's Avatar

@msm0.bsky.social

32 Followers  |  12 Following  |  7 Posts  |  Joined: 16.11.2024  |  1.2635

Latest posts by msm0.bsky.social on Bluesky


Preview
ClickFix in action: how fake captcha can lead to a company-wide infection We assisted a large organisation in the investigation and remediation of a live malware infection caused by a successful Fake Captcha attack. In this report, we summarize our observations and publish ...

My short blog post on ClickFix threats (with focus on malware used in recent campaigns): cert.pl/en/posts/202...

17.02.2026 13:54 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Deobfuscation techniques: Peephole deobfuscation In this article we describe a basic deobfuscation technique by leveraging a code snippet substitution.

My new post about #malware #deobfuscation - cert.pl/en/posts/202.... I focus on the simple - but powerful - technique of local substitutions. Uses #ghidra and ghidralib. Thx @nazywam.bsky.social for the review.

24.04.2025 13:22 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

Ghidralib development continues: py3 support, binary/asm patching, and symbolic propagation: github.com/msm-code/ghi.... I also write docs for people who want to try it. Newest chapter: emulation msm-code.github.io/ghidralib/em...
#ghidra #reverseengineering

06.01.2025 03:25 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
A image that shows a piece of code. On top there is an expression (param_1 & 1) * 2 + (param_1 ^ 1). On the bottom is a deobfuscated version, param_1 + 1. In the middle there is a custom Ghidra DSL, explained in the post.

A image that shows a piece of code. On top there is an expression (param_1 & 1) * 2 + (param_1 ^ 1). On the bottom is a deobfuscated version, param_1 + 1. In the middle there is a custom Ghidra DSL, explained in the post.

RULECOMPILE - Undocumented Ghidra decompiler rule language.
A blog post about how frustration with poor decompilation led me to dive deep into Ghidra's decompiler to discover (and reverse-engineer) - an obscure, undocumented DSL
msm.lt/re/ghidra/ru...
#reverseengineering #ghidra

30.12.2024 19:34 β€” πŸ‘ 14    πŸ” 9    πŸ’¬ 0    πŸ“Œ 0
A dragon logo, with two pieces of code. On the left there is "turn this", with a long snippet of pure ghidra code. On the right there is "into this", with a single line of ghidralib.

A dragon logo, with two pieces of code. On the left there is "turn this", with a long snippet of pure ghidra code. On the right there is "into this", with a single line of ghidralib.

πŸš€Excited to announce ghidralib – a library that makes #Ghidra scripts drastically shorter and easier to write. I've been using it daily for #reverseengineering and decided it’s time to share!
Check it out: github.com/msm-code/ghi.... And the documentation: msm-code.github.io/ghidralib/.
#infosec #re

23.12.2024 22:36 β€” πŸ‘ 8    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
A VS screenshot with colored python bytecode opcodes.

A VS screenshot with colored python bytecode opcodes.

Just open-sourced another small OS #ReverseEngineering project: a tiny extension for highlighting Python bytecode using #VsCode.
github.com/msm-code/vsc...
It also serves as a good demo of how to create such plugins (spoiler: it's very, very easy).
#reversing #infosec

12.12.2024 16:53 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Hi Bluesky. I created a #Ghidra quick search/command palette/launcher plugin called "Ctrl+P". You can search functions, labels, data, bookmarks, focus windows, launch scripts and trigger available action. All in a single Python file.
github.com/msm-code/Ghi...
#reversing #reverseengineering #infosec

01.12.2024 01:29 β€” πŸ‘ 7    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

@msm0 is following 12 prominent accounts