@twomikecharlie I haven't used WinDbg TTD in a remote setup, so idk if that works. With esReverse (formerly REVEN) you can do full-system TTD with Windows targets:

https://eshard.com/esreven

@sadarex @GossiTheDog Ummm OK, so a newly created dept can take away money from DHS bypassing congress/senate/president? And this is constitutional? o.O

@twomikecharlie On Windows I'd just use WinDbg's TTD (or REVEN).

@twomikecharlie This is still Linux, I'm debugging loadlibrary: https://github.com/taviso/loadlibrary/

@GossiTheDog Excuse my EU ignorance, but what authority does DOGE have over random agencies HR decisions?

Fun fact: you can attach to the gdbserver exposed by #rr and do #TimeTravelDebugging from #Ghidra :)

UX is similar to ret-sync.

#OnThisDay, 8 Apr 1959, Mary K Hawes initiates a project to create the first universal programming language for computers used by businesses and government. Grace Hopper led the team that then created COBOL. Some mainframes are still using it.

#WomenInHistory #OTD #History #WomensHistory #WomenInSTEM #Histodons

Spring has sprung. Birds are singing, flower buds are budding and the #DEFCON33 website is open for business. Bookmark https://defcon.org/html/defcon-33/dc-33-index.html for all the latest info on everything #DC33. August will be here before you know it and you’ll want to be in the loop as things develop.

Stay in touch, and we’ll see you at #defcon.

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75a1a737c

match

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a1a737c.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a1a737c.json&colors=light

@mdfranz Gitea is great!

Apparently Bugcrowd was not pwned, they just try to roll out mandatory MFA:

https://www.bugcrowd.com/blog/bugcrowd-security-update-password-reset-and-mfa-requirement/

Scientists still struggle to come up with a way how this information could be included in the password reset mails they sent out, we’ll keep you updated about any breakthroughs!

h/t @raptor

@raptor Ugh, that's some terrible communication, thanks for the info!

[RSS] 'ToddyCat' Hackers Exploit ESET Antivirus Flaw to Bypass Windows Security

https://cyberinsider.com/toddycat-hackers-exploit-eset-antivirus-flaw-to-bypass-windows-security/

Spoiler: version.dll strikes again...

Interesting talk on designing low-bit floating point number systems. Imagine you have 6-bits, using IEEE754 would you want to waste 6 of your codes for different NaNs? Do you really need two zeros? How about adding ±∞ or does saturating to ±FLT_MAX work for you use case? You can upconvert to Binary32 or Binary64 to do math operations, but which one gives you the better conversion when re-packing back down to 6-bits?

IEEE working group P3109 has the goods.

https://www.ac.uma.es/arith2024/slides/keynote1.pdf

So Bugcrowd got pwned or what?

OH: it's a nice conditional jump you have here. it would be a shame if something happened to it

Here is another #NameThatWare challenge. While I know what the device does, I was not able to identify much of the components on the circuit board. Quite sure I could not solve this challenge myself.

So far I have not been able to identify
* the microcontroller
* the silver can on the top right
* any datecode

As always, please write down your deductions and guesses behind a CW to not spoil it for others.

At @recon , @nicolodev and I discuss the current state of MBA (de)obfuscation and their applications. We’ll also introduce a new #BinaryNinja plugin for simplifying MBAs in the decompiler.

Details: https://cfp.recon.cx/recon-2025/featured/

I'll also give a training: https://recon.cx/2025/trainingSoftwareDeobfuscationTechniques.html

#reverseengineering #malware

@dey My educated guess is the bank didn't even get the request from the gov system...