shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

285
active users

#reversing

1 post1 participant0 posts today
☮ ♥ ♬ 🧑‍💻<p>Day 32 🗳️💨</p><p>Things are coming in thick and fast today, so I’ll try to summarise the major themes. </p><p>No Policies of the <a href="https://ioc.exchange/tags/Liberal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Liberal</span></a>, <a href="https://ioc.exchange/tags/LNP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LNP</span></a> and <a href="https://ioc.exchange/tags/Coalition" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Coalition</span></a>. </p><p><a href="https://ioc.exchange/tags/AngusTaylor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AngusTaylor</span></a> (Opposition Treasurer, Liberal) hands in his <a href="https://ioc.exchange/tags/Economics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Economics</span></a> homework late, it’s got problems. </p><p>A 🎃 derivative that is toxic ☢️</p><p>“A Coalition government would drive the <a href="https://ioc.exchange/tags/budget" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>budget</span></a> deeper into <a href="https://ioc.exchange/tags/deficit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>deficit</span></a> over the coming two years, as the shadow finance minister, <a href="https://ioc.exchange/tags/JaneHume" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JaneHume</span></a>, insisted her party’s plan to save $17.2bn by <a href="https://ioc.exchange/tags/slashing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>slashing</span></a> the number of <a href="https://ioc.exchange/tags/Canberra" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Canberra</span></a>-based <a href="https://ioc.exchange/tags/PublicServants" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PublicServants</span></a> by 41,000 through “natural attrition” was achievable.”</p><p>If returned to power, the Coalition would gut a long list of environment and clean energy programs, including <a href="https://ioc.exchange/tags/scrapping" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scrapping</span></a> the <a href="https://ioc.exchange/tags/NetZero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetZero</span></a> <a href="https://ioc.exchange/tags/Economy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Economy</span></a> <a href="https://ioc.exchange/tags/Agency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Agency</span></a>, reversing Labor’s <a href="https://ioc.exchange/tags/TaxBreaks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TaxBreaks</span></a> for <a href="https://ioc.exchange/tags/ElectricVehicles" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ElectricVehicles</span></a>, and redirecting money slated for the <a href="https://ioc.exchange/tags/HomeBatteries" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HomeBatteries</span></a> program.</p><p><a href="https://ioc.exchange/tags/Reversing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Reversing</span></a> tax incentives for green hydrogen would save $1.5bn over four years, and not proceeding with Labor’s critical mineral production tax credits would save $1.2bn, the Coalition’s election policy costings show.”</p><p><a href="https://ioc.exchange/tags/AusPol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AusPol</span></a> / <a href="https://ioc.exchange/tags/treasury" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>treasury</span></a> / <a href="https://ioc.exchange/tags/costings" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>costings</span></a> / <a href="https://ioc.exchange/tags/economy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>economy</span></a> / <a href="https://ioc.exchange/tags/future" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>future</span></a> &lt;<a href="https://www.theguardian.com/australia-news/2025/may/01/coalition-costings-federal-election-promises-larger-deficit-cut-foreign-aid-environment-clean-energy" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theguardian.com/australia-news</span><span class="invisible">/2025/may/01/coalition-costings-federal-election-promises-larger-deficit-cut-foreign-aid-environment-clean-energy</span></a>&gt;</p>
Alexandre Borges<p>DEFCON 33 CTF Write-Up Series #1: jxl4fun2 (pwn):</p><p><a href="https://blog.cykor.kr/2025/04/DEFCON-33-Series-jxl4fun-pwn" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.cykor.kr/2025/04/DEFCON-3</span><span class="invisible">3-Series-jxl4fun-pwn</span></a></p><p>DEFCON 33 CTF Write-Up Series #2: tinii (rev):</p><p><a href="https://blog.cykor.kr/2025/04/DEFCON-33-Series-tinii" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.cykor.kr/2025/04/DEFCON-3</span><span class="invisible">3-Series-tinii</span></a></p><p><a href="https://infosec.exchange/tags/ctf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ctf</span></a> <a href="https://infosec.exchange/tags/defcon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>defcon</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/reversing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reversing</span></a></p>
