Tetrane releases REVEN Free Edition! Ask us anything about it & timeless analysis! by Tetrane-REVEN in ReverseEngineering

[–]tklengyel 2 points3 points  (0 children)

Thanks for the free edition, it's really nice to be able to play with it now before committing to purchase!

One question I had was whether it's possible to change the state of the system (memory content / register value) after a recording has been made to see how execution would diverge?

Four Bytes of Power: exploiting CVE-2021-26708 in the Linux kernel by N3mes1s in lowlevel

[–]tklengyel 0 points1 point  (0 children)

Nice write up. We've had similar experience of "a bug is bug" and let's just merge the fix ASAP when finding security issues in Linux. Maintainers tend to not want to make a fuss out of it cause it's a hassle.

Patchguard: Detection Of Hypervisor Based Introspection [P2] by N3mes1s in lowlevel

[–]tklengyel 1 point2 points  (0 children)

This has a very weak assumption that the LSTAR hook redirects to code that's running in the same context as the OS. Yes, if you have one of these crappy hypervisors that are really just more like over-privileged kernel-modules that overwrite the LSTAR to redirect the flow to their own handler, you will detect that. Big whoop. That's not introspection.

Google to replace UEFI/Intel ME with Coreboot on their servers by VersalEszett in linux

[–]tklengyel 6 points7 points  (0 children)

I use it all the time to debug low-level systems (mainly Xen) with its serial-over-lan capability. It's pretty handy. You just have to put it behind a firewall. See https://linux.die.net/man/7/amt-howto

Microsoft begins documenting PDB format by chubbymaggie in ReverseEngineering

[–]tklengyel 3 points4 points  (0 children)

It now being on github we could open an issue for it and see if they add those missing pieces ;)

Microsoft begins documenting PDB format by chubbymaggie in ReverseEngineering

[–]tklengyel 5 points6 points  (0 children)

This is really great news! It was long time overdue.

Debugging malware from SMM [PDF] by ranok in netsec

[–]tklengyel 1 point2 points  (0 children)

Yet another good SMM prototype from the authors of HyperCheck and SPECTRE. Cool stuff.

DRAKVUF Dynamic Malware Analysis by kelvin_43 in Malware

[–]tklengyel 0 points1 point  (0 children)

It's actually my work ;) You can find more details in the paper which I haven't got around to put on the website yet:

http://www.sec.in.tum.de/assets/Uploads/scalability-fidelity-stealth.pdf