ReWolf

i built an entire x86 CPU emulator in CSS (no javascript) you can write programs in C, compile them to x86 machine code with GCC, and run them inside CSS

I've recently been digging into Android security and found some interesting stuff, more details on the higher-impact findings will be published later but in the meantime, I'm kicking off the blog with some low-severity findings and will update over time. lowlevel.fun/posts/low-seve…

@alexjplaskett Good old times 🙌

Reverse engineering Mortal Kombat GRA file format by @rwfpl blog.rewolf.pl/blog/?p=1837 blog.rewolf.pl/blog/?p=1982

I wrote-up how I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation. Link to the blog post below 👇

@lauriewired @mrexodia But to be factually correct, IDA debugger was first introduced in 2003 (still not a fan after 22 years 😅)

@lauriewired @mrexodia w32dasm 4 life

all my homies use x64dbg

@gim unfollowed 🥸

Want to support security researchers from Dragon Sector in covering legal costs piling up after they went public with logic bombs in train firmware? IBAN for donations is available here: ccc.de/en/updates/202… Talks for context: media.ccc.de/v/37c3-12142-b… streaming.media.ccc.de/38c3/relive/336

Reverse engineering Mortal Kombat GRA file format by @rwfpl blog.rewolf.pl/blog/?p=1837 #more-1982" target="_blank" rel="nofollow noopener">blog.rewolf.pl/blog/?p=1982#m…

@KacperSzurek Nanorurki 😏

Wczoraj masa ekspertów od powodzi. Dzisiaj sami specjaliści od baterii i pagerów. A miesiąc temu wysyp programistów sterowników. Co będzie jutro?

@vxunderground And at the end of the day it boils down to finding a clever way of getting executable memory and redirecting the execution since there are not that many options 🤷‍♂️

Process injection via GetThreadDescription and SetThreadDescription. This makes this the 9,001 process injection technique on Windows.

@n3mes1s Definitely not eBPF developers 😆

Today all windows EDR kernel developers. What will you be tomorrow?

@lcamtuf I suggest everyone who feel offended by that code take a look at the official bzip2 decompressor github.com/libarchive/bzi… 😅

It is a major misconception that in C, you need "break" statements at the end of switch() cases to prevent fall-through execution:

Issue #4 is out – enjoy! pagedout.institute/?page=issues.p… Please RT and tell your friends :)

@AdmVonSchneider Maybe it is not a panacea but it is definitely fun to write 🙈

This post is well worth a read. TL;DR - Rust is not a panacea for all of our collective software security troubles. @john_25313/c-isnt-a-hangover-rust-isn-t-a-hangover-cure-580c9b35b5ce" target="_blank" rel="nofollow noopener">medium.com/@john_25313/c-…

@dwizzzleMSFT I had to update my VBS definition 😅

New Google Chrome Blog: blog.chromium.org/2024/04/fighti… Windows 11 VBS and TPM defaults are used by Chrome to prevent cookie theft. "Chrome will use facilities such as Trusted Platform Modules (TPMs) for key protection, which are becoming more commonplace and are required for Windows 11, and we are looking at supporting software-isolated solutions as well."

The rev.ng decompiler has gone open source: rev.ng/blog/open-sour… github.com/revng/revng-c

@gynvael The first rule of Fight Club is: you do not talk about Fight Club. The second rule of Fight Club is: you DO NOT talk about Fight Club!

If you saw on a candidate's resume something like: 'I created malware for educational purposes' would you treat this positively or negatively? Vote here: docs.google.com/forms/d/e/1FAI… Results: docs.google.com/forms/d/e/1FAI…

In the spirit of "this talk could've been a tweet", I just pushed a button: #BinDiff is now open source. - Snapshot release, no major new functionality - Release binaries later today or tomorrow - This is my 20% and I won't we able to act on PRs until end of Q4 (OOO traveling)

@_clem1 Congrats man! 👏👏👏

Yay! 🙏☺️ #teamwork