A beginner-friendly tutorial on analyzing .NET malware teaches you how to use common tools, recognize techniques and understand infection chains. The post A Mega Malware Analysis Tutorial Featuring Donut-Generated Shellcode appeared first on Unit 42.| Unit 42
Creating a custom linter can be a great way to enforce coding standards and detect code smells. In this tutorial, we'll use Sylver's, a source code query engine to build a custom Golang linter in just a few lines of code. Sylver's main interface is a...| Geoffrey Copin's blog
In Part1 and Part2 of the series, we learned how to build a language spec and how to use Sylver's query language to explore the parse tree of our JSON documents. While it can be insightful to explore a codebase interactively through source-code quer...| Geoffrey Copin's blog
Sylver is a language agnostic platform for building custom source code analyzers (think eslint for every language). This might be a lot to unpack, so let us explore this tool by solving a real-world problem: our application's configuration is stored ...| Geoffrey Copin's Blog
It turns out that FindBugs, the Java bug hunting tool used by legions of Java developers, after being proclaimed dead, has issued a Monty Python-like "I'm not dead yet" rejoinder on Hacker News. What is going on here?| Gary Gregory
In Part 1, we used Sylver's meta language to build a specification for the JSON format. But an AST, by itself, is not of much use. In this next tutorial, we'll continue building our JSON configuration validator. To this end, we'll learn how to use Sy...| Geoffrey Copin's Blog
Real Intent has developed a tool for identifying potential security issues in chip designs at the sign-off stage.| Tech Design Forum
In the previous post I advocated for building systems that combine static and dynamic analysis for performance optimisation. By doing so, we can build tools that are much more useful than those focused on either analysis approach alone. In fact, for many static analyses it’s likely that the difference between being useful at all and […]| Sean Heelan's Blog
On a recent engagement our task was to assess the security of a service built on IBM Integration Bus, an integration platform for Java Messaging Services. These scary looking enterprise buzzwords usually hide systems of different complexities connected with Message Queues. Since getting arbitrary test data in and out of these systems is usually non-trivial (more on this in the last paragraph), we opted for a white-box analysis, that allowed us to discover interesting cases of Java deserializa...| Silent Signal Techblog
Golang is full of tools to help us on developing securer, reliable, and useful apps. And there is a category that I would like to talk about: Static Analysis through Linters.| SourceLevel