Twitter | Pretraživanje | |
Joel Höner
InfoSec. I build stuff that breaks stuff. Co-creator of the Zydis lib, IDASkins and more. Also interested in quantitative finance.
45
Tweetovi
32
Pratim
191
Osobe koje vas prate
Tweetovi
Joel Höner 9. sij
Odgovor korisniku/ci @athre0z
Looks like the idea originated here:
Reply Retweet Označi sa "sviđa mi se"
Joel Höner 9. sij
Using AES-NI as a blazing fast non-cryptographic hash function.. this is absolutely genius.
Reply Retweet Označi sa "sviđa mi se"
Joel Höner 11. pro
Odgovor korisniku/ci @osxreverser
Unfortunately, MacPorts' GCC is currently broken so I can't test that -- guess I should build a Dockerfile for better comparability.
Reply Retweet Označi sa "sviđa mi se"
Joel Höner 11. pro
Odgovor korisniku/ci @osxreverser
Interesting. I re-ran the benchmark on my MBP (2016, i5, 10.15, AppleClang) and there is indeed a noticeable improvement in DiStorm's performance -- on my machine™, it is now ever so slightly behind zydis-min.
Reply Retweet Označi sa "sviđa mi se"
Joel Höner 11. pro
Odgovor korisniku/ci @osxreverser
Yeah, that also kind of surprised me, but not enough to really look into it. Feel free to reproduce, all scripts are provided for that reason. Perhaps that Apple Clang version is just really old. Or I messed up some flags, who knows.
Reply Retweet Označi sa "sviđa mi se"
Joel Höner 17. stu
Hacked together a small tool that allows importing Linux perf traces into IDA:
Reply Retweet Označi sa "sviđa mi se"
Joel Höner 31. lis
Odgovor korisniku/ci @trailofbits
We'll definitely look into replacing our current custom diff tools with mishegos -- great work!
Reply Retweet Označi sa "sviđa mi se"
Joel Höner 31. lis
Odgovor korisniku/ci @trailofbits
I think part of the reason why Zydis did comparably well on this is because diffing against other libs is already an important part of our workflow. Our approach is a lot cruder though, just a C diffing tool per lib + /dev/urand + GNU/Parallel.
Reply Retweet Označi sa "sviđa mi se"
Joel Höner proslijedio/la je tweet
Trail of Bits 31. lis
Destroying x86_64 instruction decoders with differential fuzzing
Reply Retweet Označi sa "sviđa mi se"
Joel Höner 2. lis
Zydis v3.0 is now final! v2.x will receive security fixes until 2021, but no new features. HF!
Reply Retweet Označi sa "sviđa mi se"
Joel Höner 29. ruj
Odgovor korisniku/ci @gsuberland
Once had something very similar. Unexpected shutdown corrupted something in my EFI FAT part that sent the UEFI FAT DXE into an infinite loop. Unplugging all drives & booting a stick resolved the issue. Not sure if that counts as an "obvious troubleshooting step".
Reply Retweet Označi sa "sviđa mi se"
Joel Höner 3. ruj
Odgovor korisniku/ci @JonathanWHendry @thegrugq @bl4sty
That would be my first blacklist entry as well. It's beyond me why Google would allow a single website to dominate the majority of their image search with thumbnails behind a login barrier. I do feel like they have reduced it in the past few months though.
Reply Retweet Označi sa "sviđa mi se"
Joel Höner 21. kol
Odgovor korisniku/ci @halvarflake
Fun-fact: disassembling libxul is our go-to benchmark for testing Zydis perf. Whole code section takes ~1s with full decoding and ~0.4s in minimal mode. But I guess you are looking for something interactive along the lines of IDA / GHIDRA?
Reply Retweet Označi sa "sviđa mi se"
Joel Höner 20. kol
Odgovor korisniku/ci @idatips @lichtlos @jinmo123
If plans to maintain that plugin in the longer term, I feel like migrating the themes to idapkg would be best! :)
Reply Retweet Označi sa "sviđa mi se"
Joel Höner 4. kol
If you're a Gopher in need of a disassembler lib for X86-64: published some really solid Golang bindings for Zydis today, check them out!
Reply Retweet Označi sa "sviđa mi se"
Joel Höner 23. srp
Odgovor korisniku/ci @athre0z
Obviously, false positives would be .. quite bad.
Reply Retweet Označi sa "sviđa mi se"
Joel Höner 23. srp
What if Google and other free mail providers used ML models such as GPT-2 to automatically act interested towards each and every mail detected to be a "Nigerian prince" scheme? It'd kill the whole scheme within 24h.
Reply Retweet Označi sa "sviđa mi se"
Joel Höner 4. lip
Odgovor korisniku/ci @ilfak
In case you have something like a theme selector and not just a boolean dark theme option, feel free to include any themes you like from IDASkins. Since it's now built-in, I'll probably shelve the plugin.
Reply Retweet Označi sa "sviđa mi se"
Joel Höner 25. svi
Just released IDASkins v2.1.0, featuring a neat new VSCode inspired dark theme! All important changes contributed by GitHub user "Jinmo"!
Reply Retweet Označi sa "sviđa mi se"
Joel Höner 22. svi
Odgovor korisniku/ci @halvarflake @_onurmutlu_
Very interesting! Just recently I was ranting with a buddy that the current architecture of mem{cpy,set} funcs is absurdly inefficient, shoveling data back and forth rather than just having an insn telling the RAM to "fill n bytes at x / copy x to z". Addressed in this paper!
Reply Retweet Označi sa "sviđa mi se"