HackerTrans
TopNewTrendsCommentsPastAskShowJobs

nicolodev

no profile record

Submissions

Challenges in Decompilation and Reverse Engineering of CUDA Kernels [video]

youtube.com
2 points·by nicolodev·قبل 3 أشهر·0 comments

Challenges in Decompilation and RE of CUDA-Based Kernels [video]

youtube.com
8 points·by nicolodev·قبل 4 أشهر·0 comments

Show HN: IPA, a GUI for exploring inner details of PDFs

github.com
270 points·by nicolodev·قبل سنتين·50 comments

Nyxstone: An LLVM-based (Dis)assembly Framework

github.com
2 points·by nicolodev·قبل سنتين·0 comments

Scaling Up Malware Analysis with Gemini 1.5 Flash

cloud.google.com
2 points·by nicolodev·قبل سنتين·0 comments

Nyxstone: An LLVM-based (Dis)assembly Framework

github.com
7 points·by nicolodev·قبل سنتين·0 comments

The Role of the Control Flow Graph in Static Analysis

nicolo.dev
2 points·by nicolodev·قبل سنتين·0 comments

Show HN: MicroSCOPE – identify ransomware statically with heuristics

github.com
7 points·by nicolodev·قبل سنتين·3 comments

Template for writing technical RFC docs

lambrospetrou.com
1 points·by nicolodev·قبل 3 سنوات·0 comments

The Role of the Control Flow Graph in Static Analysis

nicolo.dev
6 points·by nicolodev·قبل 3 سنوات·1 comments

The One Line That Ruined Hallmark Movies for Me

theartofdoingstuff.com
2 points·by nicolodev·قبل 3 سنوات·4 comments

Should AI Be Held Liable When Things Go Wrong?

zenaassaad.com
2 points·by nicolodev·قبل 3 سنوات·2 comments

AI safety regulation threatens our digital freedoms

togelius.blogspot.com
3 points·by nicolodev·قبل 3 سنوات·0 comments

The Role of the Control Flow Graph in Static Analysis

nicolo.dev
2 points·by nicolodev·قبل 3 سنوات·0 comments

Morgan Stanley warns on 'below seasonal' Apple Dec. guidance

applemust.com
2 points·by nicolodev·قبل 3 سنوات·0 comments

Recyclable, paper RFID tags look like a work of magic

yankodesign.com
1 points·by nicolodev·قبل 3 سنوات·0 comments

UK: London Book Fair Names Its 2024 'Authors of the Day'

publishingperspectives.com
1 points·by nicolodev·قبل 3 سنوات·0 comments

New Map APIs from Google

cloud.google.com
241 points·by nicolodev·قبل 3 سنوات·117 comments

Turn a static SVG into an interactive one, with Flourish

flowingdata.com
1 points·by nicolodev·قبل 3 سنوات·0 comments

Quantum Supremacy Explained

bigthink.com
1 points·by nicolodev·قبل 3 سنوات·0 comments

comments

nicolodev
·قبل 3 أشهر·discuss
It’s astonishing how nobody hasn’t mentioned abstract interpretation yet. Under classical static analysis, if you can “prove” that a variable does not have values in some unsound zones, you can e.g. “prove” soundness or apply further optimizations.

The interval abstract domain works under interval analysis with an algebra that’s the same of this calculator. It’s funny to implement something like that on source/binary level :)
nicolodev
·السنة الماضية·discuss
Hi! OP here, thanks for submitting it to hacker news, if anyone have any questions, feel free to write here!
nicolodev
·قبل سنتين·discuss
Another good replacement for capstone/keystone based on LLVM is nyxstone https://github.com/emproof-com/nyxstone
nicolodev
·قبل سنتين·discuss
yeah I agree, and while everyone is suggesting tools which are really good but I designed mine to get rid of the flags and CLI interface. Good for tech people that keeps remembering flags, I'm not :(
nicolodev
·قبل سنتين·discuss
> mutool clean -d in.pdf out. pdf

