honululu

'%' and '$' do not belong in asm.

Somehow I missed there's a whole Ph.D. thesis on symbolic abstraction: https://thakur.cs.ucdavis.edu/assets/pubs/thakur_PHD14.pdf … Looks pretty readable, too.

No, I made some extensions to the work of Olm and Seidl: http://www2.in.tum.de/bib/files/Muller-Olm07Analysis.pdf …

This is just in! We *might* be hosting a teaser CTF later this month of December (!) (probably somewhere around 20th). We will have some good challenges, including some written by @kidOfArcrania We'll also have some easy challenges. Come try our CTF pls :)

New IDA 7.4 and Decompilers released! Changelog: - IdaPython move to Python 3 - New Local Types editor - Improved GDB support (iOS 13) - Multiple improvements in decompiler engine - Global xrefs directly in pseudocode https://www.hex-rays.com/products/ida/7.4/index.shtml … https://www.hex-rays.com/products/decompiler/v74_vs_v73.shtml … #REhints

Some months ago, in part because of a CFG bitmap bug (whose resolution I still haven't checked on), I got it into my head to tackle the fundamentals of Windows memory management yet again. Whatever it leads to, today's product perhaps stakes some ground: http://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/mm/mi/mmpte/hardware.htm ….

#hitcon GoGo PowerSQL unintended RCE solution: 1. Pollute environment variable 2. libmysqlclient will load plugin from LIBMYSQL_PLUGINS 3. But it will append annoying .so 4. Bypass by sending 512 bytes ./././ ... 5. Load the malicious plugin from /proc/self/fd/0 6. Profit

Attention, all you tasteful humans out there. The year has come! We have captured enough flags to share some with you; Announcing: Tasteless-CTF, Oct. 5-6 '19 - reserve the date and stay tuned, more details to come!