Sotwe logo Sotwe logo
b_sendpacket's profile banner image
b_sendpacket's profile image

twentyeight

@b_sendpacket

Security Researcher | Malware Analysis & Reverse Engineering |
United States
Joined January 2024
159 Following
15 Followers
15 Posts
b_sendpacket's profile image
twentyeight @b_sendpacket
@MamboJambo85 @k_flowstate @zack_overflow long can be i32 or i64 depending on platform, long long is i64 regardless of platform
0
4
0
0
95
b_sendpacket's profile image
twentyeight @b_sendpacket
@cyb3rops I understand where Shellter is coming from here, and while I agree it would be nice for Elastic to have reported this directly- I don’t see this being feasible for every suspected case. I also don’t see anything in their signatures you couldn’t create via the malicious binaries?
0
0
0
0
409
b_sendpacket  retweeted
mr_phrazer's profile image
Tim Blazytko Verified account @mr_phrazer
The slides from our @reconmtl talk, "Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications" (CC @nicolodev), are now online! Slides: https://t.co/O9s6ItbHFw Plugin: https://t.co/cek4bXbNyB
mr_phrazer's tweet photo. The slides from our @reconmtl talk, "Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications" (CC @nicolodev), are now online! Slides: https://t.co/O9s6ItbHFw Plugin: https://t.co/cek4bXbNyB https://t.co/rhZso7KuDN
1
147
48
78
20K
b_sendpacket's profile image
twentyeight @b_sendpacket
@_winter_wonders This is really cool! I’m curious if in this visual form, could you still differentiate malware families even after obfuscation passes?
0
0
0
0
63
b_sendpacket's profile image
twentyeight @b_sendpacket
Did you know that WinDbg has a `dx` command that lets you define variables, cast memory, and walk structures? Here's some absolutely cursed code I wrote today to walk the PEB, locate ntdll.dll, and dump its exports - using only `dx`!
b_sendpacket's tweet photo. Did you know that WinDbg has a `dx` command that lets you define variables, cast memory, and walk structures? Here's some absolutely cursed code I wrote today to walk the PEB, locate ntdll.dll, and dump its exports - using only `dx`! https://t.co/ExWaNirRj3
0
1
0
0
51
b_sendpacket  retweeted
washi_dev's profile image
Washi @washi_dev
After #flareon11 challenge 7, I got inspired to build tooling for #dotnet Native AOT reverse engineering. As such, I built a #Ghidra Analyzer that can automatically recover most .NET types, methods and frozen objects (e.g., strings). Blog:👉https://t.co/qmGBlgCUir
washi_dev's tweet photo. After #flareon11 challenge 7, I got inspired to build tooling for #dotnet Native AOT reverse engineering. As such, I built a #Ghidra Analyzer that can automatically recover most .NET types, methods and frozen objects (e.g., strings). Blog:👉https://t.co/qmGBlgCUir https://t.co/mTeDXWjEmj
3
323
107
163
27K
b_sendpacket  retweeted
ACEResponder's profile image
ACE Responder Verified account @ACEResponder
How Component Object Model (COM) works. #ThreatHunting #DFIR #Windows #Microsoft
ACEResponder's tweet photo. How Component Object Model (COM) works. #ThreatHunting #DFIR #Windows #Microsoft https://t.co/zGNAoEJVVG
4
864
164
697
82K
b_sendpacket's profile image
twentyeight @b_sendpacket
@micrictor @ForensicITGuy Unfortunate :/ Hopefully that gets implemented one day, and then it might truly be a worthwhile switch
0
0
0
0
26
b_sendpacket's profile image
twentyeight @b_sendpacket
@xyz3va it’s funny, they clearly underestimate what a team of reverse engineers can and will do lol
0
0
0
0
17
b_sendpacket's profile image
twentyeight @b_sendpacket
@micrictor @ForensicITGuy Do you happen to know if they now support password protected 7z archives?
1
0
0
0
58
b_sendpacket  retweeted
AzakaSekai_'s profile image
安坂星海 Azaka || VTuber Verified account @AzakaSekai_
victim does WHAT
AzakaSekai_'s tweet photo. victim does WHAT https://t.co/S3zL4ORdo7
51
5K
383
558
583K
b_sendpacket  retweeted
0x6D6172636F's profile image
смех @0x6D6172636F
0x6D6172636F's tweet photo. https://t.co/41B5Fvztfm
1
15
1
1
737
b_sendpacket  retweeted
huettenhain's profile image
Jesko Hüttenhain @huettenhain
What a great opportunity for a #BinaryRefinery showcase! xt exe | xt | push [ | bat | carve -d string | iffs = | b64 | pop k i | carve -sd b64 | aes --iv=eat:i eat:k | zl | peek -mm ] 📌 https://t.co/E20pgo1E4d
huettenhain's tweet photo. What a great opportunity for a #BinaryRefinery showcase! xt exe | xt | push [ | bat | carve -d string | iffs = | b64 | pop k i | carve -sd b64 | aes --iv=eat:i eat:k | zl | peek -mm ] 📌 https://t.co/E20pgo1E4d https://t.co/DKCSBtIrGA
0
66
13
21
8K
b_sendpacket's profile image
twentyeight @b_sendpacket
@0x6D6172636F Using the CAPA plugin in IDA is a game changer on large binaries where drilling down functionality would be miserable otherwise, fully agreed
0
1
0
0
25
b_sendpacket  retweeted
InvokeReversing's profile image
Invoke RE Verified account @InvokeReversing
Huge congrats to @b_sendpacket and @Autonomatom for being the first students to finish the Introduction to Malware Binary Triage (IMBT) course! They have now received their certificates of completion 🥳
0
11
2
0
566

