Jiří Vinopal's banner

Jiří Vinopal

@vinopaljiri • 10,416 subscribers

Threat Researcher at Check Point @_CPResearch_ All opinions expressed here are mine only. https://t.co/iWvwWF1AnN

Videos

Anya Rossi

sweetdream.ai

SweetDream.ai•Sponsored•Livecam

Watch Anya Live

Anya is streaming live right now! Join her private show and enjoy exclusive content.

Exclusive private shows

1.2k viewers online

Private Show

Join now for exclusive access

Free preview available • Premium content

Let's Zoom-In to the new start of the week... 🔍 Releasing #IDA Plugin #ZoomAllViews — Ctrl+Scroll font zoom for every IDA view. 💪 Because this should work out of the box. Now it does. 🤓 • Zoom in/out in Disassembly, Pseudocode, Hex View, Strings, Imports, Functions, Structures, and every chooser 😲 • Works across Normal & Debug view widgets — Stack, Registers, Locals, Watch • Row heights scale automatically with font size • Graph/Proximity/Xref views excluded — IDA's native zoom untouched ☝️ • Toggle on/off via menu or Ctrl-Shift-Z • Single file, zero dependencies 🫰 • Compatible IDA 8.x — 9.3+ (PyQt5 / PySide6) 🛠️ #IDAPro #ReverseEngineering #IDAPython #Malware #DFIR Hex-Rays SA

Let's Zoom-In to the new start of the week... 🔍 Releasing #IDA Plugin #ZoomAllViews — Ctrl+Scroll font zoom for every IDA view. 💪 Because this should work out of the box. Now it does. 🤓 • Zoom in/out in Disassembly, Pseudocode, Hex View, Strings, Imports, Functions, Structures, and every chooser 😲 • Works across Normal & Debug view widgets — Stack, Registers, Locals, Watch • Row heights scale automatically with font size • Graph/Proximity/Xref views excluded — IDA's native zoom untouched ☝️ • Toggle on/off via menu or Ctrl-Shift-Z • Single file, zero dependencies 🫰 • Compatible IDA 8.x — 9.3+ (PyQt5 / PySide6) 🛠️ #IDAPro #ReverseEngineering #IDAPython #Malware #DFIR Hex-Rays SA

14,261 views • 2 months ago

Inspired by Grzegorz Tworek, I created PoC: EXE-or-DLL-or-ShellCode that can be: Executed as a normal #exe Loaded as #dll + export function can be invoked Run via "rundll32.exe" Executed as #shellcode right from the DOS (MZ) header that works as polyglot stub

Inspired by Grzegorz Tworek, I created PoC: EXE-or-DLL-or-ShellCode that can be: Executed as a normal #exe Loaded as #dll + export function can be invoked Run via "rundll32.exe" Executed as #shellcode right from the DOS (MZ) header that works as polyglot stub

43,489 views • 1 year ago

#IDA TIP to load #Windows #Kernel types: [1/2] Windows Kernel types (e.g., EPROCESS, ETHREAD, etc.) are not a part of the built-in IDA TILs (because they are changing across different WIN versions). 1. These types are a part of the "ntoskrnl.exe" debug symbols -> "ntkrnlmp.pdb". 2. IDA supports loading "only types" from arbitrary "pdb" file. 3. One can also use the IDA->File->Load file->PDB file dialog to load specific version of "ntoskrnl.exe" and IDA will proceed with automatic download of appropriate "ntkrnlmp.pdb" applying "only types" (if optional checkbox is selected). 4. See example video...

#IDA TIP to load #Windows #Kernel types: [1/2] Windows Kernel types (e.g., EPROCESS, ETHREAD, etc.) are not a part of the built-in IDA TILs (because they are changing across different WIN versions). 1. These types are a part of the "ntoskrnl.exe" debug symbols -> "ntkrnlmp.pdb". 2. IDA supports loading "only types" from arbitrary "pdb" file. 3. One can also use the IDA->File->Load file->PDB file dialog to load specific version of "ntoskrnl.exe" and IDA will proceed with automatic download of appropriate "ntkrnlmp.pdb" applying "only types" (if optional checkbox is selected). 4. See example video...

21,737 views • 1 year ago

No more content to load