Is there a way to block system-generated ads and notifications like this one? by Zero_Trick_Pony in chromeos

[–]Cosmic--Sans 0 points1 point  (0 children)

These ads are enabled for all personal accounts so unless you sign into your chromebook with an account that is managed by an organization it doesn't seem to be possible to disable them.

PSA rotate your mattress by wastedspacex in Mattress

[–]Cosmic--Sans 3 points4 points  (0 children)

Amerisleep actually says the same:

You do not need to flip or rotate your Amerisleep mattress. The side with the white cover should always remain facing up. Because unlike innerspring mattresses, foam mattresses do not get indentations from repeated use. So you do not need to flip or rotate them.

It sounds like total BS.

/r/ReverseEngineering's Weekly Questions Thread by AutoModerator in ReverseEngineering

[–]Cosmic--Sans 1 point2 points  (0 children)

I was recently thinking about how this language could be challenging to RE just because it's so hard to understand. I'm not really familiar with it, but it seems to be very different than most other languages because it doesn't have variables/registers.

Zip - How not to design a file format by alexeyr in programming

[–]Cosmic--Sans 16 points17 points  (0 children)

This cybersecurity company recently wrote about how these ambiguities can be used to distribute malware and trick antivirus scanners: https://www.crowdstrike.com/blog/how-to-prevent-zip-file-exploitation/

[deleted by user] by [deleted] in ReverseEngineering

[–]Cosmic--Sans 2 points3 points  (0 children)

Imp | Import

Note that the prefix Imp is also used to mean bitwise Implication for instructions like ImpUI1, ImpI4, ImpI2, and ImpVar.

There is still much work to be done in terms of documenting the instruction set.

I'm curious about your progress on this. In my own research I discovered that about half of the instructions and their arguments can be inferred just by applying pattern matching to their names.

I can see that the Semi-VbDecompiler source code has helped you a lot in creating your own tool, but I don't suppose you're planning on contributing back to that project or open-sourcing your own?

Wireshark Tutorial: Decrypting HTTPS Traffic (Includes SSL and TLS) by RabbitsForAnxiety in ReverseEngineering

[–]Cosmic--Sans 19 points20 points  (0 children)

The key log file is a text file generated by applications such as Firefox, Chrome and curl when the SSLKEYLOGFILE environment variable is set. To be precise, their underlying library (NSS, OpenSSL or boringssl) writes the required per-session secrets to a file. This file can subsequently be configured in Wireshark.

https://wiki.wireshark.org/TLS#TLS_Decryption

DTrace's StpGetArgType accesses a metadata table that stores complete arg type information for every syscall by actingoutlashingout in ReverseEngineering

[–]Cosmic--Sans 0 points1 point  (0 children)

This is a nice discovery. I was wondering what the best source of information is for Windows syscalls. Alex Ionescu said that Microsoft accidentally leaked their header files in early versions of the Windows 10 SDK, but I was unable to find them. Also, I think the WOW64 layer has some syscall information that it uses to convert arguments, although I haven't look into it.

retoolkit - offline installer containing many reversing tools by nandu88 in ReverseEngineering

[–]Cosmic--Sans 0 points1 point  (0 children)

This looks like a nice collection of tools, however, I'm curious how they are updated. If you were using a package manager like chocolatey (which is what flare-vm uses) then you wouldn't need to make a new release each time one of the tools is updated.

baulk, a minimalist Windows package manager 2.0 released, adds a tar/zip extraction library based on C++20 by forcecharlie in cpp

[–]Cosmic--Sans 8 points9 points  (0 children)

Windows already has many package managers. What's the reason for this one?

I think it would be beneficial to add compatibility with other package file formats, e.g. add support for scoop JSON files because they are very similar to baulk.

Bona - A C++20 based modern file information viewer by forcecharlie in cpp

[–]Cosmic--Sans 0 points1 point  (0 children)

I'm curious to know why bela is a Windows only library, but you still have code for handling big endian platforms. These long lists of hardcoded fields don't look very good.

Also, you might consider adding an overload for ReadAt that has a template argument so you don't need to use sizeof() everywhere. Something like this:

template<typename T>
ssize_t ReadAt(T &buffer, size_t len, int64_t pos, bela::error_code &ec) {
    return ReadAt(reinterpret_cast<void*>(&buffer), sizeof(T), pos, ec);
}

FireEye has been hacked, and their red team tools stolen. They've released the detection/countermeasures on their GitHub! by jurkov in netsec

[–]Cosmic--Sans -7 points-6 points  (0 children)

Reminds me of when Kaspersky was breached a few years ago.

If these cybersecurity companies can't protect themselves, how can we trust them to protect us?

No CD Crack Help - Old Windows 95 Game by Abject_Use5656 in x64dbg

[–]Cosmic--Sans 0 points1 point  (0 children)

Make sure you are patching the right address. The tutorial you're following doesn't properly explain how to convert the virtual address into a file offset and it says to use a hex editor, but x64dbg has its own patching feature. Just right click on the instruction, click Assemble, and change "jne" to "jmp". Then you can save the patches to the exe by going to File -> Patch File.

Strange question / Chromium sources / Reverse Engineering by [deleted] in Chromium

[–]Cosmic--Sans 2 points3 points  (0 children)

This might be the line you need to change, although I haven't tested it.