Volexity :verified:<p>In the course of its investigations, <span class="h-card" translate="no"><a href="https://infosec.exchange/@volexity" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>volexity</span></a></span> frequently encounters malware samples written in Golang. This reflects the increase in popularity of the Golang generally, and presents challenges to reverse engineering tools.<br>&nbsp;<br>Today, <span class="h-card" translate="no"><a href="https://infosec.exchange/@volexity" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>volexity</span></a></span> is releasing GoResolver, open-source tooling to help reverse engineers understand obfuscated samples. <span class="h-card" translate="no"><a href="https://infosec.exchange/@r00tbsd" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>r00tbsd</span></a></span> &amp; Killian Raimbaud presented details at INCYBER Forum earlier today.<br>&nbsp;<br>GoResolver uses control-flow graph similarity to identify library code in obfuscated code, leaving analysts with only malware functions to analyze. This saves time &amp; speeds up investigations!<br>&nbsp;<br>Check out the blog post on how GoResolver works and where to download it: <a href="https://www.volexity.com/blog/2025/04/01/goresolver-using-control-flow-graph-similarity-to-deobfuscate-golang-binaries-automatically/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">volexity.com/blog/2025/04/01/g</span><span class="invisible">oresolver-using-control-flow-graph-similarity-to-deobfuscate-golang-binaries-automatically/</span></a><br>&nbsp;<br><a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dfir</span></a> <a href="https://infosec.exchange/tags/reversing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reversing</span></a> <a href="https://infosec.exchange/tags/malwareanalysis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malwareanalysis</span></a></p>
Alexandre Borges<p>Hacking the Xbox 360 Hypervisor: </p><p>01. Hacking the Xbox 360 Hypervisor Part 1: System Overview: <a href="https://icode4.coffee/?p=1047" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">icode4.coffee/?p=1047</span><span class="invisible"></span></a></p><p>02. Hacking the Xbox 360 Hypervisor Part 2: The Bad Update Exploit: <a href="https://icode4.coffee/?p=1081" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">icode4.coffee/?p=1081</span><span class="invisible"></span></a></p><p><a href="https://mastodon.social/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://mastodon.social/tags/exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>exploit</span></a> <a href="https://mastodon.social/tags/exploitation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>exploitation</span></a> <a href="https://mastodon.social/tags/xbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>xbox</span></a> <a href="https://mastodon.social/tags/reversing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reversing</span></a> <a href="https://mastodon.social/tags/informationsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>informationsecurity</span></a> <a href="https://mastodon.social/tags/hardware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hardware</span></a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.social/tags/hypervisor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hypervisor</span></a></p>
Alexandre Borges<p>Hacking the Xbox 360 Hypervisor: </p><p>01. Hacking the Xbox 360 Hypervisor Part 1: System Overview: <a href="https://icode4.coffee/?p=1047" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">icode4.coffee/?p=1047</span><span class="invisible"></span></a></p><p>02. Hacking the Xbox 360 Hypervisor Part 2: The Bad Update Exploit: <a href="https://icode4.coffee/?p=1081" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">icode4.coffee/?p=1081</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>exploit</span></a> <a href="https://infosec.exchange/tags/exploitation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>exploitation</span></a> <a href="https://infosec.exchange/tags/xbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>xbox</span></a> <a href="https://infosec.exchange/tags/reversing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reversing</span></a> <a href="https://infosec.exchange/tags/informationsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>informationsecurity</span></a> <a href="https://infosec.exchange/tags/hardware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hardware</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/hypervisor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hypervisor</span></a></p>
