Malware analyst and reverse engineer, author of the Binary Analysis Course. DMs are always open. Opinions are my own and not the views of my employer.
Joined July 2018
- Tweets 657
- Following 315
- Followers 3,248
- Likes 360
155 Photos and videos
16 Jan 2025
My reverse engineering workflows survey is still ongoing! In less than 3 minutes, you can fill it in and help out: docs.google.com/forms/d/e/1F…
3
7
1,890
Since I officially finished my bachelor degree last month, I am now looking for work.
If you are offering a job in Cyber Threat Intelligence, please reach out!
More infos in the first comment below.
#infosec #CTI #JobSearch
16
85
291
61,448
7 Jan 2025
Ever ran a script in Ghidra that you wanted to cancel, only to find out that the script would not let you? The TaskMonitor handles the cancellation event, December's Ghidra tip dives into the details: maxkersten.nl/2024/12/31/ghi…
1
496
23 Dec 2024
Over the past few months, we @Trellix have kept our eyes open for election related threats with regards to the U.S. presidential elections. We have summarised our findings in a blog: trellix.com/blogs/research/s…
2
5
912
27 Nov 2024
Ghidra can do a lot, but some tasks are best outsourced to (micro)services! How? This month's tip helps you along: maxkersten.nl/2024/11/27/ghi…
1
9
639
31 Oct 2024
Do you want to iterate over all defined strings in a program in Ghidra? This month's tip got you covered: maxkersten.nl/2024/10/31/ghi…
4
363
16 Oct 2024
My survey into reverse engineering workflows is still ongoing, if you haven't already, please take 3 minutes of your time, I promise it wont take more!
docs.google.com/forms/d/e/1F…
1
4
527
1 Oct 2024
Ever wanted to handle all files within your Ghidra project, even the ones in subfolders? This month's Ghidra tip got you covered: maxkersten.nl/2024/09/28/ghi…
2
2
995
24 Sep 2024
Reverse engineering workflows can always be improved. I'm running a survey to see how! Please take 3 minutes to anonymously fill in what you think can be improved: forms.gle/3h2CsFhpMdKPssve9
1
4
5
1,135
19 Sep 2024
Pushed an update to the @Trellix GhidraScripts repository on GitHub which fixes a few bugs in the Golang function recovery script: github.com/advanced-threat-r…
8
61
2,834
20 Aug 2024
With my workshops and talk at the @DianaInitiative, @BlackHatEvents, and @defcon two weeks ago while representing @Trellix, I reflect back on my experiences at the conferences: maxkersten.nl/2024/08/18/my-…
1
2
15
993
9 Aug 2024
The @Trellix blog which dives into the nitty gritty of my @defcon talk can be found here: trellix.com/blogs/research/n…
🧵1/4
2
2
13
854
9 Aug 2024
The precompiled Golang files can be found here: github.com/advanced-threat-r…
🧵4/4
1
3
322
9 Aug 2024
The Ghidra scripts to create/use the databases can be found here: github.com/advanced-threat-r…
🧵5/4
5
277
5 Aug 2024
My DotNet Malware Analysis workshop at @DianaInitiative is today! I'd like to thank @Trellix for letting me do this!
1
6
371
11 Jul 2024
This August's Summer Camp I'll be representing @Trellix while giving a talk on @defcon's main stage and giving workshops at @DianaInitiative, @BlackHatEvents, and @defcon! Details in chronological order in this thread! All times are Las Vegas local times.
🧵1/5
2
4
5
768
11 Jul 2024
Friday the 9th of August, 1100-1120 @ Track 3, is my @defcon main stage talk about recovering function symbols with Ghidra's FunctionID and BSim, along with an extensive @Trellix blog with all the details: defcon.org/html/defcon-32/dc…
🧵4/5
1
2
307
11 Jul 2024
Also on Friday the 9th, from 1400 - 1800, I'll give a four hour @defcon workshop on how to best use Ghidra, with a focus on real life malware, FunctionID, and BSim: defcon.org/html/defcon-32/dc…
🧵5/5
2
275