Hacker News new | past | comments | ask | show | jobs | submit | sh0000n's comments login

TL;DR: I patched my Slack client to keep messages that others delete.

Let's say someone sent me a message, immediately regretted it and tried to delete it. They will think the message got deleted on both ends ("delete for everyone"), but using this patch my client will keep the message anyway and notify me that someone tried to delete it

The backstory is kind of funny - not so long ago my friend had a rant about his former boss. He told me a story of how his former boss accidently sent him a nasty message and then immediately deleted it. My friend wanted to confront him but had no proof because the message was gone too quickly..


TL;DR: This is a story of how I felt nostalgic for the old Uh-Oh! ICQ sound and ended up with a quick research on how Slack stores and uses media files. Eventually I ended up developing a simple tool to customize Slack sound notifications. Please note that currently my script edits the Hummus notification sound but this can be easily changed if needed.


Interesting. I found that I was able to just replace the sound files without any reverse engineering. Then again, I use the web app.


Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it like a reverse YARA because it does exactly the opposite.

Arya is a first-of-its-kind tool; it produces pseudo-malicious files meant to trigger YARA rules. The tool reads the given YARA (.yar suffix) files, parses their syntax using Avast's yaramod package—the YARA parsing engine used in this research—and builds a pseudo “malware” file. Carefully placing desired bytes from the YARA rules to trigger the input rules.

The goal of the tool is to generate a tailor-made pseudo-malicious file that detection sensors such as AV or EDR will identify the result file as the malware file an input YARA rule is meant to detect. To achieve this goal not only are we are adding the necessary signatures, strings, and bytes from the input YARA rules, but also adding some “touches” such as real PE headers, increasing the outfile entropy, adding x86 bytecode, and function prologue/epilogue assembly code. All of this helps the AV/EDR triggering process, and bypasses some heuristics checks they might have.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: