bangaladore 8 hours ago

Reminds me of movfuscator [1]. This can compile programs to movs and only movs.

[1] https://github.com/Battelle/movfuscator

2
LPisGood 6 hours ago

Battelle is great. They also created some software called Cantor Dust [1] that turns files into images to allow humans to easily spot obfuscated data or files.

The sad thing about this kind of work, because I love it, is that to get paid to do it you need clearances and polygraphs and periodic reinvestigations/continuous monitoring and all sorts of things that I find unpleasant.

[1] https://github.com/Battelle/cantordust

1 reply
mmastrac 5 hours ago

I'm not sure what you mean but I was a security researcher for a large company for a bit and required none of that. I was required to work airgapped at home, however.

1 reply
LPisGood 5 hours ago

Really? You were doing offensive security work not for a government (/contractor)? What sorts companies, aside from some enterprise pen testers, employ these roles?

2 replies
saagarjha 2 hours ago

The tools you’re talking about are not exclusive to offensive security. They’re plenty useful for malware analysis and other reverse engineering tasks.

mmastrac 5 hours ago

Email is in my profile -- happy to clarify/share some very rough details if you'd like.

beng-nl 5 hours ago

Agreed that is a fine piece of work. But the author is Chris Domas. Which is plain from the repo readme, but it’d be clearer to link to his repo.

1 reply
bangaladore 3 hours ago

I was originally going to link their repo [1]. But I saw it was forked from the one I linked so I just gave that one instead.

[1] https://github.com/xoreaxeaxeax/movfuscator

1 reply
saagarjha 2 hours ago

Chris used to (maybe still does?) work at Batelle.