msm
@MsmCode
Malware analyst. Cofounder of @p4_team. No independent thought: ALL opinions belong to my employers, cats. and friends. [email protected] http://msm0.bsky.social
قد يعجبك
My new post about #malware #deobfuscation - cert.pl/en/posts/2025/…. I focus on the simple - but powerful - technique of local substitutions. Uses #ghidra and ghidralib. Thx @nazywam for review.
I analyzed thousands of messages from 35+ suspected state-sponsored hacktivist groups using machine learning—uncovering hidden connections through writing styles, language and topics. After a year of research, here’s what we found and how we did it. 👇 research.checkpoint.com/2025/modern-ap… 1/
Ghidralib development continues: py3 support, binary/asm patching, and symbolic propagation: github.com/msm-code/ghidr…. I also write docs for people who want to try it. Newest chapter: emulation msm-code.github.io/ghidralib/emul… #ghidra #reverseengineering
RULECOMPILE - Undocumented Ghidra decompiler rule language. A blog post about how frustration with poor decompilation led me to dive deep into Ghidra's decompiler to discover (and reverse-engineer) - an obscure, undocumented DSL msm.lt/re/ghidra/rule… #reverseengineering #ghidra
🚀Excited to announce ghidralib - a library that makes #Ghidra scripts drastically shorter and easier to write. I've been using it daily for #reverseengineering and decided it’s time to share! Check it out: github.com/msm-code/ghidr… And the docs: msm-code.github.io/ghidralib/ #infosec
Hi #Ghidra users. I've created a quick search/command palette/launcher plugin called "Ctrl+P". You can search for functions, labels, data, bookmarks, focus windows, launch scripts and trigger available action. github.com/msm-code/Ghidr… #reversing #reverseengineering #infosec
🚨 Uwaga na fałszywe reklamy na dużych platformach internetowych! Oszuści nadal skutecznie omijają mechanizmy weryfikacji, a platformy mają problem z ich powstrzymaniem. Jakie są rodzaje oszustw i dlaczego te mechanizmy zawodzą? 🤔 🔍➡️ cert.pl/posts/2024/11/…
[PL] Oprócz Paged Out!, wypuściliśmy dzisiaj też wywiad z 𝗣𝗼𝗹𝗮𝗻𝗱 𝗖𝗮𝗻 𝗜𝗻𝘁𝗼 𝗦𝗽𝗮𝗰𝗲, tj. (@p4_team + @DragonSectorCTF + przyjaciele) o HACK-A-SAT 4: ↓↓↓ youtube.com/watch?v=9Gl8ZZ… ↑↑↑
![gynvael's tweet image. [PL] Oprócz Paged Out!, wypuściliśmy dzisiaj też wywiad z 𝗣𝗼𝗹𝗮𝗻𝗱 𝗖𝗮𝗻 𝗜𝗻𝘁𝗼 𝗦𝗽𝗮𝗰𝗲, tj. (@p4_team + @DragonSectorCTF + przyjaciele) o HACK-A-SAT 4:
↓↓↓
youtube.com/watch?v=9Gl8ZZ…
↑↑↑](https://pbs.twimg.com/media/GBofFVxWsAALdQ0.jpg)
Slides (PL) from my yesterday's presentation at @OMHconf #ohmyhack are here: tailcall.net/static/talks/o…. I've talked a bit about my recent research about stealers in a - hopefully - approachable way.
I had the pleasure to conduct a 1.5 day #workshop about Threat Intel Pipelines and CTI to a room full of security experts during the #ITU Interregional #Cyberdrill for Europe and Asia-Pacific. I hope everyone had fun and maybe see you at the next Cyberdrill.
CERT Poland's Jarosław Jedynak has posted a detailed and technical description of the XWorm analysis process, including the unpacking. XWorm is a multi-purpose malware family, commonly used as a RAT. cert.pl/en/posts/2023/…
I wrote a detailed writeup about #XWorm #Malware reverse-engineering. The stealer itself is nothing fancy, but check it out if you're interested in dissecting malware step by step. And if not, hey I share some code and IoCs too. cert.pl/en/posts/2023/…
Finished my #flareon10 today! Fun fact: I used #Ghidra exclusively (no Ida) to solve almost all challenges (two exceptions: Android and PDP-11 Forth). It works great.
