My talk "SELECT * FROM binary - Vibe Reversing Across IDA, Ghidra, and Binary Ninja" got accepted at @reconmtl . I am happy to talk about this toolset (idasql, bnsql and ghidrasql) and how it is designed to allow AI agents to work across all these top 3 reverse engineering tools. Point Claude, Codex, or your favorite agent to any single one or all of them at once, and allow your agent can now use the tools all at once to analyze one or more binary at once. These work nicely with loops like "/goal" to allow e2e analysis over many hours. Use cases: - Full source code recovery (with types and code structure) - Full database annotations (also with type recovery, comments, etc.) - Binary diffing - Or just any kind of Q&A against your binary or binaries cfp.recon.cx/recon-2026/talk…

This is the type of malware game hackers build to bypass kernel anti-cheat. The same techniques can be used by malware authors to evade EDRs. A UEFI bootkit that injects into Microsoft's own Hyper-V at ring -1 before the OS even loads (easier than building a custom hypervisor from scratch). Four phase bootloader. Hypervisor VM-exit interception. EPT page shadowing. MSR virtualization. EFI memory map ghosting. TPM measurement spoofing. Reads like malware. Because it is. Videos and full technical breakdown in the link. Author: gsmll.github.io/hypervenom/w… #ReverseEngineering #Malware #AntiCheat

Static Devirtualization of Themida/CodeVirtualizer. The techniques in this article apply to pretty much every virtual machine obfuscator with minor modifications. back.engineering/blog/09/05/… Original Program & Devirtualized Output github.com/backengineering/t…

With the help of Claude Mythos Preview, the Firefox team fixed more security bugs in April than in the past 15 months combined.

I am very happy that @reconmtl accepted my talk about real world EDR killer. Looking forward to see you guys in Montréal 😁 cfp.recon.cx/recon-2026/talk…

We have started announcing Recon 2026 Presentations recon.cx/2026/en/speakers.ht… More talks to be announced soon once we have confirmations @frodosobon @realytcracker @allthingsida @hexnomad @0x464D @hunterbr72 @joegrand @clearbluejar @InvokeReversing @LennertWo @pinkflawd @Coiffeur0x90 @MathildeVenault @NicoleFishi19 @nicolodev @phLaul @SinSinology @i0n1c @mr_phrazer @tmanning @hex86_64 #REcon2026 #ReverseEngineering #InfoSec #cybersecurity

New Post: Debugging - WinDBG(X) Automation & Scripting - Part 1 corelan.be/index.php/2026/04…

1/♟️Just published new research on LucidRook, a Lua-based malware framework observed in spearphishing campaigns targeting Taiwan. LucidRook uses Rust libraries and an embedded Lua interpreter to execute payloads downloaded from FTP servers. blog.talosintelligence.com/n… @TalosSecurity

I added a simple hex viewer for IDA in the PseudoNote plugin. It supports highlighting byte ranges, copying selected bytes as hex, Shift Click to extend selection, cursor sync with the current instruction, and jumping to addresses. github.com/fareedfauzi/Pseud…

🔥 Ready to chat about IDA productivity tools?! @allthingsida joins the stream Thursday April 9th to do just that: - QScripts - idacpp - eject_idb - idasql - windbg_agent Join us on YouTube -> youtube.com/live/rYnxLsNqE2g…

Updated my #bindiff fork to support building against IDA Pro 9.3 / IDA SDK 9.x, including Qt6-era plugin fixes @Google github.com/seifreed/bindiff

In the next version of idacpp, you can ".connect <host:port>" to a foreign process and directly issue remote c commands (or run full c files) in the context of the debugged program (Appcall on steroids).

Ok, now you can use C scripts in IDA (in the snippet window, the cli box and as script files). You need to build from source. github.com/allthingsida/idac…

Agentic reverse engineering can do a lot, but obfuscation still breaks many analysis workflows in malware and commercial software. If you want to learn how to build and steer automation for analyzing protected code, check out my training at @reconmtl: recon.cx/2026/en/trainingSof…

New blog post: Building a Pipeline for Agentic Malware Analysis Agentic RE malware analysis with custom skills, MCP tooling, and persistent case state to automate intial triage Link: synthesis.to/2026/03/18/agen… Github: github.com/mrphrazer/agentic…

Happy to bring my Software Deobfuscation Techniques training back to @reconmtl - June 15–18, 2026 in Montreal! Learn systematic approaches to defeating modern obfuscation found in DRM/anti-tamper & APT malware. recon.cx/2026/en/trainingSof…

Recently my RE workflow moved into sandboxed VMs where agents have full control over the environment. I needed an MCP server that runs headless in the same sandbox and exposes way more of the #BinaryNinja API than others. Here's the release: github.com/mrphrazer/binary-…