Olivia
Online
Sam Thomas
@xorpse
Program analysis. Reverse engineering. Backdoor detection.
United Kingdom
Joined December 2017
632 Following
678 Followers
711 Posts
Spent the last 2 weeks working on a devirtualizer for VMProtect 3.5 and learning Remill. Idk yet if I will blog about it, but I at least wanted to publish the code:
https://t.co/GLqKWpOOU7
The approach is different from my last blog, as it lifts the whole x86 code of the VM
Dyn Taintflow Analysis (DTA) - one of the main components of VUzzer (NDSS 2017) - finally got the re-engineering I'd been postponing for years.
Several ideas had been stuck in my notebook ever since. 1/n
One was, for example, the interned-label tag-map design I discussed with @c_giuffrida (thanks) back then, inspired by DFSan of LLVM.
This year, working with Claude, I finally (dared!) took the leap: a DynamoRIO-native LibDFT64 port, off Intel Pin entirely. v0.1 just shipped. 2/
Parser benchmarks (5 iters; methodology in repo):
• tiffcp: 4.54× faster than Pin LibDFT64
• xmllint: 4.20× faster
• pdfimages: 2.20× faster
Public C++ API ships 3 sink patterns — opcode-class / PC-range / function-entry — with 4 reference clients. 3/
This means it allows to implement typical taintflow related workflows.
Github: https://t.co/siTqdTJzOT
For some technical details, DESIGN.md is the one you would like to read first.
Thanks 🙏 4/4
My second PhD student, Yihao Sun, will be doing his dissertation defense tomorrow at noon Eastern time. Yihao's work has been a true sight to behold. He has papers at ASPLOS, AAAI, NeurIPS, VLDB, among others. This Fall, he starts as faculty at Utah State University! (Zoom link.)
decompilers historically have poor support for language-specific constructs, beginning with C++ templates or classes, not even talking about Go or Rust.
this work is astonishingly high-quality, from my first little tests it makes Rust decompilations indeed way more approachable
VulHunt by @binarly_io
https://t.co/ovsuyb5E26
Blog post series:
https://t.co/UzipgZw8la
https://t.co/F6E4OyqRAy
https://t.co/YG4tPvcDDt
https://t.co/24WivmtGZs
https://t.co/aGYL9HFo4B
#infosec
fresh desk and a new chair. for a new start.
🚨 Postdoc opening (24 months) in software security & fuzzing!
Join our @BinsecTool team @CEA_List to work on smarter fuzzing for supply‑chain security.
📍 Paris‑Saclay 🇫🇷
🔗 Apply: https://t.co/b2yCb6HoZg
#Postdoc #Cybersecurity #Fuzzing #BinaryAnalysis #SupplyChainSecurity
We are looking for a postdoc! ⬇️
UEFITool / UEFIExtract / UEFIFind NE A74
- a lot of bugfixes for issues found by @binarly_io folks
- CSME version detection improvements
- Insyde FlashDeviceMap improvements
- other minor fixes
https://t.co/YhYbdc5GuC
I wrote a thing. if you are interested in obfuscation/de-obfuscation and compilers, but perhaps don't have a tangible experience with it, then i hope this story will be interesting to you and teach a few things along the way (-:
Writing Rust-based IDA plugins is as simple as implementing IDAPlugin and using an attribute macro to define metadata. The crate handles the rest!
We're pleased to announce a new release of our #Rust bindings for @HexRaysSA IDA Pro! This release adds compatibility with latest SDK, and introduces a Rust-native interface for developing plugins. https://t.co/VAyv0oGP20
🤔Ever wondered how your favorite tools work under the hood? During our work on SightHouse, we dug into BSIM, Ghidra's Binary function SIMilarity engine.
Many tools have been built around it, yet its internals remained undocumented. Until now 👇
https://t.co/Gw9AkTk0yb
It’s finally here: radare2 + Warp (warrp) ⚡️
This makes r2 the first tool outside of the binary ninja ecosystem to adopt the format. Huge thanks to Mason (from @vector35) and @trufae (@radareorg) for their invaluable feedback's during development.
https://t.co/wFuzChcMvq
What sets BRS apart is its flexibility and transparency. It is configured through product-, organization-, or ecosystem-specific risk profiles and is built to incorporate a wide range of existing metrics.
Relying on a single metric like CVSS or EPSS can miss critical product or organizational context. BRS brings consistency to comparing different risks, such as a known high-severity vulnerability with a PoC versus a potential zero-day.
Why create another metric? Traditional scoring systems are often rigid, opaque, and narrow in scope. They may not reflect product-specific requirements, differences across ecosystems such as firmware and cloud containers, or the realities of an evolving threat landscape.
Last Seen Users on Sotwe
ziimbaa 🇯🇲
Seen from Norway
🔞 Kastamonu itiraf🔞 eski hesap(gizliiitiraflar)
Seen from Singapore
👑Moofus👑
Seen from United States
Satine ✨
Seen from France
The Queen of Wheeze 🌹
Seen from Korea
salim
Seen from Algeria
Wanana(湛江
Seen from Turkey
نيك سوداني
selen
Seen from Germany
ดาริล
Seen from Thailand
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers