Willi Ballenthin

icon indicating a website link http://www.williballenthin.com/ icon indicating an email [email protected]

icon company @mandiant icon location /usr/bin/nethack

Results 231 issues of Willi Ballenthin

design features that describe HBIs and NBIs extracted by sandboxes

9 comment

many sandboxes provide a summary of the indicators extracted during runtime analysis, such as files written, registry keys opened, network connections created, etc. it might be nice to provide a...

enhancement
breaking-change
dynamic

add IDA plugins listed at vmallet

7 comment

### Details There's a nice list of actively maintained IDA plugins here: https://vmallet.github.io/ida-plugins/ We should use this list as inspiration for IDA plugins to add to FLARE-VM.

:gem: enhancement
:grey_question: discussion
:cyclone: FLARE-VM

automatically print environment details upon stack trace

We should consider installing a top level exception handler that logs basic environmental details, such as OS, python version, ghidra version, when displaying an exception and stack trace. This will...

enhancement
good first issue
help wanted

add type annotations

2 comment

enhancement
good first issue

profile runtime and optimize performance

9 comment

GoReSym is pretty slow and this makes it difficult to deploy at a large scale. Despite being written in Go and compiled to native code, it may take seconds or...

TEARDROP_2: remove term that FP'd on legit JPEG code

2 comment

background: https://twitter.com/a_tweeter_user/status/1339927755299958784

shellcode hashes: fix syntax error, add new hash variant.

- fix syntax error with missing `]`. - add new variant of ror13AddHash32 that includes the trailing null, as seen in sample in the wild

add py3 support

1 comment

merge vivtestfiles into this repo with git-lfs

ref: https://github.com/vivisect/vivtestfiles

ensure pep8 conformance