My idalib-based "vulnerability divination" tool suite is finally available in the official Hex-Rays Plugins & Apps repository!
https://plugins.hex-rays.com/search-results?search_term=0xdea
My idalib-based "vulnerability divination" tool suite is finally available in the official Hex-Rays Plugins & Apps repository!
https://plugins.hex-rays.com/search-results?search_term=0xdea
𝗞𝗮𝗹𝗺𝗮𝗿𝗖𝗧𝗙 𝟮𝟬𝟮𝟱 𝗶𝘀 𝗷𝘂𝘀𝘁 𝗮𝗿𝗼𝘂𝗻𝗱 𝘁𝗵𝗲 𝗰𝗼𝗿𝗻𝗲𝗿 - 𝗰𝗼𝗺𝗲 𝗰𝗼𝗺𝗽𝗲𝘁𝗲 𝘄𝗶𝘁𝗵 𝘁𝗵𝗲 𝗯𝗲𝘀𝘁 𝗰𝗼𝗺𝗽𝗲𝘁𝗶𝘁𝗶𝘃𝗲 𝗵𝗮𝗰𝗸𝗲𝗿𝘀 𝗳𝗿𝗼𝗺 𝗮𝗿𝗼𝘂𝗻𝗱 𝘁𝗵𝗲 𝘄𝗼𝗿𝗹𝗱 𝗮𝗻𝗱 𝘄𝗶𝗻 𝗴𝗿𝗲𝗮𝘁 𝗽𝗿𝗶𝘇𝗲𝘀!
The #KalmarCTF 2025 is on the horizon, and Kalmarunionen is ready to raise the bar once again. Mark your calendars for March 7th - 9th, 2025, and gear up for a 48-hour showdown of skill, and pure CTF grit.
𝐇𝐞𝐫𝐞’s 𝐰𝐡𝐚𝐭’s 𝐢𝐧 𝐬𝐭𝐨𝐫𝐞:
With a generous nod to @HexRaysSA for making the coveted #IDAPro licenses possible, we promise an unforgettable event brimming with complex challenges in binary exploitation, reverse engineering, and other classic #CTF categories.
First Place: 3x IDA Pro Named Licenses* with 2 Decompilers each
Second Place: 2x IDA Pro Licenses* with 2 Decompilers each
Third Place: 1x IDA Pro License* with 2 Decompilers
Why join hashtag #KalmarCTF 2025?
- Test yourself against top global teams and except some fun and original challenges
- Immerse yourself in a thriving community of passionate CTF players and hackers.
If you’re ready to push your limits, claim your glory, and maybe take home some serious #HexRays loot, head over to KalmarC.TF for all the details.
REassemble your dream team, and lets see who takes all home the licenses this year.
#ESETresearch has released DelphiHelper, a plugin for #IDAPro that aids in analyzing Delphi binaries.
Check it out on ESET’s GitHub at https://github.com/eset/DelphiHelper
Proud to be recognized among the notable submissions of the 2024 https://x.com/HexRaysSA Plugin Contest: https://hex-rays.com/blog/2024-plugin-contest-winners
The 3rd episode of our #OffensiveRust series, "Streamlining vulnerability research with #IDAPro and #Rust", is here! @raptor introduces new tools to assist with reverse engineering and vulnerability research, based on @HexRaysSA IDA and @binarly_io idalib.
https://security.humanativaspa.it/streamlining-vulnerability-research-with-ida-pro-and-rust
@HexRaysSA have announced IDA Pro v9.1 Beta
There are a lot changes, follow the link for changelog
https://docs.hex-rays.com/release-notes/9_1beta
Some highlights:
* Heaven's gate can now be debugged
* Rust version detection
* Improved decompilation on ARM64, RISCV, PPC
* Still no support for Linux ARM
Congrats to @xorpse @binarly_io for the well-deserved third place of their idalib #rust bindings in this year’s #idapro plugin contest!
The fourth article (126 pages) of the Exploiting Reversing Series (ERS) is available on:
https://exploitreversing.com/2025/02/04/exploiting-reversing-er-series-article-04/
I would like to thank Ilfak Guilfanov (@ilfak on X) and Hex-Rays (@HexRaysSA on X) for their constant and uninterrupted support, which have helped me write these articles.
The fifth article (ERS 05) will be released soon. Stay tuned.
I hope you enjoy reading it and have an excellent day.
The nineth article (38 pages) of the Malware Analysis Series (MAS) is available on:
https://exploitreversing.com/2025/01/08/malware-analysis-series-mas-article-09/
I would like to thank Ilfak Guilfanov @ilfak and @HexRaysSA (on X) for their constant and uninterrupted support, which have helped me write these articles.
Even though I haven't been on this subject for years, I promised I would write a series of ten articles, and the last one will be released next week (JAN/15).
Have a great day.
IDA Pro v9.0 SP1 is now published.
https://hex-rays.com/blog/ida-9.0-service-pack-1
Changelog
https://docs.hex-rays.com/release-notes/9_0sp1
BTW; I have checked UI improvements but they didn't add search/find/replace feature to script editor.
And still no support for Linux Arm64.
TIL: Do you know you can grab instruction pointer by using fldz and fstenv instruction from Intel processor?
@Kaspersky team shared a new write-up about their IDA Pro plugin while reversing #FinSpy malware. Don't miss this write-up.
IDA_Plugin_AntiDebugSeeker
Automatically identify and extract potential anti-debugging techniques used by malware.
Apparently, @HexRaysSA is finally going down the drain. Their whole new licensing process does not work, support sucks, i'm currently just burning money every day for not being able to work on my project. This is not the toolchain I'd like to depend on anymore. Probably it's time to say good-bye, after > 20 years of being user and mentor of IDA Pro & Co. #hexrays #idapro #RE
#Nimfilt has been updated to work with the API changes in the newly released #IDAPro 9.0 (while keeping it backwards-compatible with IDA 8.X)
+ more strings should now be properly typed and named!
https://github.com/eset/nimfilt
For other plugin/script writers: the #IDAPython documentation and the porting guide are still contradicting each other in places... It seems like the porting guide is more up-to-date, but YMMV
The second article in our new series on #Windows #kernel #driver #vulnerability research and #exploitation is out!
Exploiting #AMD atdcm64a.sys arbitrary pointer dereference - Part 2:
https://security.humanativaspa.it/exploiting-amd-atdcm64a-sys-arbitrary-pointer-dereference-part-2/
This time, @ale98 covers how to craft PoCs for the arbitrary MSR read and arbitrary pointer dereference vulnerabilities described in his previous article, with step-by-step advice for debugging with #IDAPro.
Enjoy... and stay tuned for the third and last article next week.
So most folks purchase 4 decompilers...?
That and sales for IDA PRO EXPERT 4 (the most popular option) just started today...
#x64dbg allows you to break on user loaded DLLs. This is very helpful when working with #sideloadeddlls.
The same can be done via #idapro using a break point condition and specifying the DLL name.
get_event_id()== LIB_LOADED && strstr(get_event_module_name(), "<name>.dll")
!= -1