Tickling VMProtect with LLVM: Part 1-3 by Matteo secret.club/2021/09/08/vmp…

I was given the opportunity by @ByfronTech to analyze their current work w/ Can Bölük. I could see it competing with if not overtaking some of the solutions on the market. Outstanding work by the engineers behind it, and it isn't even done yet. byfron.com

They literally started using the name Pluton again with no shame... It's hilarious to me what the consumers are willing to trade for a fancy (yet unusable) UI from a company that refuses to update its previous generation scheduler just to make people switch. </rant>

Happy to release a neat little plugin for IDA Pro! Bitfield and bitflag accesses have been an annoyance that requires another window open and constant fiddling. You can now fix that with just a few key presses! github.com/JustasMasiulis…

David Weston (DWIZZZLE) I thought you said this wasn't for drm? 🤥

I had an inquiry about ACPI checks, and decided to run through how they work and how to mitigate them on VMware and QEMU. It's a quick and dirty write-up, so excuse the brevity. revers.engineering/evading-trivia…

We’ve just published another great Plugin Focus article! Can Bölük ( Can Bölük ) introduces his NtRays plugin for automated simplification of Windows Kernel decompilation. Read more 🌐 hex-rays.com/blog/plugin-fo… #IDAPro #IDAPython #IDAPlugin #NtRays

> Want to reverse engineer notepad.exe for lulz to figure out what hotkey is toggling right-to-left reading order because I keep hitting it accidentally > MBA obfuscated imports

Europe is maybe two months from passing laws that end private communication as we know it, and folks are looking the other way (understandably.) You’re not going to get a do-over once these laws are passed.

A preprint of my paper "Deobfuscation of Semi-Linear Mixed Boolean-Arithmetic Expressions" (arxiv.org/abs/2406.10016) is now available. This work extends algebraic MBA deobfuscation techniques to handle semi-linear MBAs - a class that existing techniques struggle with.

Excited to share my latest article: PgC - a novel approach to disable Patchguard during runtime using basic memory management principles. It has worked against every version of Patchguard for the last 7 years, without needing any updates! blog.can.ac/2024/06/28/pgc…

It's official: I'm co-founding zystem Inc, building a new continuous profiling platform called zymtrace. The idea is to take "whole system" one step further to also cover CUDA/GPU/ML workloads. We also see a looot of unrealized potential left in CPU profiling. [1/n]