|
Joel Höner
@
athre0z
Germany
|
|
InfoSec. I build stuff that breaks stuff. Co-creator of the Zydis lib, IDASkins and more. Also interested in quantitative finance.
|
|
|
45
Tweetovi
|
32
Pratim
|
191
Osobe koje vas prate
|
| Tweetovi |
|
Joel Höner
@athre0z
|
9. sij |
|
Looks like the idea originated here: github.com/cmuratori/meow…
|
||
|
|
||
|
Joel Höner
@athre0z
|
9. sij |
|
Using AES-NI as a blazing fast non-cryptographic hash function.. this is absolutely genius. github.com/tkaitchuck/aHa…
|
||
|
|
||
|
Joel Höner
@athre0z
|
11. pro |
|
Unfortunately, MacPorts' GCC is currently broken so I can't test that -- guess I should build a Dockerfile for better comparability.
|
||
|
|
||
|
Joel Höner
@athre0z
|
11. pro |
|
Interesting. I re-ran the benchmark on my MBP (2016, i5, 10.15, AppleClang) and there is indeed a noticeable improvement in DiStorm's performance -- on my machine™, it is now ever so slightly behind zydis-min.
|
||
|
|
||
|
Joel Höner
@athre0z
|
11. pro |
|
Yeah, that also kind of surprised me, but not enough to really look into it. Feel free to reproduce, all scripts are provided for that reason. Perhaps that Apple Clang version is just really old. Or I messed up some flags, who knows.
|
||
|
|
||
|
Joel Höner
@athre0z
|
17. stu |
|
Hacked together a small tool that allows importing Linux perf traces into IDA: github.com/athre0z/idaperf pic.twitter.com/KTUNxEk8Mu
|
||
|
|
||
|
Joel Höner
@athre0z
|
31. lis |
|
We'll definitely look into replacing our current custom diff tools with mishegos -- great work!
|
||
|
|
||
|
Joel Höner
@athre0z
|
31. lis |
|
I think part of the reason why Zydis did comparably well on this is because diffing against other libs is already an important part of our workflow. Our approach is a lot cruder though, just a C diffing tool per lib + /dev/urand + GNU/Parallel.
|
||
|
|
||
| Joel Höner proslijedio/la je tweet | ||
|
Trail of Bits
@trailofbits
|
31. lis |
|
Destroying x86_64 instruction decoders with differential fuzzing blog.trailofbits.com/2019/10/31/des… pic.twitter.com/HBha70fQEx
|
||
|
|
||
|
Joel Höner
@athre0z
|
2. lis |
|
Zydis v3.0 is now final! v2.x will receive security fixes until 2021, but no new features. HF! github.com/zyantific/zydi…
|
||
|
|
||
|
Joel Höner
@athre0z
|
29. ruj |
|
Once had something very similar. Unexpected shutdown corrupted something in my EFI FAT part that sent the UEFI FAT DXE into an infinite loop. Unplugging all drives & booting a stick resolved the issue. Not sure if that counts as an "obvious troubleshooting step".
|
||
|
|
||
|
Joel Höner
@athre0z
|
3. ruj |
|
That would be my first blacklist entry as well. It's beyond me why Google would allow a single website to dominate the majority of their image search with thumbnails behind a login barrier. I do feel like they have reduced it in the past few months though.
|
||
|
|
||
|
Joel Höner
@athre0z
|
21. kol |
|
Fun-fact: disassembling libxul is our go-to benchmark for testing Zydis perf. Whole code section takes ~1s with full decoding and ~0.4s in minimal mode. But I guess you are looking for something interactive along the lines of IDA / GHIDRA?
|
||
|
|
||
|
Joel Höner
@athre0z
|
20. kol |
|
If @jinmo123 plans to maintain that plugin in the longer term, I feel like migrating the themes to idapkg would be best! :)
|
||
|
|
||
|
Joel Höner
@athre0z
|
4. kol |
|
If you're a Gopher in need of a disassembler lib for X86-64: @jpap published some really solid Golang bindings for Zydis today, check them out! github.com/jpap/go-zydis
|
||
|
|
||
|
Joel Höner
@athre0z
|
23. srp |
|
Obviously, false positives would be .. quite bad.
|
||
|
|
||
|
Joel Höner
@athre0z
|
23. srp |
|
What if Google and other free mail providers used ML models such as GPT-2 to automatically act interested towards each and every mail detected to be a "Nigerian prince" scheme? It'd kill the whole scheme within 24h.
|
||
|
|
||
|
Joel Höner
@athre0z
|
4. lip |
|
In case you have something like a theme selector and not just a boolean dark theme option, feel free to include any themes you like from IDASkins. Since it's now built-in, I'll probably shelve the plugin. github.com/zyantific/IDAS…
|
||
|
|
||
|
Joel Höner
@athre0z
|
25. svi |
|
Just released IDASkins v2.1.0, featuring a neat new VSCode inspired dark theme! All important changes contributed by GitHub user "Jinmo"! #idaskins
github.com/zyantific/IDAS… pic.twitter.com/skntkAiabE
|
||
|
|
||
|
Joel Höner
@athre0z
|
22. svi |
|
Very interesting! Just recently I was ranting with a buddy that the current architecture of mem{cpy,set} funcs is absurdly inefficient, shoveling data back and forth rather than just having an insn telling the RAM to "fill n bytes at x / copy x to z". Addressed in this paper!
|
||
|
|
||