My tool can do exactly the same (viewing internal structure, exporting objects, and see the uncompressed raw content for stream) with a graphical interface and without all this kind of flags (which one of the reasons I started to design this project with egui), but thanks for posting yours too.
nicolodev
·قبل سنتين·discuss
Thanks! Immediate paradigm might be a little bit scary if you used to play with Qt, but looks easy to manage and it's really interactive
nicolodev
·قبل سنتين·discuss
argh, that's too bad, feel free to open an issue, what's happening in the console? It's panicking, isn't it? Feel free to contact me via email if you prefer
nicolodev
·قبل سنتين·discuss
Nice! My tool should be runnable in the browser thanks to wasm compatibility with Rust + egui :) Btw I've just tried it, and it's a little bit buggy in Safari with a 504kb PDF (lots of objects though). Apart from that, is there a way to export the raw stream? Is there any reason of do you print all the raw streams as a text?
nicolodev
·قبل سنتين·discuss
:D Well, I'm sure that half of reverse engineering community needs to thank you, and Zynamics for the important contribution for tools of static analysis. I just take the occasion to thank you for being an inspiration with such awesome tools like in BinNavi, BinDiff, and ultimately PDF dissector. When I was reading that it got discontinued, I just had that idea and started to reason about something focused on analysis, and applying some approaches we've already seen for the binary analysis tools.
nicolodev
·قبل سنتين·discuss
Thanks for the list, the idea behind my tool was to try to code something that might fit an analyst that would take a fast look at the PDF. I'm also trying to figure out some fast heuristics to mark/highlight some peculiar stuff on the file itself.

Now regarding the tools you mentioned, I haven't checked out all of them, but part of them are interesting (and more mature, speaking of testing and compatibility). However some (at least the ones I was trying) are very basic, and they don't allow the "Save object as.." or uncompress it. I like the feature of displaying the PDF for preview :)
nicolodev
·قبل سنتين·discuss
I'd suggest you to code something along popular libraries for PDF manipulation. I've used pdf-rs for the tool.
nicolodev
·قبل سنتين·discuss
Thanks, it seems a great product too :) Do you have any particular feature that you share that product for?
nicolodev
·قبل سنتين·discuss
I’m writing a little tool for analysing a pdf and its internals, if author is interested or anyone else, just let me know :)
nicolodev
·قبل سنتين·discuss
Neat, although some of them are actually helpful for specific articles. One thing that I actually seen as a pattern is over engineering the blog so much that features need maintenance.
nicolodev
·قبل سنتين·discuss
Hi! I just wanted to post this project into HN and collect some feedbacks. Don't feel bad to just say "lol your approach won't work" because static analysis has always limits (e.g. obfuscated software) and many more.

The main goal was to build (another) software that given a PE executable in input, parse it and outputs some indicators of the similarity of it across the ransomware I studied (the classic ones). Naturally most of the advanced ransomware employed nowadays is able to circumvent it, only with a little bit of modifications. TL;DR: "a more advanced" pattern matching.

The description is here as follows:

MicroSCOPE is a software program developed through the Go programming language that allows for the detection of a precise category of malicious software. The program is designed specifically for a class of malicious programs called ransomware whose operation consists of data encryption and ransom demand in order to gain access to the content again.

In particular, MicroSCOPE was developed to be able to support two of the mainly used formats: the PE (Portable Executable) format for Windows platforms and ELF (Executable and Linking Format) for Unix-based platforms. Through the application of certain heuristics, MicroSCOPE is able to assign a score that corresponds to the level of dangerousness of the file being analyzed. The higher the score, the more similar characteristics the software will exhibit to ransomware that has already been studied. The heuristics have been extrapolated from numerous case studies and will be improved over time.
nicolodev
·قبل 3 سنوات·discuss
Ghidra was somehow usable, I got several crashes with Hopper. One question for more expert people than me: does Hopper employ any telemetry inside its demo version? Some issues I discovered were fixed in two days and I did not report them.
nicolodev
·قبل 3 سنوات·discuss
Ops! Forgot to write about it (otherwise it would be so long). I did not mention the tools, but I was mainly referring to Hopper Decompiler/Disassembler (definitely no no for me). Altough it seemed the natural choice for reverse engineering macOS applications and daemons, it failed disastrousely on reverse engineering fairplayd. This is where obfuscation is really good at: feeling pain. Hopper tried to disassemblate the binary but still no luck (there was an error due to some bogus instructions referred by a dead branch). I'm seeing improvements for Hopper release by release, but there were some regressions that I noticed..

I tried to import it into Ghidra and it missed some informations during the pass of stack analysis. At the end it was a mess result to read, so I ended it up with IDA (free because I'm a student). Binary ninja also needs some license, I'm trying to afford it.
nicolodev
·قبل 3 سنوات·discuss
Thanks a lot!!! I can't believe I meet you on HN, great work so far
nicolodev
·قبل 3 سنوات·discuss
Sorry! My fault
nicolodev
·قبل 3 سنوات·discuss
Okay; this was originally sent by me yesterday. Not sure why it shows 1 hour ago.

I have this URL in my browser history of yesterday. Probably I'm hit by the second chance pool.