Willi Ballenthin
Willi Ballenthin
In a [recent discussion](https://twitter.com/DavidPany/status/1266779174901071872), it became clear to me that there's a desire for evtx tooling that supports an offline database of templates. Here's some some relevant background on the...
As discussed offline, `miasm.loader.pe` does not decode bytes into strings for import and export entries, such as `pe.executable.DirImport.impdesc[0].dlldescname.name`.
use logic from existing open source projects to parse the string table from programs compiled by the Go compiler. "do what i mean"
[milestone v2.0 here](https://github.com/fireeye/flare-floss/milestone/8) major goals: - [x] upgrade to python 3 (breaking change) #386 - [x] revamp CI and packaging - [x] add FLIRT matching to ignore library functions #285...
"This program cannot be run in DOS mode" "January February ..." at the very least, we can colorize this entries differently. ```[tasklist] ### Tasks - [ ] https://github.com/mandiant/flare-floss/issues/714 - [...
https://pypi.org/project/sphinxcontrib-napoleon/
sample: 64a38967b32c71575cd1da2b039a4a87 function: 0x100028c0 granted, there are lots of protocol parsing routines in this binary, so detection is difficult.
use the recognized function/bb boundaries as a filter for junk strings