Olivia
Online
Michael B.
@DownWithUpSec
Windows security researcher/reverse engineer. The more you know, the more you realize you don't.
Internet, Earth
Joined March 2019
51 Following
803 Followers
61 Posts
Here is an (another) IDA domain API MCP server that I worked on this weekend. It was an good experience using FastMCP. I might add more tools to the server as the need arises. For anyone interested: https://t.co/XatVgZJgML
IDA and Codex preformed very well together. The prompt was surprisingly simple and I was generally impressed with the results.
An example of "vibe" malware reverse engineering.
https://t.co/tIwt6KkfQq
@winternl_t Very nice that this displays arguments as well as the return value. However, it didn't seem to work out of the box for me. Just ran and said "INFO: waiting for app to exit..." I'll have to investigate more.
AWStrace: Another Windows Strace attempt by me. Using a named pipe and shellcode inside the remote process, send registers back and pretty print the output.
https://t.co/S1hpd6Va56
Because of the recent Notepad++ situation here is another good source about WB. As opposed to just simple decryption/re-encryption, this also shows how to use the heap execute capability.
https://t.co/8fozhDu5pv
@aionescu @witherornot1337 @HackingLZ @vxunderground I remember watching Alex's talk in 2020, and it was always on the back of my mind. I finally sat down around 2023 and worked out a simple PoC to use the decrypting/re-encrypting capabilities of it. Crazy to see it actually being used in the wild.
@diversenok_zero Awesome, this is great to know. I kept thinking maybe I had a permissions problem. 😅
Exporting registry data in the "hive" format seems to ignore the "BIOS" key under HKLM\HARDWARE\DESCRIPTION\System. You can export it directly, but exporting any parent will not contain the "BIOS" key and its values
"This thing I need is open source. Surely someone has audited this code?"
🙃
@sixtyvividtails Sadly not. Looks like all if your CPU doesn't support MPX (which newer ones won't) the MPX instructions will be treated as NOPs.
Something interesting I stumbled upon: In Windows, for Intel's MPX, a driver could use KeRegisterBoundCallback to handle/hook the BOUND #BR exception. This function will eventually get called from the IDT's KiBoundFault
😮New post on Windows Warbird encryption and decryption: https://t.co/LCOapQeJ8b
Here's an old project that I polished up a bit: https://t.co/B8ZKbbucaW Essentially the idea was to have some introspection into an OS at the hypervisor level. It was also a foray into the Windows Hypervisor Platform API.
Just a quick little post on how to use the the undocumented API NtPssCaptureVaSpaceBulk to gather a process' virtual memory in a single call. Read more here: https://t.co/egpjdyJhF3
So .msu files really are just .cab files? 😅
@hyp3rlinx Looks interesting! 3rd party contributions welcome?
What a shot taken from Melbourne Australia 🔭🪐
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.4M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.1M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers