KrnObj
53 posts
I know a video about how to use idasql and how to configure is due.
Meanwhile, some basic stuff it can do:
Let Copilot CLI (autopilot mode) + Opus 4.6 | GPT 5.3-codex-high + idasql go after Beep.sys driver, and recover it fully:
- The models know about drivers RE
- They can nicely follow and recursively deal with dispatch table
- Recover the driver object extension type
- Systematically go after the whole binary
Of course, all of the above are basic scenarios that 'just work' due to how agent harnesses work when given the right tools.
idasql is just one tool in your arsenal, it is not magic and with other tools and the right prompting, you can have a more pleasant experience with IDA.
English
New chapter: I've transitioned to a part-time Chief Scientist role at @emproofsecurity.
I’m shifting my focus to my independent work in reverse engineering:
trainings • consulting • tooling • research
Details: synthesis.to
English
@CapeSandbox Hello experts, I would like to ask about the TLS decryption function of Cape. I have tried two modes, MitomPorXY and PolarPoxy, but neither works. I also found that the Cape integrated in VT does not have the decryption function enabled.
English
New cmd.exe batch deobfuscation capability integrated in CAPE! FindFixAndRun hook😎
For example: capesandbox.com/analysis/23842/
Thanks KingKDot github.com/KingKDot/Exorc…🙏
and KillerInstinct for the integration!
English
@AkitaOnRails Yes, the cloud host does not provide the ability to open this oh, I think there is any way to improve the ability of simulation?
English
@AkitaOnRails Thank you, I want to try! My previous experience was that running any software in a nested virtual machine was difficult because there was no host enabled vt-x option. Maybe I didn't configure the qemu xml correctly. I want to improve the efficiency of this software simulation.
English
@AkitaOnRails I have a problem, I install kvm qemu in the cloud host, qemu virtualizes a windows system, the cloud host is not enabled vt-x, the performance is particularly poor? I wonder if you can improve performance in this way?
English
@AkitaOnRails Hello, I would like to ask, you are running a virtual machine in a virtual machine, and do not enable vt-x? So much more efficient?
English
A collection of incredible (non-corporate) malware analysis and reverse engineering blogs that I have personally enjoyed over the years.
All focused on education and knowledge sharing of malware/RE topics.
[1/14] 🧵
(In no particular order)
#malware #education
English
English
100 Days of Hacking!
#100DaysOfHacking #100DaysOfCyberSecurity #infosecurity #CyberSec #infosec #bugbountytip #bugbountytips #cybersecurity #redteam #CyberSecurityAwareness #cybersecuritytips
Day 13 #websecurity ⬇
~# Access control vulnerabilities
English
WinDiff - Browse and compare exports, debug symbols and debug types of PEs between Windows versions.
WinDiff is a streamlined revamp of ntdiff, wired directly to Winbindex to fetch Windows updates and PEs automatically.
App: windiff.vercel.app
Repo: github.com/ergrelet/windi…
English
Join @jon__reiter and I on the Off By One Security stream tomorrow (Friday) at 11AM Pacific Time as we do some Windows Kernel debugging and try to document some undocumented structures and fancy unions. We'll also continue looking at exploit mitigations:
youtube.com/watch?v=V5M-94…
YouTube
English
Top 10 twitter accounts referenced in Sigma rules, follow them.
@SBousseaden
@0gtweet
@nas_bench
@mrd0x
@Hexacorn
@cyb3rops
@n3mes1s
@pabraeken
@malmoeb
@JohnLaTwC
English
Wanna save Tweets and Threads to Notion?🚀
You can save them so easily that you won't lose a tweet ever again
How? with 2 simple steps. In 2 minutes ⏲
Everything you need is in this mini Thread 🧵
English