Last Seen Users on Sotwe

XiDxk23666's profile image
เอาหีใหญ่ๆ มาอวดกัน
Seen from Thailand
VCswingQ6's profile image
VC Đan.Some&Swing SG Q6
Seen from Vietnam
2niyjsw2z9HvfKc's profile image
المنقبة
Seen from Egypt
BangAdii12's profile image
Bang Gann
Seen from Indonesia
Geethakrgm's profile image
Geetha
Seen from India
AdellTalis57969's profile image
@@
pembeesarap's profile image
birazhornybirazporny
Seen from Turkey
carolineebabie's profile image
♡ caroline ♡ Verified account
Seen from United States
HuhuHah67986588's profile image
Phim Gây Việt
Seen from Vietnam
alphapharoaXX's profile image
alpha 777

Trends for you

1
Melanie
Under 10K tweets
2
#StanleyCup
Under 10K tweets
3
McConnell
Under 10K tweets
4
Brett Howden
Under 10K tweets
5
Olivia Miles
Under 10K tweets
6
Platner
Under 10K tweets
7
#HookEm
Under 10K tweets
8
Larkin
Under 10K tweets
9
Torts
Under 10K tweets
10
Save Act
Under 10K tweets

Most Popular Users

elonmusk's profile image
1
Elon Musk Verified account
@elonmusk
240.1M followers
barackobama's profile image
2
Barack Obama Verified account
@barackobama
119.3M followers
realdonaldtrump's profile image
3
Donald J. Trump Verified account
@realdonaldtrump
111.6M followers
cristiano's profile image
4
Cristiano Ronaldo Verified account
@cristiano
108.8M followers
narendramodi's profile image
5
Narendra Modi Verified account
@narendramodi
107M followers
rihanna's profile image
6
Rihanna Verified account
@rihanna
97.2M followers
nasa's profile image
7
NASA Verified account
@nasa
92.1M followers
justinbieber's profile image
8
Justin Bieber Verified account
@justinbieber
90.5M followers
katyperry's profile image
9
KATY PERRY Verified account
@katyperry
86.7M followers
taylorswift13's profile image
10
Taylor Swift Verified account
@taylorswift13
80.5M followers
ladygaga's profile image
11
Lady Gaga Verified account
@ladygaga
72.1M followers
kimkardashian's profile image
12
Kim Kardashian Verified account
@kimkardashian
69.3M followers
youtube's profile image
13
YouTube Verified account
@youtube
68.6M followers
imvkohli's profile image
14
Virat Kohli Verified account
@imvkohli
68.4M followers
billgates's profile image
15
Bill Gates Verified account
@billgates
63.4M followers
theellenshow's profile image
16
The Ellen Show
@theellenshow
62.5M followers
cnn's profile image
17
CNN Verified account
@cnn
61.9M followers
neymarjr's profile image
18
Neymar Jr Verified account
@neymarjr
61M followers
x's profile image
19
X Verified account
@x
60.9M followers
cnnbrk's profile image
20
CNN Breaking News Verified account
@cnnbrk
59.9M followers