolute(arg);
which explicitly calls abs() on your seed to make it positive, discarding the sign bit.
But this comment is actually wrong/misleading too. Under the hood, Python calls the Mersenne Twister MT19937 algorithm, which in the general case has 19937 (non-zero) bits state. Python takes your int (or other objects) and "spreads out" that information across these bits. In principle, the sign bit could have been used to augment the state bits. There is nothing about the algorithm that "relies on the number being unsigned". A decision was made to not incorporate the sign bit (which imo was a mistake). One trivial example could have been to map n -> 2*abs(n) + int(n < 0).
Finally this leads us to the contract of Python's random, which is also not fully spelled out in the docs. The contract that is mentioned is that:
same seed => same sequence.
But no guarantee is made that different seeds produce different sequences. So in principle, Python makes no promises that e.g. seed(5) and seed(6) are different rng streams. (Though this quite commonly implicitly assumed in many applications.) Indeed, we see that seed(5) and seed(-5) are identical streams. And you should probably not use them to separate your train/test behaviors in machine learning. One of the more amusing programming horror footguns I've encountered recently. We'll see you in the next episode.
[1] https://t.co/srv1ZBlDsi
[2] https://t.co/qpnKdvfVNS](https://pbs.twimg.com/media/G7sc167aMAAuZi5.png)
@HexRaysSA 2025 🙏
Article très intéressant, surtout quand on a vu ma dernière vidéo sur la panne de l'aspirateur robot Dyson
https://t.co/mDCmt6wTdR
Impressive work from our team today at #Pwn2Own!
Mehdi and Matthieu just pulled off an exploit on the Philips Hue Bridge without laying a finger on the device!
Great demonstration of Synacktiv’s offensive expertise 👏
Come on 🔥
What's a good reason to put relevant information of your file format at the end of the file ? It makes it so hard to find if anything goes wrong or if the file gets concatenated somehow
Hey @ProtonPrivacy, why are you cancelling journalists and ghosting us. Need help calibrating your moral compass❓
First therapy session is for free 😘
Regarding https://t.co/Toz8DASGAJ
🔥HeroCTF v7 is back at the end of November!
🚩You can now register your team on CTFtime
🔗 https://t.co/tDGiA6Y0fV
More information to come soon.
@HeroCTF Sans déconner
🔐 Data encryption in Laravel environments is based on one secret: the APP_KEY. Our ninja @_remsio_ studied the impact of its leakage on the internet during an entire year.
https://t.co/wRYAK0Hwyq
@JershMagersh Eh, I guess they have enough manpower to create code that belongs to them
Sad they do not contribute to open source !
I've published my thoughts on part of the anonymization method used in that paper:
https://t.co/q16WU1aWVq
TL;DR: yeeeah... I don't think it works well
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers