(The version of Ghidra used in this article is 10.1.2. For the Go string recovery tool release, skip ahead to Ghostrings Release.) Introduction A well-known issue with reverse engineering Go programs is that the lack of null terminators in Go strings makes recovering string definitions from compiled binaries difficult. Within a compiled Go program, many … Continue reading earlyremoval, in the Conservatory, with the Wrench: Exploring Ghidra’s decompiler internals to make automatic P-Code analysis scripts
Author: James Chambers
Tool Release – Ghostrings
Introduction Ghostrings is a collection of Ghidra scripts for recovering string definitions in Go binaries with P-Code analysis. A well-known issue with reverse engineering Go programs is that the lack of null terminators in Go strings makes recovering string definitions from compiled binaries difficult. Within a compiled Go program, many of the constant string values … Continue reading Tool Release – Ghostrings
Readable Thrift
Readable Thrift makes binary Thrift protocol messages easy to work with by converting them to and from a human-friendly format. This makes the manual analysis of and tampering with binary format Thrift messages just as easy as working with plaintext protocols like HTTP.
Technical Advisory – play-pac4j Authentication rule bypass
Vendor: PAC4j Vendor URL: http://www.pac4j.org/ Versions affected: All versions through 3.0.0 (latest at time of writing) Author: James Chambers <james.chambers[at]nccgroup[dot]trust> Advisory URL / CVE Identifier: TBD Risk: High (an attacker can bypass path-based authentication rules) Summary Regular expressions used for path-based authentication by the play-pac4j library are evaluated against the full URI provided in a … Continue reading Technical Advisory – play-pac4j Authentication rule bypass