Sooo, @_DarioNisi just rocked the @BlackHatEvents stage ❤️ This project required insane effort, time to hype it up! The gist: there is no single reference implementation for parsing PE files, and there is no comprehensive specs for the PE file format. This leads to problems. 1/n

https://twitter.com/_DarioNisi/status/1456669660137631746

@_DarioNisi Reimplementation is the de facto rule, and there is room for implementation differences. This leads to discrepancies among different classes of software, e.g., Windows OS loaders vs reverse engineering / malware analysis tools. These discrepancies can be used to mislead tools 😱

📢 THE TIME HAS COME📢

Today I make public ALL *recordings* and updated slides (+ FAQ) for my mobile security class, MOBISEC 2020!

Everything is available, for free, at: mobisec.reyammer.io/slides!

Few words about this release in a short thread 👇 I have given this class for the EURECOM (grad-level) students from Oct 2020 to Feb 2021, AFTER I left my prof job. This means that I've recorded everything during my free time, which due to the job/career change has not been much...

Time for the n-th academic twitter thread/rant on holy war arxiv vs. double blind. My take: I think the current double-blind "rule" is a joke. Read until the end before you @ me: 1/n

Context:

https://twitter.com/gannimo/status/1138024446109847552

Both arxiv and double blind have pros and cons. Now, some people strictly follow the double blind rule because they think it's the "right thing to do". Some people don't. But I know people in the first group that get upset by this practice (especially for competitive papers).