Willi Ballenthin

@williballenthin

/usr/bin/nethack

williballenthin.com
Joined February 2008
108 Photos and videos Photos and videos

Tweets

You blocked @williballenthin

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @williballenthin

  1. 13 hours ago

    I think my favorite feature is the "isolated subgraph" detection, which can pull out inlined functions (think strcmp and friends) simply by looking at basic block connectivity.

    1 retweet 1 like
    Show this thread
    Show this thread
  2. 13 hours ago

    There's some really neat IDA Pro graph magic from described in detail here:

    1 reply 3 retweets 16 likes
    Show this thread
    Show this thread
  3. Dec 19

    as someone born after Watergate, I've been enjoying the podcast "Slow Burn" over the past few days

    1 like
  4. Retweeted
    Dec 18

    Estimate when a paper was written based on its references: pdftotext -layout -nopgbrk PAPER.pdf - | grep -o '1[89][0-9][0-9]\|20[0-9][0-9]' | sort -u | tail -n1

    2 replies 11 retweets 19 likes
  5. Dec 19

    are there meaningful differences in the performance among the popular x86 disassemblers?

    2 replies 1 retweet 1 like
  6. Retweeted
    Dec 12
    Replying to

    Not to forget our first release of Cutter () last week!

    11 retweets 18 likes
  7. Dec 12

    Lots of good stuff in their new public github page, including a Capstone -> LLVM IR translator. Check the projects out here:

    10 retweets 29 likes
    Show this thread
    Show this thread
  8. Dec 12

    What a great week for reverse engineering: today open sourced the LLVM-based decompiler RetDec:

    2 replies 251 retweets 371 likes
    Show this thread
    Show this thread
  9. Dec 11

    The Online Disassembler (ODA) is getting open sourced at by Anthony DeRosa and Bill Davis (source: ). This is awesome!

    105 retweets 155 likes
  10. Dec 10

    I wonder the significance of 0x41B994 to the Hex-Rays devs. Its used as a magic number for fetching the idainfo structure from an .idb file.

    1 retweet 2 likes
  11. Dec 10

    "...using neural nets we are able to outperform cache-optimized B-Trees by up to 70% in speed while saving an order-of-magnitude in memory over several real-world data sets." 🤓

    1 reply 1 retweet 5 likes
  12. Retweeted
    Dec 9

    regedit.exe 4097,2 (32x32x4)

    15 retweets 34 likes
  13. Dec 9

    Also featured is which has been a joy to learn.

    6 likes
    Show this thread
    Show this thread
  14. Dec 9

    ElkJS is a seriously awesome library for laying out plots and diagrams. Easy enough to get started, yet still has a million knobs available to tweak.

    3 replies 42 retweets 107 likes
    Show this thread
    Show this thread
  15. Dec 9

    Neat script by to detect tampering of EVTX log files to hide individual records:

    35 retweets 59 likes
  16. Retweeted
    Dec 3

    I threw down $10 and asked a freelancer on fiverr to write me a piece on penetration testing and the need for skilled people and I was not disappointed with the result.

    5 replies 24 retweets 49 likes
  17. Dec 4

    Its neat how ASCII text disassembles into valid instructions, yet particularly interesting that many of the single ASCII byte opcodes don't make much sense for 32-bit usermode.

    1 reply 1 retweet 2 likes
    Show this thread
    Show this thread
  18. Dec 4

    Fun post: "Recognizing and Avoiding Disassembled Junk" by

    1 reply 13 retweets 20 likes
    Show this thread
    Show this thread
  19. Nov 29

    spoiler alert: there are 93,679 of them.

    1 retweet 3 likes
    Show this thread
    Show this thread
  20. Nov 29

    Here's a list of all the symbols exported by Microsoft DLLs on a typical Windows system:

    2 replies 30 retweets 62 likes
    Show this thread
    Show this thread

@williballenthin hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·