Hello there, time for another newsletter, which is kept shorter than planned due to time. Seriously, I need to start doing more work on the newsletter beforehand and not wait until just before publication all the time. Oh well.
As i was working on putting together this newsletter, it struck me that it’s been a while since i actually did much Reverse Engineering specific study or activities which is not good as i can feel a lot of what i knew before i could need a refresh on, but between CTI, OSINT and General InfoSec, RE study have kinda ended up not getting as much attention as i would’ve liked.
I also at the moment trying to PROPERLY learn C++ which i already knew somewhat about trough studying RE, but it was obvious to me that lack of full understanding of C/C++ itself started to be a hindrance in much of what i wanted to do, so i decided it was time to learn it properly. Technically, learning C++ will help with RE as well, so I guess I indirectly do some RE study as well.
(Un)Surprisingly, a lot of the things I have interest in and want to do, such as Machine Learning, Signal Analysis, RF, EE, etc require various degrees of math with some even requiring calculus and such. So I decided it was time to learn that properly as well.
Unfortunately, there’s only so much time in the day do get around to things, and when i start having a actually paid employment, whatever my responsibilities is at that position will influence how much time i can spend on everything, with that said, i hope to be able to get back to proper RE soon before i forget everything i learned.
~Kazu
NEWS OF INTEREST:
FCC chair proposes new US broadband standard of 100Mbps down, 20Mbps up
The new chair of FCC wants to increase the broadband standard speed in the US to 100Mbps/20Mbps from the current rather low 25Mbps/3Mbps which is certainly not enough in current world which heavily relies on being able to use the internet a lot to do what they need and is certainly a good thing imo.
Normally I don't report on stuff like this very much, but I found it to be noteworthy enough to at least mention it.
Tags: FCC, Internet, BroadBand, technology, Network, Standard
Elon Musk has reason to worry about the judge set to rule on Twitter lawsuit
Kazu: As mentioned last week, elon is trying to pull out of the contract to buy twitter for 44 billion, unfortunately for him(and likely for everyone using twitter), the contract law is not having any of it and with the suit handled by the delaware court who is known to be a particular strict on cases like this, it's not looking good for elon for sure.
Tags: Twitter, Elon Musk. Lawsuit, Court, Law
Tor Browser major update: now bypasses internet censorship automatically
Kazu:The Tor browser has released update 11.5 which is a major update which now includes such things as abilities to easier bypass censorships by automatically trying to use configurations that will get past blocks as well as making HTTPS-Only mode the default option.
Tags: Tor, Browser, Security, Privacy, Update
LockBit 3.0: “Making The Ransomware Great Again”
https://cluster25.io/2022/07/06/lockbit-3-0-making-the-ransomware-great-again/
Kazu: The ransomware LockBit 3.0 seems to have gotten some improvements over their older 2.0 version which seems to use code from the now defunct DarkMatter ransomware, seems some of the old DarkMatter crew are now part of LockBit, so the fact the new version of lockbit have pieces of DarkMatter in it shouldn't really be that surprising.
Writeups and Projects
Tags: LockBit, Ransomware, RaaS, Security, DarkMatter, Analysis
A least 10% of the Top 1 Million Sites the “Majestic Million dataset” are Dead
https://ccampbell.io/posts/10-percent-of-top-million-sites-are-dead/
Kazu: seems "The Majestic Million Dataset" is not so majestic after all, a least not "Million" level majestic, as more than 10% of the sites in the dataset seems to be dead, and that is a conservative measure. which just goes to show that everything should be verified and cleaned up properly before it get used.
Tags: Dataset, Statistic, Research, Web, analysis
Decompiler Explorer:Compare tools on the forefront of static analysis, now in your web browser!
https://github.com/decompiler-explorer/decompiler-explorer
Kazu: you sometimes wished you could just have access to a web based compiler for some quick static analysis?, well, now you can!, this project let you upload a file under 2mb and then let you view it in different compilers side by side so you can see for yourself which work best.
Tags: Compiler, Reverse Engineering, GitHub, Project, Tool
BAP: The Binary Analysis Platform
https://github.com/BinaryAnalysisPlatform/bap
Kazu: To be honest, i have no idea what the advantage of this one is compared to others that exist that does the similar thing, it seems to try highlight it being very customizable or flexible, but except for that i am not really sure where to place this on my list, but i decided to include it in my newsletter anyway so people knew about it a least.
If someone knows more about the pros and cons of this compared to others that already exist, do let me know.
Tags:Disassembler, Reverse Engineering, Security, Tool, Analysis