Reversing an (unpacked) Prometei binary with r2 and AI — Part TwoThanks to Joan Calvet and Gabriel Hung, we unpacked the Prometei binary of Part One, and now have an ELF…5d ago5d ago
Reversing a Prometei botnet binary with r2 and AI (Part One)I’ve just laid my hands on a new malicious sample of February 2, 2025 (1 week ago). It is detected as Linux/Prometei.B. I’m going to…Feb 7Feb 7
Cracking my own CrackMe with r2aiRecently, I viewed the excellent “Cracking binaries with r2ai visual mode” by Daniel Nakov, at r2con 2024. In September 2024, I had tried…Jan 6Jan 6
Creating inefficient IT, or hiding our own inefficiency behind ITWe, humans, normally have brains, and a heart, and we should use them more.Oct 16, 2024Oct 16, 2024
The Next Generation Conference FormatI have now been attending conference for … hum … several decades and I believe the traditional format of 30, 40 or 50-minute talks should…Oct 4, 2024Oct 4, 2024
Arguments descriptor arrays in DartWhile reading Dart assembly, you may have noticed lines such as the following:Sep 19, 20241Sep 19, 20241
Using AI-assisted decompilation of Radare2A few months ago, Radare2 (aka r2), an open source disassembler which can be entirely used by command line, started implementing AI plugins…Sep 17, 2024Sep 17, 2024
Dart shifts to standard calling conventionUp until Dart SDK v3.4.0, Dart was using an uncommon calling convention where all arguments for a function were passed on the stack [see my…Jul 19, 2024Jul 19, 2024
Untangling Android/TangleBotWe dig in a malicious sample of Android/TangleBot of May 2024. TangleBot is also reported as a BankBot, although it is more an Android RAT…Jul 12, 20241Jul 12, 20241
On the security of Google SecretsGoogle Secrets Gradle plugin is “for providing your secrets securely to your Android project”. I would like to make it clear in this…Jul 11, 2024Jul 11, 2024