Hacker News new | past | comments | ask | show | jobs | submit login

I have come across many pentesting labs using these tools to deal with obfuscated binaries. You can check Quakslab's blog, they have articles on this [0]. Another interesting project is of cracking Tigress VM using Symbolic execution [1]. The use has dramatically increased in past few years as many new tools are available and also hardware is more performant now. I am also using these tools in my day-to-day job to deal with obfuscated binaries and reverse engineering. I use Miasm [2].

PS: My company is hiring for such roles https://www.reddit.com/r/netsec/comments/b90hep/rnetsecs_q2_...

[0] https://blog.quarkslab.com/deobfuscation-recovering-an-ollvm... [1] https://blog.quarkslab.com/deobfuscation-recovering-an-ollvm... [2] https://github.com/cea-sec/miasm




Yeah, this is it. Security firms specializing in static/dynamic analysis are going to be using this stuff. Vulnerability hunting, things like that.


Doing exactly that, and hiring: https://news.ycombinator.com/item?id=19797601


Funny that none of your posts mention that it's (I think) Raytheon. Do you think you get less responses if you mention it's a major defense contractor?


Multiple reasons:

Big companies are frequently composed of components with distinct culture, benefits, legal entity, and so on. People get to know one part, then assume that all parts are that way. I'm in a component with compensation that is better than average for the big company. The association isn't beneficial.

Using the big company name means adhering to corporate branding requirements. People could somehow imagine me to be issuing official corporate communications, which is far from the truth.

I might get more responses, but would I want them? We're fighting to keep out the toxic people who want to focus on politics. We have important work to do.

There is an absurd Glassdoor review out there. If that is to be believed, we pay highly experienced cleared specialists about as much as they'd make cooking food at In-N-Out or Chick-Fil-A. Our office would be empty if that were the pay being offered.


lol, fighting to keep out "toxic people" who "want to focus on politics" means you hire people cool with making weapons of war. I for one am glad the person who asked you that did so, because I do not work for defense contractors, and I don't need to waste my time looking into a place that would filter out anyone with conscience.


That is a different sort of "toxic" and a different sort of "politics", but yeah we don't want that either. I was referring to the sort of people you'd find in Google or even HP, backstabbing and undermining to jockey for position in the corporate hierarchy.

People with a conscience can feel that it is wrong to devote their efforts to tracking people all across the internet to sell ads and other junk. (Facebook, Google, etc.) They can feel that it is important to support their country, and that it would be wrong to pass up a reasonable opportunity to do so. With a better conscience, you would feel guilty about how you benefit from the nation without contributing much, and of course you would stop supporting violent hate groups that pretend to be otherwise.




Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: