Darius Houle
@darbonzo.bsky.social
The world's foremost expert on making tacos that don't leak their filling when you bite into them.
Also a cybersecurity guy I s'pose 🔧🗜️💻
https://x64.ooo/
https://www.linkedin.com/in/dariushoule/
https://github.com/dariushoule
Also a cybersecurity guy I s'pose 🔧🗜️💻
https://x64.ooo/
https://www.linkedin.com/in/dariushoule/
https://github.com/dariushoule
We've seen adversaries stomp VBA scripts... but how about *Javascript stomping?* 🥾
Read on for a dive into Node.js single executable applications (SEAs), and how their v8 caching features might catch malware analysts and blue teamers off guard!
x64.ooo/posts/2025-0...
Read on for a dive into Node.js single executable applications (SEAs), and how their v8 caching features might catch malware analysts and blue teamers off guard!
x64.ooo/posts/2025-0...
Old Thing New Again: Javascript Stomping in Node.js SEAs
Explore Node.js single executable application internals and a modern spin on a classic VBA Stomping technique.
x64.ooo
April 22, 2025 at 11:08 PM
We've seen adversaries stomp VBA scripts... but how about *Javascript stomping?* 🥾
Read on for a dive into Node.js single executable applications (SEAs), and how their v8 caching features might catch malware analysts and blue teamers off guard!
x64.ooo/posts/2025-0...
Read on for a dive into Node.js single executable applications (SEAs), and how their v8 caching features might catch malware analysts and blue teamers off guard!
x64.ooo/posts/2025-0...
I've been using GoReSym a lot recently for unstripping Golang malware samples, can't stress enough how awesome that tool is as a timesaver! One gotcha though, there's no way to easily import function symbols into x64dbg sessions 🪲
Wrote a quick script to bridge the gap: github.com/dariushoule/...
Wrote a quick script to bridge the gap: github.com/dariushoule/...
GitHub - dariushoule/GoReSym_x64dbg: Add GoReSym symbols to an x(64|32)dbg debug session, using x64dbg_automate.
Add GoReSym symbols to an x(64|32)dbg debug session, using x64dbg_automate. - dariushoule/GoReSym_x64dbg
github.com
April 18, 2025 at 10:07 PM
I've been using GoReSym a lot recently for unstripping Golang malware samples, can't stress enough how awesome that tool is as a timesaver! One gotcha though, there's no way to easily import function symbols into x64dbg sessions 🪲
Wrote a quick script to bridge the gap: github.com/dariushoule/...
Wrote a quick script to bridge the gap: github.com/dariushoule/...