Lobsters<p>Hacking the Xbox 360 Hypervisor Part 2: The Bad Update Exploit <a href="https://lobste.rs/s/6wj9mi" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">lobste.rs/s/6wj9mi</span><span class="invisible"></span></a> <a href="https://mastodon.social/tags/reversing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reversing</span></a><br><a href="https://icode4.coffee/?p=1081" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">icode4.coffee/?p=1081</span><span class="invisible"></span></a></p>
Rairii :win3_progman: :win3: <p>a discord guild i was in got some malspam (link to reddit post which linked to malware present on compromised wordpress site sexccessories.co[.]ke)</p><p>Funnily enough, there were supposedly both windows and mac samples present, except they fucked up with the mac one, a passworded zip containing a “dmg” which is actually the following text:</p><pre><code>Build failed: failed to create DMG: exit status 64 Output: Creating disk image... Mounting disk image... Device name: /dev/disk4 Searching for mounted interstitial disk image using /dev/disk4s... Mount dir: /Volumes/dmg.kfA109 Copying background file '/tmp/8aAwS.png'... Copying volume icon file '/Users/user/desktop/TradingView_3760.icns'... Will sleep for 2 seconds to workaround occasions "Can't get disk (-1728)" issues... Running AppleScript to make Finder stuff pretty: /usr/bin/osascript "/var/folders/1p/6ssndcmx4j7_gb_c2_0cdklm0000gn/T/createdmg.tmp.XXXXXXXXXX.dIQPQTlFZk" "dmg.kfA109" /var/folders/1p/6ssndcmx4j7_gb_c2_0cdklm0000gn/T/createdmg.tmp.XXXXXXXXXX.dIQPQTlFZk:85:89: execution error: Finder got an error: Can’t get disk "dmg.kfA109". (-1728) Failed running AppleScript Unmounting disk image... "disk4" ejected. </code></pre><p>I predicted it would be a packed stealer of some description. I was right, unpacked binary is lumma stealer.</p><p>Been a while since I’ve done manual unpacking of a malware sample, this one was fun. The packer is the same as described here <a href="https://alertoverload.com/posts/2025/01/remcos-v5.3.0/" rel="nofollow noopener noreferrer" target="_blank">https://alertoverload.com/posts/2025/01/remcos-v5.3.0/</a></p><p>Original zipfile has the hash <code>85a2619c5bc5ae10d9ab3aab48c364b638d7b835d169f651b08c1f0282c39d58</code>.</p><p>The original binary was ~800MB, padded with garbage. Removing that padding yields a binary with the hash <code>d0e956e5fe825e8f2817ce660d3680294d790cf1baec0bdfdc540841e7202c80</code> - and manually unpacking that gives <code>bbd1e2cc95f1907d4c8c92d66bc62f43aa3e5634af6bdb947dfd826023195253</code>.</p><p>There’s also a bunch of additional stuff in the zip alongside the malware sample; copied straight from a windows installation, and the way it was copied in revealed the localisation installed on that system, which is unsurprisingly Russian (Russia) [<code>ru-RU</code>].</p><p><a class="hashtag" href="https://labyrinth.zone/tag/malware" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a class="hashtag" href="https://labyrinth.zone/tag/reversing" rel="nofollow noopener noreferrer" target="_blank">#reversing</a> <a class="hashtag" href="https://labyrinth.zone/tag/infosec" rel="nofollow noopener noreferrer" target="_blank">#infosec</a></p>
MottG<p>PoC GTFO Vol. II by Manul Laphroaig is<br>a wonderful compilation of articles from Proof of Concept or Get The Fuck Out zine articles on hacking, reverse engineering, etc. It has a great article on reverse engineering the Tytera MD380 digital hand-held radio. It has some cool stuff on reversing LoRa and spectrograms also. The illustrations are wonderful. </p><p>You can read articles from all 3 volumes of PoC GTFO at:<br><a href="https://github.com/angea/pocorgtfo" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/angea/pocorgtfo</span><span class="invisible"></span></a></p><p><a href="https://researchbuzz.masto.host/tags/hamRadio" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hamRadio</span></a> <a href="https://researchbuzz.masto.host/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://researchbuzz.masto.host/tags/reversing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reversing</span></a></p>
