OK I think this (via @cR0w) deserves some more attention ( #CrowdStrike CVE-2025-1146):

https://www.crowdstrike.com/security-advisories/cve-2025-1146/

In short, Crowd Strike agents on Linux can be MitM'd when they connect to their mothership (CS cloud).

My first Q is: what exactly is delivered to Falcon sensors from the CS cloud?

I present my second Q as a meme for higher reach:

@krypt3ia The broccoli head generation is finally taking over

Buy AV to prevent AI-induced foot necrosis?

Now this is what I call proper IDE experience!

As you can see, debugging #Ghidra works like a charm in IDEA, and the configuration is 15 lines of XML without hardcoded paths*:

https://github.com/radareorg/ghidra-r2web/blob/master/GhidraR2Web/.idea/runConfigurations/RunGhidra.xml

* You have to set a single Path Variable in your IDEA instance to specify the location of your Ghidra installation

It seems my Java debugging struggles are in part explained by the fact that in VSCode breakpoints can't be configured to pause all threads (it's always threads, right?):

https://github.com/microsoft/vscode-java-debug/issues/722

I also have to manually dig up the paused thread, there I can find the locals but still don't have visual indication about where exactly my code is paused...

The first lesson of using #Ghidra's generated VSCode project is that I'm a VSCode n00b :P Lessons so far:

1) You'll need the Extension Pack for Java (from MS, not Oracle's crap!)
2) Ghidra launch configurations are available under the "bug with play button" sidebar icon
+1) Directory/workspace names are not necessarily valid Java package names, but Ghidra generates the code and the fs structure anyway

Now I'm trying to figure out why the sample code is not actually loaded to Ghidra when debugging...

Tech-Fedi

Burp Suite should really just fuck off with it's latest "Would you recommend this product" bullshit!

This supposed to be a professional tool (that users pay for btw) not a fucking marketing platform.

/cc @albinowax

@mumblegrepper

@tmr232 Also

@tmr232 Part of my plan is to run comparative tests, but dealing with the tooling currently feels like this

@skeletor

@cR0w

@krypt3ia

@tychotithonus @stf Inverse example :)

The last couple of days I worked with @tmr232 to bring binaries to his @cfgbot.

Here's my script to export CFG's in DOT and JSON formats from #Ghidra:

https://github.com/v-p-b/ghidra-graph-export

I also exported the latest Microsoft Defender and openssl binaries:

https://github.com/v-p-b/ghidra-function-graph-datasets

... so you can enjoy Absolute Units like:

https://tmr232.github.io/function-graph-overview/render/?graph=https://gist.githubusercontent.com/v-p-b/67d63235089a02888d0bb0159181534a/raw/2799461034b0c0d6fff2051868d56370962965eb/netvm_emulate.json

Like and subscribe:

https://mastodon.social/@cfgbot
https://bsky.app/profile/cfgbot.bsky.social

@th @derPUPE

@dangoodin @tychotithonus Thanks, I tried that, but problem is I'm on Linux that is apparently not compatible with passkeys, so I can't even add a security key.

ghidra-r2web is a project to expose the functionality of #Ghidra to #radare2. After some compatibility fixes I refactored the original Ghidra script into a plugin for better integration and maintainability:

https://github.com/radareorg/ghidra-r2web/tree/master/GhidraR2Web

As I don't have much experience with r2 I can only rely on feature requests to add functionality that makes sense, so please use the issue tracker liberally!

IMO this is also a great opportunity to discuss possible improvements of the r2web protocol to support more integrations.

/cc @pancake

@Sempf