Tweets

Você bloqueou @williballenthin

Tem certeza de que deseja ver estes Tweets? Visualizar os Tweets não desbloqueará @williballenthin

  1. retweetou
    há 8 horas

    It's here! Ghidra source code released: This is an ongoing, supported project from . Looking forward to seeing the continued advancements and the innovation that occurs from the release.

    Desfazer
  2. retweetou
    1 de abr

    just released my first crate ! A parser for the Windows XML Event Log (EVTX) format. Was such a breeze to write, and the performance is ripping fast!

    Desfazer
  3. 28 de mar
    Desfazer
  4. 28 de mar

    whoa, that's some python wizardry right there

    Desfazer
  5. 27 de mar
    Desfazer
  6. retweetou
    24 de mar

    Beagle accelerates incident response by transforming security data (e.g Sysmon logs or memory) from hosts into graphs. Includes a web interface to generate and analyze graphs. See it live Friday at .

    Mostrar esta sequência
    Desfazer
  7. retweetou
    24 de mar

    Committed a small change to ‘s excellent EVTXtract tool recently, to make outputting each event to its own file possible. No more grepping through 100mb text files!

    Desfazer
  8. retweetou
    21 de mar

    The slides of our Troopers talk ( and I) called "No more dumb hex!" are available.

    Mostrar esta sequência
    Desfazer
  9. retweetou
    17 de mar

    The second post about parsing WebAssembly with ghidra is ready. I describe how to write loader, parse binary format and display it in human readable form.

    Desfazer
  10. retweetou
    12 de mar

    A cool exposé of a approach to algorithmic clustering of threat groups. This blog is a fun and digestible intro into challenges and solutions in the threat research and threat intel spaces. We use this toolset on a daily basis.

    Desfazer
  11. 12 de mar

    Fascinating dataset and neat ideas in here: "Clustering and associating attacker activity at scale"

    Desfazer
  12. retweetou
    11 de mar

    I've published the first part of the article series about writing module parsing WebAssembly for . (To solve one of the challenges). The article describes how to set up environment and write a simple module verifying format.

    Desfazer
  13. 7 de mar

    . has a 5 petabyte n-gram index and I'd be fascinated to know how's it's architected. Anyone have thoughts/pointers?

    Desfazer
  14. 6 de mar

    GHIDRA does a nice job of parsing PE header fields, including Rich headers

    Desfazer
  15. 6 de mar

    does GHIDRA support a headless/batch mode?

    Desfazer
  16. retweetou
    27 de fev

    New blog post is out: It's an interesting mix: ✔ Sneaker bots ✔ Tcl ✔ Modified legitimate software ✔ Hundreds of .ed files

    Desfazer
  17. 20 de fev

    aww, conficker connectivity check domains are so cute

    Desfazer
  18. 11 de fev

    This article on parsing PE files by is particularly good. Includes Windows structures inline and has clear, insightful commentary about interpretation. Also, it wasn't written in 1996.

    Desfazer
  19. 11 de fev

    ok, creating this rule *is* feasible. but can it be done elegantly? get your answers in and i'll share my best solution in a couple hours after dinner.

    Mostrar esta sequência
    Desfazer
  20. 11 de fev

    can almost use `pe.section_index(...)`; however, in file-mode, this accept file offsets, not RVAs:

    Mostrar esta sequência
    Desfazer

O carregamento parece estar demorando.

O Twitter deve estar sobrecarregado ou passando por algum problema momentâneo. Tente novamente ou acesse o Status do Twitterpara obter mais informações.

    Você também pode gostar

    ·