https://miscreants.github.io/blog.trailofbits.com/authors/josh-watson/Recent content in Josh Watson on The Trail of Bits BlogHugoen-usThu, 30 May 2019 07:00:28 -0400https://miscreants.github.io/blog.trailofbits.com/2019/05/30/announcing-automated-reverse-engineering-trainings/Thu, 30 May 2019 07:00:28 -0400https://miscreants.github.io/blog.trailofbits.com/2019/05/30/announcing-automated-reverse-engineering-trainings/Consider our modular trainings. They can be organized to suit your company’s needs. You choose the number of skills and days to spend honing them.https://miscreants.github.io/blog.trailofbits.com/2018/04/04/vulnerability-modeling-with-binary-ninja/Wed, 04 Apr 2018 06:50:35 -0400https://miscreants.github.io/blog.trailofbits.com/2018/04/04/vulnerability-modeling-with-binary-ninja/Plenty of static analyzers can perform vulnerability discovery on source code, but what if you only have the binary? How can we model a vulnerability and then check a binary to see if it is vulnerable? The short answer: use Binary Ninja’s MLIL and SSA form. Together, they make it easy to build and solve a system of equations with a theorem prover that takes binaries and turns them, alchemy-like, into vulnerabilities!https://miscreants.github.io/blog.trailofbits.com/2017/07/30/an-extra-bit-of-analysis-for-clemency/Sun, 30 Jul 2017 18:41:30 -0400https://miscreants.github.io/blog.trailofbits.com/2017/07/30/an-extra-bit-of-analysis-for-clemency/This year’s DEF CON CTF used a unique hardware architecture, cLEMENCy, and only released a specification and reference tooling for it 24 hours before the final event began. cLEMENCy was purposefully designed to break existing tools and make writing new ones harder. This presented a formidable challenge given the timeboxed competition occurs over a single […]https://miscreants.github.io/blog.trailofbits.com/2017/02/13/devirtualizing-c-with-binary-ninja/Mon, 13 Feb 2017 06:50:32 -0500https://miscreants.github.io/blog.trailofbits.com/2017/02/13/devirtualizing-c-with-binary-ninja/In my first blog post, I introduced the general structure of Binary Ninja’s Low Level IL (LLIL), as well as how to traverse and manipulate it with the Python API. Now, we’ll do something a little more interesting. Reverse engineering binaries compiled from object-oriented languages can be challenging, particularly when it comes to virtual functions. […]https://miscreants.github.io/blog.trailofbits.com/2017/01/31/breaking-down-binary-ninjas-low-level-il/Tue, 31 Jan 2017 06:50:09 -0500https://miscreants.github.io/blog.trailofbits.com/2017/01/31/breaking-down-binary-ninjas-low-level-il/Hi, I’m Josh. I recently joined the team at Trail of Bits, and I’ve been an evangelist and plugin writer for the Binary Ninja reversing platform for a while now. I’ve developed plugins that make reversing easier and extended Binary Ninja’s architecture support to assist in playing the microcorruption CTF. One of my favorite features of […]