Shawn Webb<p>IDA Pro is moving to a subscription model on 30 Sep 2024.</p><p><strong>NOW</strong> is the time to obtain or renew your perpetual (non-subscription) license.</p><p>IDA Pro 8.x will be the last non-subscription version.</p><p><a href="https://bsd.network/tags/IDAPro" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IDAPro</span></a> <a href="https://bsd.network/tags/reversing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reversing</span></a> <a href="https://bsd.network/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
Adam Van Hine<p>Me and my homie Joe have been working on <a href="https://hachyderm.io/tags/reversing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reversing</span></a> an IoT gateway he has that is used to control his blinds. The ultimate goal is to get a shell on it. We started by decompiling the Android app.</p><p>We were able to figure out the API of the gateway just from strings in the app. Since the code was unobfuscated we could really easily see how they were forming their requests to the API.</p><p>Later we found out that some of the <a href="https://hachyderm.io/tags/homeassistant" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>homeassistant</span></a> folks had done a bunch of this already :P</p>
Alexandre Dulaunoy<p>Pretty and nifty nice tool and format to describe and visualize binary files/format by Corkami (Ange Albertini) </p><p><a href="http://corkami.github.io/sbud/hexii.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">http://</span><span class="ellipsis">corkami.github.io/sbud/hexii.h</span><span class="invisible">tml</span></a></p><p>The output is in SVG format.</p><p>Presentation at <span class="h-card" translate="no"><a href="https://infosec.exchange/@hack_lu" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>hack_lu</span></a></span> cti summit</p><p><a href="https://infosec.exchange/tags/infovis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infovis</span></a> <a href="https://infosec.exchange/tags/reversing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reversing</span></a> <a href="https://infosec.exchange/tags/visualization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>visualization</span></a></p>
Viss<p>i have a <a href="https://mastodon.social/tags/mobile" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mobile</span></a> <a href="https://mastodon.social/tags/android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>android</span></a> <a href="https://mastodon.social/tags/reversing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reversing</span></a> question. </p><p>lets say i have an apk. <br>i want to fetch all the dns names in it that are being used for API calls. </p><p>Are there tools that make that easy, or are we still talking about 'decompile the apk and manually go through all the code by hand'?</p>
Davide Eynard (+mala)<p>Hi everyone! Six more months passed since my last <a href="https://fosstodon.org/tags/introduction" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>introduction</span></a>, so here is an updated one:</p><p>AKA: +mala, AiTTaLaM</p><p>Job: Doin’ trustworthy <a href="https://fosstodon.org/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> @ moz://a.ai - more generally I love <a href="https://fosstodon.org/tags/teaching" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>teaching</span></a>, no matter if to humans or machines :-)</p><p>Projects: 3564020356.org is the oldest (~22yrs 😅), <a href="https://fosstodon.org/tags/PicoGopher" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PicoGopher</span></a> the most recent... Look around and find the rest! 😜</p><p>Interests: <a href="https://fosstodon.org/tags/bouldering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bouldering</span></a> <a href="https://fosstodon.org/tags/gopher" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gopher</span></a> <a href="https://fosstodon.org/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfHosting</span></a> <a href="https://fosstodon.org/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://fosstodon.org/tags/reversing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reversing</span></a> <a href="https://fosstodon.org/tags/fediverse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fediverse</span></a> <a href="https://fosstodon.org/tags/recsys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>recsys</span></a> <a href="https://fosstodon.org/tags/ML" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ML</span></a> <a href="https://fosstodon.org/tags/solarpunk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>solarpunk</span></a> <a href="https://fosstodon.org/tags/CommunitiesOfExperience" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CommunitiesOfExperience</span></a></p>
