Substack is a popular blogging platform. It allows writers to easily create their own personal blog, with payments, comments, analytics and other advanced features. Substack empowers writers to customize their blogs by adding a custom domain.| Blog by Joren Vrancken
During reverse engineering, an analyst is trying to answer specific questions about the binary they are analyzing. For example, “how does this malware sample encrypt files?” or “what is the root cause of the authentication bug in this router firmware?”. Often only a small subset of the functions in the binary are relevant to answer these questions and finding the relevant functions is a big part of the reverse engineering process. Many functions in a binary are uninteresting to analyz...| Blog by Joren Vrancken
When a malware analyst gets a new malware sample to analyze, one of the first questions they might have, is what functions are called during the execution of the sample. To solve this problem, we can use any old debugger to walk through the sample manually, but we can also automate and record our analysis with a dynamic analysis framework like PANDA.| Blog by Joren Vrancken
Last year, we published a blog post discussing an attack where a malicious actor hijacks Arch User Repository (AUR) vulnerable packages by registering expired domains.| Blog by Joren Vrancken
Recently, we encountered an obscure security measure while researching GitHub repositories: the popular repository namespace retirement. This security measure was implemented by GitHub to protect (popular) repositories against repo jacking (i.e. hijacking attacks).| Blog by Joren Vrancken
The Arch User Repository (AUR) is a software repository for Arch Linux. It differs from the official Arch Linux repositories in that its packages are provided by its users and not officially supported by Arch Linux.| Blog by Joren Vrancken
GitHub Pages is a static content hosting service by GitHub. As it is free and integrates with GitHub repositories, it is a popular for hosting blogs, documentation and the like. By default, GitHub Pages content is hosted on username.github.io, but users can also configure their own domains to host content (e.g. this blog is hosted via GitHub Pages).| Blog by Joren Vrancken
Recently, I participated in the GitHub Bug Bounty program (run through HackerOne). This is a write-up of a command injection bug I discovered in GitHub Pages build process.| Blog by Joren Vrancken
In de afgelopen twee maanden (15 mei 2022 tot 10 juli 2022) is er iets interessants aan de hand in de wereld van online politieke advertenties. 70% van alle impressies (het aantal keren dat advertenties getoond zijn aan gebruikers) van politieke partijen op Facebook en Instagram is namelijk van Forum voor Democratie. In een grafiekje ziet dit er zo uit:| Blog by Joren Vrancken
Recently, I created a simple tool, Carve Exe, to carve executables from other files (e.g. memory dumps or network traffic). Carving executables from binary blobs is a common task in digital forensics and reverse engineering. For example, when analyzing how a malware sample unpacks and deobfuscates itself.| Blog by Joren Vrancken