I love programs with anti-debuger checks. By definition, the people you're "stopping" from debugging your program are the same ones who have the tools to delete your debugger check.

It's like specifically locking a door to keep lockpickers out

My friends at Ravenfortech wrote an introductory #malwareanalysis post on the INC #Ransomware:

https://translate.kagi.com/https://scribe.rip/@ravenfortech/inc-ransomware-elemz%C3%A9s-a909b5aed114

This gang recently pwned the Hungarian company responsible for military procurement (VBÜ) and now selling the data for $1M.

https://444.hu/2024/12/01/visszakerultek-a-netre-a-vedelmi-beszerzesi-ugynokseg-ellopott-adatai-egymillio-dollarrol-indul-a-licit

Based on the analysis the malware is very simple. INC uses 2023 CitrixBleed (2023) and spear phishing for initial access:

https://www.sentinelone.com/anthology/inc-ransom/

This doesn’t paint a picture of mature security at VBÜ to say the least…

I've started a page listing for many fields (physics, computing, biology, history..) the most Totemic Books. The ones that are central to the field, the books you wished you had learned about earlier. The work no one in a field can do without. Please send me your suggestions so we can share the love more broadly! https://berthub.eu/articles/posts/totemic-books-for-many-fields/

Turbo Pascal turns 41. who here remembers this one?

@pancake @joxean To be fair the issue I brought up only comes up during more "low-level" development (specifically Processor modules), certainly not during scripting. With Python scripts you can just configure a script directory and write your scripts there with any editor, and you can even fire up a headless instance from some vim command to run it. Java is more cumbersome (as Java usually is) but one of my side-quests is to document how to set up a proper devenv for it.

@zdl absolutely agree, it's so incredibly depressing to think that some of the best and brightest people in western societies are working on shit like ads and user trackers that's at best useless, and at worst actively harmful to society. It's just such a phenomenal misallocation of talent.

@pancake Now that I think about it, IIRC this is also related to the certification.manifest issue I described in the other post: it seems like a way to ensure that no intellectual property of dubious origin ends up in the code. You have to explicitly state that new files are OK to be included in the project (kind of an inverse .gitignore).

[RSS] Don't Be a CVE Dummy

https://jericho.blog/2024/11/28/dont-be-a-cve-dummy/

"So please, if you are writing documentation and need to use dummy CVE identifiers, please use one of the ones MITRE designated a decade ago"

/cc @molly0xfff

No camel can perish on the Hungarian internet

https://translate.kagi.com/https://telex.hu/after/2024/11/29/teveclub-nevelde-jatekok-juhasz-balazs-illovszky-viktor

#neopets #sunday

If you are planning to learn Zig via Advent of Code this year, I highly recommend the tips from @kristoff 's blog post:

https://kristoff.it/blog/advent-of-code-zig/

Can someone send me the (untruncated) output of ioreg on an M4 MacBook/Mac Mini?

In other news, enough RE tool dev for today…

It is just natural that in #Ghidra #Sleigh “The [operand] identifier must appear in the [bit pattern section] as if it were a term in a sequence of constraints but without the operator and right-hand side of the constraint.”, see section 7.4.3:

https://scrapco.de/ghidra_docs/GhidraDocs/languages/html/sleigh_constructors.html

But it seems, you can’t use the identifier in the display of the instruction if it’s part of a constraint.

Error: “wrong type (should be family) in pattern equation”

Why is that?!

(Workaround: define an alias token for the same bits and use that in display)

If a #Ghidra build throws an error similar to:

“No IP found for $slaspec in module: $dir”

You have to extend the certification.manifest file in $dir.

If you use #vim to edit #Ghidra sources, beware that some build scripts try to handle all files in a directory, so .swp’s can cause build errors.

#ProTIp

(Neovim stores swap files under your config directory by default, so the situation is better there)

I've just subscribed to MDN Plus, perhaps the most valuable resource for #WebDev, browser extensions & #developers in general, which I've used for free so many years. Stepped up to paid subscription as a small thanks to @mozilla , and also to unlock the offline premium feature

https://developer.mozilla.org/en-US/

1 little known secret of ShellExec_RunDLL

https://www.hexacorn.com/blog/2024/11/30/1-little-known-secret-of-shellexec_rundll/

#lolbin

[RSS] Assessing the attack complexity of a race condition security vulnerability

https://devblogs.microsoft.com/oldnewthing/20241129-00/?p=110588

Luke and Leia take center stage in this vibrant panel of Budapest’s Star Wars mural by Rawman, CSM, Little Mejo, and Time.