ClickFix in action: how fake captcha can lead to a company-wide infection We assisted a large organisation in the investigation and remediation of a live malware infection caused by a successful Fake Captcha attack. In this report, we summarize our observations and publish ...

My short blog post on ClickFix threats (with focus on malware used in recent campaigns): cert.pl/en/posts/202...

Deobfuscation techniques: Peephole deobfuscation In this article we describe a basic deobfuscation technique by leveraging a code snippet substitution.

My new post about #malware #deobfuscation - cert.pl/en/posts/202.... I focus on the simple - but powerful - technique of local substitutions. Uses #ghidra and ghidralib. Thx @nazywam.bsky.social for the review.

Ghidralib development continues: py3 support, binary/asm patching, and symbolic propagation: github.com/msm-code/ghi.... I also write docs for people who want to try it. Newest chapter: emulation msm-code.github.io/ghidralib/em...
#ghidra #reverseengineering

A image that shows a piece of code. On top there is an expression (param_1 & 1) * 2 + (param_1 ^ 1). On the bottom is a deobfuscated version, param_1 + 1. In the middle there is a custom Ghidra DSL, explained in the post.

RULECOMPILE - Undocumented Ghidra decompiler rule language.
A blog post about how frustration with poor decompilation led me to dive deep into Ghidra's decompiler to discover (and reverse-engineer) - an obscure, undocumented DSL
msm.lt/re/ghidra/ru...
#reverseengineering #ghidra

A dragon logo, with two pieces of code. On the left there is "turn this", with a long snippet of pure ghidra code. On the right there is "into this", with a single line of ghidralib.

🚀Excited to announce ghidralib – a library that makes #Ghidra scripts drastically shorter and easier to write. I've been using it daily for #reverseengineering and decided it’s time to share!
Check it out: github.com/msm-code/ghi.... And the documentation: msm-code.github.io/ghidralib/.
#infosec #re

A VS screenshot with colored python bytecode opcodes.

Just open-sourced another small OS #ReverseEngineering project: a tiny extension for highlighting Python bytecode using #VsCode.
github.com/msm-code/vsc...
It also serves as a good demo of how to create such plugins (spoiler: it's very, very easy).
#reversing #infosec

Hi Bluesky. I created a #Ghidra quick search/command palette/launcher plugin called "Ctrl+P". You can search functions, labels, data, bookmarks, focus windows, launch scripts and trigger available action. All in a single Python file.
github.com/msm-code/Ghi...
#reversing #reverseengineering #infosec