It's true: I have been on a bit of a break.
I think it's about time to end it.
Stay tuned for some overdue reverse engineering fun...
#sulsulsoon
35 - 3
Hello! You may have noticed our New Years Question Box vid has not appeared, and yet we are now >10% through that new year, already tarnishing as we speak.
That's because our household is celebrating an extended New Years tradition we've held for the past, say, 6 years: It starts with a toddler getting sick as soon as the ball drops, and ends about 1.5 months into the year when that sickness spreads to each one of us in the house in turn over the course of several weeks!
This, along with the usual busyness of life, has gotten in the way of recording the video, but I hope to find some time when we're all healthy again and a bit more settled to sit down to parse through your questions, and muse about the upcoming year.
A silver lining of this delay is that if you haven't yet had time to submit your question, your procrastination has been rewarded! Head over to this post to drop a question:
youtube.com/post/UgkxBliC7pX4yD7gAMUsh_Q73MDX49gFF…
I hope you all have had a better start to the new year and appreciate you as ever <3
21 - 0
Q: WHAT’S IN THE BOX?!
A: More questions!
A final reminder to make sure you get your AMA questions in at the linked post below for our 2025 New Years vid, where I’ll also talk through some thoughts on 2024 and the upcoming year.
And I hope everyone has a safe and happy New Years Celebration!
youtube.com/post/UgkxBliC7pX4yD7gAMUsh_Q73MDX49gFF…
7 - 0
What questions do you have?
2025 is almost here, and I'll be doing another video this year to share my thoughts about the channel in the upcoming year, BUT, instead of a survey like last year, I'd like to try out an idea that was actually submitted by some viewers in our 2024 survey: A question box!
Think of it like an AMA(NUNDA) - Ask Me Anything (Not Under NDA) - where you can submit questions about the channel, any previous content or upcoming content, career questions about cybersecurity, general questions about reversing or programming - ANYTHING!
I will be answering as many of these as I can in the beginning-of-the-year video, so please submit your (anonymous, unless you specify otherwise) questions here:
docs.google.com/forms/d/e/1FAIpQLSfzbHQL4woPpIiuCK…
In the meantime, thank you so much for another wonderful year: The community here is a treasured gift, and I appreciate all of your patience & support this year. Here's to the new year and new learnings!
17 - 3
Since my post about 2 weeks ago about going back to the drawing board on some new content after some devastating nights of trying to get the last video concept to work out, I'm happy to say that after several much-less-devastating nights of trying a few different ideas out, I've finally found one that has given me that "spark" of motivation and fun that dwindled when trying to put together that last concept that fell apart.
I'd say planning is now underway...but the best part of this new series idea is that "planning" no longer plays a large role...Instead, the one thing I need to do is carve out some time on my schedule and just start filming.
I really hope it works out as well as I imagine it to, as I would love for this to become a regular format on the channel.
I don't want to give the whole show away for now, but the picture below and the presence of a new directory in my "Tutorials" repo on GitHub may lead you to some hints...
See you all soon 🌑
31 - 7
Another great write-up has been added to the Wall of Fame for our Sandbox-in-a-Box master0Fnone course by viewer Koen Molenaar (aka K0enM):
www.koenmolenaar.nl/write-ups/jeff0falltrades-sand…
What I love about Koen's write-up is that he applies what he learned from the course to update his existing sandbox setup, while putting his own tweaks on it, which - to me - really demonstrates that he's invested a lot of time in building up his skillset. He also did a phenomenal job finding all the flags in the CRACKME challenge using the tooling from the course, and his own skills and intuition!
Phenomenal work, Koen, and please continue to do great things and share them with the community!
If you would love to build your own malware analysis lab for free, or you just want to put your RE and malware analysis skills to the test, this course and CRACKME can be found here:
github.com/jeFF0Falltrades/Tutorials/blob/master/m…
38 - 3
Hey everyone! I wanted to give another "look behind the curtain" update as while it's been quiet here, A LOT has been happening in the background, and I feel like it's time to share some of that to let you all know where I'm at:
First and foremost, if you're on my "professional" socials, you may have seen the update I posted this morning, which I won't repost here, except to say that I recently started a new job after almost a decade working the only two jobs I've ever known, so some exciting transitions have been taking place over the last several weeks!
Secondly, while the above transition was taking up a lot of time, I *was* actually busy working on new content for this channel simultaneously, dedicating several hours to a new video concept that I was super excited about - I am happy that I followed my own advice and did not let on much throughout the process as to not overpromise, because, unfortunately, the vision I had for this new video just hasn't come together the way I wanted it to, and - as some of you may remember me saying before - I don't like going through with a video once it loses its fun for me, as I feel like it's a disservice to all of you and myself to put out something I'm not putting 100% into. It's one thing to have to work through some technical challenges in the process of putting together a video, but in this case, the challenges I was facing were not the fun technical ones to be solved as in my previous series - they were more about how the vision was just not coming together, combined with some bad timing and bad luck that I may go into in a separate video or post sometime.
All that to say: I'm back to the drawing board for a new video concept (though I have lots of ideas and suggestions from you), and am sorry for the delay it will cause, but am very confident that this was the right choice, and the next video will be far better for it.
Lastly, after trying Mastodon, Bluesky, and a few other smaller platforms, I have finally settled on Bluesky as my social platform outside of YouTube, and if any of you are on there and care to follow me there for general cybersecurity topics and memes, you can find me here: bsky.app/profile/jeff0falltrades.bsky.social
Love all of you, appreciate your patience, and I look forward to putting up something fun soon!
38 - 4
TOOL 👏 UPDATE 👏
The RAT King Parser has been updated to v3.0.0:
github.com/jeFF0Falltrades/rat_king_parser
And if you're thinking "Is he gaslighting us, because I sure don't remember releases 0-2.x...", the answer is: "Yeah, sort of!"
Up to now, I've been maintaining RKP as a more informal WIP, but this being the third and most extensive refactor/update of the project yet, I have finally decided to start versioning it, and have thus dubbed this first formal release as v3.0.0.
So what's new?
- RKP is now available as a Python package and standalone command-line tool which can be installed with pip and/or imported into other projects
- A complete refactor of the code to make the tool easier to maintain and improve, as well as remediating some bugs in previous versions
- Additional support has been added for DLL variants of QuasarRAT that were previously not able to be parsed
- The primary configuration parser and several decryptors were rewritten to be more resilient to changes between different payloads of the same family
- Lots of other "under-the-hood" optimizations that I hope will make the tool more performant at scale
As always, I'm sure there are still more improvements to be made: Please continue to submit Issues on GitHub, or get ahold of me on my socials.
Next on the roadmap, I'm starting the work to get RKP integrated with some popular sandbox platforms, but more on that when it's all said and done.
In the meantime, I'm hoping to put out a new reverse engineering video based on a fun suggestion I've received from you all multiple times now, but I don't want to overpromise too much before some "feasibility testing" is done...I hope it's as fun as I'm imagining it will be, though.
Happy hunting!
19 - 0
If anyone is at SANS Network Security in Vegas next week, I may just see you there 👀 In the meantime, thank you as always for the kind comments/DMs that have been coming in, and congrats to all of the new Wall of Famers!
16 - 2
Security, Malware, Software, and Memes - These are a few of my favorite things.
26 December 2020