Security through explanation
This year, BlackHat USA was held on the 6th and 7th of August 2025, directly followed by DEFCON from the 8th through the 10th of August. On the morning of Saturday the 9th, I gave my DEFCON workshop. I represented Trellix during the conferences. Unlike other years, I did not talk at the BlackHat (Arsenal), … Read more
This year was Botconf’s 12th edition, located in Angers, where I gave a four hour workshop diving into Ghidra. Some of talks were rated as TLP:GREEN or higher, this decreases the details which I can include in the blog, as well as the information on the given talks. The listed talks are covered in chronological … Read more
This article is based on the public release of Ghidra 11.2. Documentation in code is great to have, although it is not as great a task to write it. When reverse engineering a binary with Ghidra, comments are your documentation. You might write down some notes for your future self, or for your colleagues or … Read more
On the 28th of February and the 1st of March, the folks behind Binary Ninja (Vector35) organised RE//VERSE in Orlando, Florida. While this was the conference’s first edition, this wasn’t noticeable at all, as the conference was exceptionally well organised. The communication from the speaker desk was swift and clear, even with the six hour … Read more
This article is based on the public release of Ghidra 11.2. While scripts are generally used to automatically (and/or automagically) perform repeatable and mundane actions, that is not to say that their runtime cannot take a while. If the wrong script is started by accident, or if the chosen approach is too time consuming, the … Read more
This article is based on the public release of Ghidra 11.2. While Ghidra is an extensive framework and allows the inclusion of arbitrary logic to perform a given task, some tasks are better performed elsewhere. There can be a variety of reasons to outsource the execution of the code somewhere else: a proprietary service offers … Read more
This article is based on the public release of Ghidra 11.2. Ghidra provides an overview of strings within the graphical user interface, but there is no directly accessible API call within the FlatAPI to access it. However, it is possible to obtain them programmatically. The code in this blog comes from a script I wrote … Read more
This article is based on the public release of Ghidra 11.2. Ghidra’s project based nature allows one to include multiple files into a project. These files can be split into different folders within the project. When running Ghidra headless, one can ingest files (recursively) from a given folder. The ingested files and related folder structure … Read more
The Diana Initiative 2024 took place in the Westin on the 5th of August, followed by BlackHat USA 2024 in the Mandalay Bay on the 7th and 8th and DEFCON 32 in the Las Vegas Convention Center on the 9th, 10th and 11th of August. This year, I gave workshops at The Diana Initiative, BlackHat … Read more
This article is based on the public release of Ghidra 11.0.1. Ghidra’s graphical user interface is intuitive to use, customisable, and allows one to easily analyse, compare, and contrast code. There is one thing its not made for: bulk actions. While bulk import of files is possible via drag-and-drop into an open Ghidra project, it … Read more