Willi Ballenthin

@mastodon @github @twitter
Software reverse engineer writing about disassembly, debugging, emulation; programming in Python and Rust; and listening to post-rock and -metal. Uses this stuff. Follows these sources.

blog

projects

capa
malware capabilities
FLOSS
obfuscated strings
python-idb
IDA Pro analysis
python-registry
Registry parser
INDXParse
NTFS artifacts
EVTXtract
EVTX recovery