GIMP Heap Overflow Re-Discovery and Exploitation (CVE-2025–6035)Back in April, I shared a walkthrough on how to make a Ghidra script for spotting suspicious malloc calls. I then put that script to the…Jun 14, 2025A response icon1Jun 14, 2025A response icon1
Spotting CVE-2025–23016 with GhidraEarlier this year I shared a preview from my upcoming class in which we construct a Ghidra script to find potentially vulnerable heap…Jun 8, 2025Jun 8, 2025
Finding Heap Overflows with AFL++ Unicorn ModeIn my last post, I demonstrated a basic approach to fuzzing an RTOS firmware using AFL++’s Unicorn mode. The provided firmware for that…May 18, 2025May 18, 2025
A Basic Guide to Fuzzing with AFL++ Unicorn ModeGetting Started with Fuzzing FreeRTOS FirmwareMay 4, 2025May 4, 2025
Tracing malloc calls in PCodeIt’s that time of the year again, Black Hat USA is just a few months away and I’m honored to be back again for another year teaching about…Apr 13, 2025Apr 13, 2025
A Basic Guide to Discovering Attack Surface with Ghidra and GDBIn this article I will introduce how to generate GDB Python code to trace a program being analyzed in Ghidra.May 18, 2024A response icon1May 18, 2024A response icon1
A Basic Guide to AFL QEMUOver the years that I’ve been teaching Ghidra at Black Hat and other events, there is one question which inevitably comes up.Apr 28, 2024A response icon1Apr 28, 2024A response icon1
Unpacking Shellcode with Ghidra EmulatorIn this post, I use Ghidra’s emulator to unpack a Metasploit XOR encoded reverse shell to get decompiled output with resolved syscalls.Jun 4, 2023A response icon1Jun 4, 2023A response icon1
First Look: Ghidra 10.3 EmulatorGhidra 10.3 dropped this week with a dedicated Emulator tool! I’ve been eagerly anticipating such a feature and so I am very excited that…May 13, 2023May 13, 2023
Vulnerability Analysis with Ghidra ScriptingAs some of you may have seen, I posted a challenge to use Ghidra to identify a vulnerability in a WarGames themed game. There has been a…May 7, 2023A response icon1May 7, 2023A response icon1
