• Breaking News

    Wednesday, February 17, 2021

    JEB Community Edition Reverse Engineering

    JEB Community Edition Reverse Engineering


    JEB Community Edition

    Posted: 17 Feb 2021 02:17 AM PST

    How Malware Can Resolve APIs By Hash

    Posted: 17 Feb 2021 11:42 AM PST

    OSPREY: Recovery of Variable and Data Structure via Probabilistic Analysis for Stripped Binary [PDF]

    Posted: 17 Feb 2021 05:16 AM PST

    Dump o01 string files on flip phones

    Posted: 17 Feb 2021 08:21 AM PST

    New sister subreddit: /r/AskReverseEngineering

    Posted: 16 Feb 2021 02:52 PM PST

    The short version of this post is that anyone who wants to moderate /r/AskReverseEngineering should reply here or send me a message, and that we will begin promoting that subreddit in the weekly questions thread and on the sidebar.

    The topic of allowing direct questions through self-posts in the main /r/ReverseEngineering subreddit, rather than through the weekly questions thread, comes up repeatedly. I have explained my thinking on the subject repeatedly across many different threads, but given the disparate nature of these posts, perhaps people had not seen those explanations. Although I am loathe to write this post -- knowing that, at best, it is going to invite haggling over the remainder of it -- I decided to collect those thoughts here.

    Rationale

    Most large, technical subreddits have disabled self-posts, and have created a sister subreddit for questions, such as /r/programming vs. /r/askprogramming, /r/netsec vs. /r/asknetsec, /r/science vs. /r/askscience. This state of affairs is not because it has not occurred to the moderators of those subreddits that they have the ability to allow self-posts, nor that they simply did not bother to run the experiment and see the results. Disabling self-posts was a conscious decision on behalf of those subreddits, for reasons that I will explain.

    For the first four or five years of /r/ReverseEngineering's existence, self-posts were enabled. When the subreddit was small, barely anybody used that feature. Once we passed a certain threshold -- about 15k users -- people began posting them frequently, and they quickly became about 1/4 of the total content on the subreddit. (I shudder to think what the situation would be like now, at 7x the user base as back then.)

    Sadly, the overwhelming majority of these posts were of extremely low quality. Because it takes no effort and no research on behalf of the poster to create a self post, people often treated self posts as though they were search engine queries, posting questions like "where can i find exploit video tutorial" with no text in the body of the post. Of the other questions, many of them were simply incoherent (here's a recent example). Of the remainder, a large fraction had to do with configuration errors, or confusion over very fundamental aspects of low-level programming. Worse, even when such areas had been addressed previously, the posters did not use the subreddit search feature to find related discussions. Only a very tiny fraction of self posts had any chance of being interesting to anyone beyond the person asking the question.

    As a result, users began to complain -- rightly, in my opinion -- that the quality of the subreddit had taken a nosedive. On a personal note, I also hated moderating those posts. However, opinions on this matter are split between two camps: those who recognized that the questions were largely filler distracting them from the real content, and those who thought the benefits of allowing self posts outweighed the dilution of the technical content.

    As the creator and lead moderator of /r/ReverseEngineering, my time overseeing the "open questions" phase convinced me that the subreddit was better off without them. The weekly questions thread was a compromise, and in my estimation, a very good one. The questions threads are very active, and users have a good chance of having their questions answered.

    This situation also lead to the creation of the Reverse Engineering StackExchange as a further compromise. It was at the same time that I disabled self posts that I lobbied the community into mustering the necessary resources for StackExchange to create a dedicated site for reverse engineering. The success of that experiment is determined by the eyes of its community, but its creation was borne of my efforts to give people another venue for asking questions about reverse engineering.

    In doing my best to compromise -- my third attempt, now -- I would like to turn over control of /r/AskReverseEngineering to whoever wants to moderate it. Reply, or send me a message, if you do. We will keep the weekly questions thread here, but its body will be modified to include links to that subreddit, as will the sidebar.

    I'm not particularly interested in debating this decision, as I oversaw the results of allowing self-posts and have my mind made up. That said, feel free to vent your frustrations in this thread. To those inclined to argue that /r/ReverseEngineering does not have many posts to begin with, I think that's a good thing. Reverse engineering is a rather niche discipline, and not much is published about it in a given week. I'd rather have a smaller number of high-quality posts than a larger number of noisy posts that don't interest the majority of the user base.

    Moderating a large community is easy when there is broad agreement. Things get dicey when there's not. Whether or not you agree with, or believe, me, I'm taking the decision that I think is best for the community. If you'd like to do something positive about the situation, feel free to volunteer as a moderator for /r/AskReverseEngineering.

    submitted by /u/rolfr
    [link] [comments]

    Using eBPF to uncover in-memory loading

    Posted: 17 Feb 2021 02:22 AM PST

    Fuzzing combined with symbolic execution: a demonstration on SymCC and AFL

    Posted: 16 Feb 2021 02:39 PM PST

    No comments:

    Post a Comment