Cindʎ Xiao 🍉<p>The Rust Windows kernel GDI code also has symbols for <code>fallible_vec::FallibleVec&lt;T,A&gt;</code> , which looks like a non-panicking <code>Vec</code> implementation. <code>try_extend</code>, <code>try_extend_from_slice</code>, <code>try_splice_in</code>, and <code>try_insert</code> are all implemented.</p><p>In fact it looks suspiciously similar to the <code>rust_fallible_vec</code> crate, which Microsoft recently open-sourced: <a href="https://github.com/microsoft/rust_fallible_vec" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/microsoft/rust_fall</span><span class="invisible">ible_vec</span></a> :thonking:<br>( <span class="h-card"><a href="https://hachyderm.io/@TehPenguin" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>TehPenguin</span></a></span> 👋 )</p><p>The methods are generic over the allocator type <code>A</code>; some of these <code>FallibleVec</code> method implementations use the registered global allocator <code>gdi_alloc::Win32Allocator</code> , and others use the <code>gdi_alloc::TaggedAllocator</code> with the GDI-specific pool tags.</p><p><a href="https://infosec.exchange/tags/rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rust</span></a> <a href="https://infosec.exchange/tags/rustlang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rustlang</span></a> <a href="https://infosec.exchange/tags/windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>windows</span></a> <a href="https://infosec.exchange/tags/microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>microsoft</span></a> <a href="https://infosec.exchange/tags/reversing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reversing</span></a> <a href="https://infosec.exchange/tags/reverseengineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reverseengineering</span></a></p>
Cindʎ Xiao 🍉<p>For the specific GDI objects, there are still allocations made with the existing GDI-specific pool tags.</p><p>It looks like the <code>rgncore::scan::ScanBuilder&lt;gdi_alloc::TaggedAllocator&lt;_&gt;&gt;</code> object uses the existing GDI pool tag <code>Gscn</code> ( i.e. <code>GDITAG_SCAN_ARRAY</code>) for vector allocations. (Probably <code>gdi_alloc::TaggedAllocator&lt;_&gt;</code> requires specifying a pool tag)</p><p>I also see <code>Gedg</code> (i.e. <code>GDITAG_EDGE</code>) being used in <code>gdi_rust::region::from_path::GlobalEdgeTable::add_edge</code>, and <code>gdi_rust::region::from_path::ActiveEdgeTable::new</code><br>, among other places.</p><p><a href="https://infosec.exchange/tags/rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rust</span></a> <a href="https://infosec.exchange/tags/rustlang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rustlang</span></a> <a href="https://infosec.exchange/tags/windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>windows</span></a> <a href="https://infosec.exchange/tags/microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>microsoft</span></a> <a href="https://infosec.exchange/tags/reversing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reversing</span></a> <a href="https://infosec.exchange/tags/reverseengineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reverseengineering</span></a></p>
Cindʎ Xiao 🍉<p>In the new Rust Windows kernel GDI code, there is a new global allocator registered named <code>gdi_alloc::Win32Allocator</code> . It calls <code>Win32AllocPool</code> with a fun new pool tag name, "Rust"!</p><p><a href="https://infosec.exchange/tags/rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rust</span></a> <a href="https://infosec.exchange/tags/rustlang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rustlang</span></a> <a href="https://infosec.exchange/tags/windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>windows</span></a> <a href="https://infosec.exchange/tags/microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>microsoft</span></a> <a href="https://infosec.exchange/tags/reversing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reversing</span></a> <a href="https://infosec.exchange/tags/reverseengineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reverseengineering</span></a></p>
Cindʎ Xiao 🍉<p>For the new Windows kernel Rust GDI stuff that is all the rage now (win32kbase_rs.sys, win32kfull_rs.sys): here are the links to download copies of those binaries, from the Microsoft Symbol Server:</p><p><a href="https://msdl.microsoft.com/download/symbols/win32kbase_rs.sys/272C4A031b000/win32kbase_rs.sys" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">msdl.microsoft.com/download/sy</span><span class="invisible">mbols/win32kbase_rs.sys/272C4A031b000/win32kbase_rs.sys</span></a></p><p><a href="https://msdl.microsoft.com/download/symbols/win32kfull_rs.sys/8264C482a000/win32kfull_rs.sys" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">msdl.microsoft.com/download/sy</span><span class="invisible">mbols/win32kfull_rs.sys/8264C482a000/win32kfull_rs.sys</span></a></p><p>These should be the versions that are in Windows 11 Insider Preview 25357.1 (zn_release) amd64 . The SHA-256 hashes are: </p><p>87ee0235caf2c97384581e74e525756794fa91b666eaacc955fc7859f540430d win32kbase_rs.sys<br>2efb9ea4032b3dfe7bf7698bd35e3ea3817d52f4d9a063b966f408e196957208 win32kfull_rs.sys</p><p>(I first extracted these files myself from the update package for build 25357.1, then generated the symbol server download URLs from the PE metadata in the files)</p><p>Of course, in addition to the actual executables, symbols are available from the symbol server as well (see screenshot).