#idatips Ever get a pointer to the middle of a struct? Just add the __shifted keyword to the variable's type definition!

w00t! Nice work Synacktiv team, with 2 talks selected at SSTIC: - How to design a baseband debugger, by David B and Karion - Scoop the Windows 10 Pool, by cbayet and paulfariello ✏️

Massive shout out to the Riot security team for giving us support during these times: riotgames.com/en/news/a-mess… If you find any issues with Vanguard, please reach out to us on hackerone.com/riot We care about security and privacy too!

If you need to debug a Linux kernel Hyper-V guest check out github.com/weltling/convey. Allows you to kernel debug the guest from WSL on the host which is neat.

I've cleaned up and pushed SiC, a utility to find shared memory mappings on Windows github.com/0vercl0k/sic

If you like to play with x86, I just found this useful website: asmjit.com/asmgrid/

All Your Base Are [Still] Belong To Us: Fuzzing Modern UDP Game Protocols With Snapshot-based Fuzzers blog.ret2.io/2021/07/21/wtf…

Resym - Cross-platform tool that allows browsing and extracting C and C++ type declarations from PDB files. This is the first release (0.1.0). Still minimalistic but feel free to try it out: github.com/ergrelet/resym

Solution of the NorthSec 2018 MarsAnalytica challenge. Another example of analyzing a virtual machine and a methodology example when analyzing a big binary with Triton. github.com/JonathanSalwan…

Zydis v4.0.0-rc.1 including the new encoder is out now! Unless there are any major complaints, we expect to release the final in the next few weeks. Last chance to request breaking API changes before v5.0! github.com/zyantific/zydi…

Version 0.3.0 of resym is out! This release focused mainly on C and C++ type reconstruction improvements, many bugs are gone thanks to great contributions from Andrew Miller, xarkes and Duncan Ogilvie 🍍! Full changelog here: github.com/ergrelet/resym…

WinDiff - Browse and compare exports, debug symbols and debug types of PEs between Windows versions. WinDiff is a streamlined revamp of ntdiff, wired directly to Winbindex to fetch Windows updates and PEs automatically. App: windiff.vercel.app Repo: github.com/ergrelet/windi…

Following the recent update of Winbindex, WinDiff now also fetches the latest Windows 11 Insider Preview builds! Enjoy!😊 Thanks Michael Maltsev for all the work done on Winbindex! App: windiff.vercel.app Repo: github.com/ergrelet/windi…

Unlicense 0.4.0 is out! This release is long overdue but here it is. Many bug fixes, including some for Themida/WinLicense 3.1.4.x. Full changelog and download here: github.com/ergrelet/unlic…

Do you wish Time Travel Debugging was faster and more lightweight? Our latest version lets you decide exactly what you want recorded! Select modules to record or use the API for full control. Get your recording just the way you like it. Crusts optional. aka.ms/ttd

Manfred Paul’s Firefox renderer bug is a beauty that takes advantage of an optimisation implemented just 3 months ago. Let’s break it down!

🦀 Crate release for disassembling Dalvik bytecode! 🔭 APK decompilers fell short, so we wrote this library to create a graphview with accurate exception handling and control flow semantics. margin.re/2024/05/dalvik…

The slides and the code for my REcon talk “Seeing Through Themida’s Code Mutation” are available: - Slides: github.com/ergrelet/themi… - Deobfuscator Code: github.com/ergrelet/themi…

Themida Spotter - A Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer’s obfuscated code locations. Can be useful to quickly find mutated and virtualized functions in a binary. Link: github.com/ergrelet/themi…

Oh hey! My last R&D project at quarkslab is finally out. :D tl.dr. playing with the Steam Deck is fun <3 (i.e. UEFI exploit w/ super limited primitives) blog.quarkslab.com/being-overlord…