What's the first step of dynamically unpacking obfuscated .NET malware? Writing your own debugger, of course. A story of unpacking the recent .NET stealer campaign: cert.pl/en/posts/2023/…. (Going to start posting more writeups soon, stay tuned)
Better documentation, YARA scanning limitation, easier scaling, better user roles. Those are only some of the changes introduced in mquery 1.4! Full list of changes is available on ⬇️ github.com/CERT-Polska/mq…
![CERT_Polska_en's tweet card. Version 1.4 Breaking changes [Breaking change] mquery now users typedconfig library instead of the previous config.py file. if you deployed mquery using docker (configurable by environment variabl...](https://pbs.twimg.com/card_img/1977335108014112768/mo4Bvvs9?format=jpg&name=orig)
Today Poland Can Into Space placed fourth on @hack_a_sat qualifier and we're going to Vegas! This year's finals will include hacking the Moonlighter platform on orbit! Can 🇵🇱🥫🚀 conquer real 🛰️? We'll find out during DEFCON 31.
Some of @MsmCode and my research on the #phobos ransomware family. Using CUDA to crack stuff was a lot more interesting than expected!
We are proud to publish our latest research: A tale of Phobos – how we almost cracked a ransomware using CUDA. In it, we go on a journey of creating a decryptor for the #phobos ransomware and ending up with an almost working CUDA proof of concept. cert.pl/en/posts/2023/…
Finally, Phobos decryptor PoC published 🙃. I worked on it with @nazywam when I was at CertPl. It can decrypt most Phobos samples from the last 2 years, if you know the exact time decryption started (and PID). Very hard to use in practice but interesting PoC nonetheless.
We are proud to publish our latest research: A tale of Phobos – how we almost cracked a ransomware using CUDA. In it, we go on a journey of creating a decryptor for the #phobos ransomware and ending up with an almost working CUDA proof of concept. cert.pl/en/posts/2023/…
Fell in love with typed-config github.com/bwindsor/typed…. It's a tiny Python library for reading config from ini files/environment/anywhere, used by mwdb (and maybe mquery soon). Typed, extensible, dependency free. How does it only have 14 stars on GH?!
Together with @DragonSectorCTF we've donated our winnings from Russian CTFs to humanitarian aid towards 🇺🇦#Ukraine! $3,000 from each team which we'll match from our #PolandCanIntoSpace winnings. $12,000 in total for @PAH_org. #NoToWar 🇺🇦🇵🇱 #CTFforUA siepomaga.pl/ctfforua
United States الاتجاهات
- 1. Columbus 80.4K posts
- 2. #WWERaw 35.6K posts
- 3. #SwiftDay 9,080 posts
- 4. #IDontWantToOverreactBUT N/A
- 5. #IndigenousPeoplesDay 3,876 posts
- 6. Seth 31.3K posts
- 7. Middle East 170K posts
- 8. Marc 37.2K posts
- 9. Thanksgiving 46.3K posts
- 10. The Vision 84.7K posts
- 11. #MondayMotivation 13.6K posts
- 12. Knesset 135K posts
- 13. Flip 48.3K posts
- 14. Victory Monday 2,131 posts
- 15. Bron Breakker 4,490 posts
- 16. Bronson 6,129 posts
- 17. Heyman 4,332 posts
- 18. CM Punk 6,222 posts
- 19. Egypt 168K posts
- 20. Branch 49.7K posts
قد يعجبك
-
Rev
@RevToJa -
mak
@maciekkotowicz -
Nazywam
@nazywam -
Hybrid Analysis
@HybridAnalysis -
Gabriela Nicolao
@rove4ever -
Evilcry_
@Blackmond_ -
Daniel Plohmann
@push_pnx -
Michał Kowalczyk 🇺🇦
@dsredford -
Robert Swiecki
@robertswiecki -
Bad Cyber
@badcybercom -
Wojciech Lesicki
@WLesicki -
⚛️ Marcin Siedlarz
@siedlmar -
R136a1
@TheEnergyStory -
Artem I. Baranov 🐦
@artem_i_baranov -
Bonus
@BonusPlay3
Something went wrong.
Something went wrong.