Using NSA's Ghidra to automatically build out yara signatures for a binary's odd behaviors; I love it. Currently running it against a backdoored qbittorrent. Ghidra's server is able to automatically identify the subtle, hidden callbacks and exfiltration assembly. Then construct an efficient yara rule on the fly. Impressive. You should give it a try once you figure out how to trust running their software on your system. Not clear what is reverse engineering?

Based in San Francisco Bay Area, Securesql is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.

Based in San Francisco Bay Area, SecureSQL is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.

Based in San Francisco Bay Area, Securesql is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.

Mar 5 NSA Ghidra and Yara

Nov 20 Intel Sharing Metrics

Jan 2 When your SIEM models are not enough

Based in San Francisco Bay Area, SecureSQL is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.