bangaladore 2 months ago

Reminds me of movfuscator [1]. This can compile programs to movs and only movs.

[1] https://github.com/Battelle/movfuscator

2
LPisGood 2 months ago

Battelle is great. They also created some software called Cantor Dust [1] that turns files into images to allow humans to easily spot obfuscated data or files.

The sad thing about this kind of work, because I love it, is that to get paid to do it you need clearances and polygraphs and periodic reinvestigations/continuous monitoring and all sorts of things that I find unpleasant.

[1] https://github.com/Battelle/cantordust

mmastrac 2 months ago

I'm not sure what you mean but I was a security researcher for a large company for a bit and required none of that. I was required to work airgapped at home, however.

LPisGood 2 months ago

Really? You were doing offensive security work not for a government (/contractor)? What sorts companies, aside from some enterprise pen testers, employ these roles?

saagarjha 2 months ago

The tools you’re talking about are not exclusive to offensive security. They’re plenty useful for malware analysis and other reverse engineering tasks.

mmastrac 2 months ago

Email is in my profile -- happy to clarify/share some very rough details if you'd like.

beng-nl 2 months ago

Agreed that is a fine piece of work. But the author is Chris Domas. Which is plain from the repo readme, but it’d be clearer to link to his repo.

bangaladore 2 months ago

I was originally going to link their repo [1]. But I saw it was forked from the one I linked so I just gave that one instead.

[1] https://github.com/xoreaxeaxeax/movfuscator

saagarjha 2 months ago

Chris used to (maybe still does?) work at Batelle.

thegeekpirate 2 months ago

He went MIA after joining Intel, so I'm assuming he's still there.