Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
French Profile picture
French
@notareverser
Malware reversing | Software development | Nonsensemonger https://t.co/TJt0Vb4e3I Cocktails at @NULLphoenix ⚜💻🍸.y.at
Jan 19, 2022 17 tweets 4 min read
Let's talk about shellcode for a bit, shall we?

It used to be that back in the day, it was difficult to write YARA signatures for shellcode

This was before the xor keyword or anything like that It was very common for malware authors to encode their shellcode payloads using trivial transforms

Single-byte XOR was extremely common, and relatively effective (still is, truth be told)

Writing signatures for XOR encoded payloads sucked quite a bit
Feb 6, 2021 4 tweets 1 min read
If you want to get into reversing

Download a copy of IDA Free

Open up a program you run frequently

And figure out how it works Find a crackme and try it

Find some shellcode and learn the techniques

Write your own software and analyze it

Compile software for multiple architectures and look for the differences