</p><p><span class="h-card" translate="no"><a href="https://tech.lgbt/@analog_feelings" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>analog_feelings</span></a></span> already did some reversing of win32kbase_rs.sys several weeks ago, here: <a href="https://tech.lgbt/@analog_feelings/110232321999960466" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">tech.lgbt/@analog_feelings/110</span><span class="invisible">232321999960466</span></a> 🤘</p><p>Now, time for me to go figure out how to actually reverse Rust 🦀</p><p><a href="https://infosec.exchange/tags/rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rust</span></a> <a href="https://infosec.exchange/tags/rustlang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rustlang</span></a> <a href="https://infosec.exchange/tags/windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>windows</span></a> <a href="https://infosec.exchange/tags/reversing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reversing</span></a> <a href="https://infosec.exchange/tags/reverseengineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reverseengineering</span></a> <a href="https://infosec.exchange/tags/microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>microsoft</span></a></p>
beSpacific<p><a href="https://newsie.social/tags/FDA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FDA</span></a> approves <a href="https://newsie.social/tags/overdose" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>overdose</span></a> <a href="https://newsie.social/tags/reversing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reversing</span></a> <a href="https://newsie.social/tags/Narcan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Narcan</span></a> for sale without <a href="https://newsie.social/tags/prescription" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>prescription</span></a>. Move seen as a key strategy to control the US <a href="https://newsie.social/tags/overdose" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>overdose</span></a> <a href="https://newsie.social/tags/crisis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>crisis</span></a>, which has been linked to more than 100,000 deaths a year <a href="https://www.fda.gov/news-events/press-announcements/fda-approves-first-over-counter-naloxone-nasal-spray" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">fda.gov/news-events/press-anno</span><span class="invisible">uncements/fda-approves-first-over-counter-naloxone-nasal-spray</span></a> <a href="https://newsie.social/tags/OTC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTC</span></a> <a href="https://newsie.social/tags/naloxone" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>naloxone</span></a> <a href="https://newsie.social/tags/opiod" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opiod</span></a> <a href="https://newsie.social/tags/overdoses" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>overdoses</span></a></p>
Washi<p>What really is the entry point of a <a href="https://infosec.exchange/tags/dotnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dotnet</span></a> application? Is it `public static void Main()`, or are there other places that we should look at when reverse engineering .NET samples?</p><p>👉Read about it in my new blog post: <a href="https://washi.dev/blog/posts/entry-points/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">washi.dev/blog/posts/entry-poi</span><span class="invisible">nts/</span></a><br> <br><a href="https://infosec.exchange/tags/reversing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reversing</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a></p>
too many names<p>Short and enjoyable <a href="https://hachyderm.io/tags/reversing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reversing</span></a> read I was introduced to today:</p><p>&gt; Reverse Engineering A Mysterious UDP Stream in My Hotel</p><p><a href="https://www.gkbrk.com/2016/05/hotel-music/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="">gkbrk.com/2016/05/hotel-music/</span><span class="invisible"></span></a></p>