Looking forward to joining @jstrosch to share some of my IDA productivity plugins, plus an AI workflow demo with idasql.

The fifth article (57 pages) of the Exploiting Reversing Series (ERS) is available on: exploitreversing.com/2025/03… I would like to thank Ilfak Guilfanov @ilfak and Hex-Rays SA @HexRaysSA for their constant and uninterrupted support, which have helped me write these articles over time. I hope you enjoy reading it and have an excellent day. #hypervisor #hyperv #architecture #cybersecurity #research #internals #idapro #informationsecurity #microsoft

The tenth article (35 pages) of the Malware Analysis Series (MAS) is available on: exploitreversing.com/2025/01… I would like to thank Ilfak Guilfanov @ilfak and @HexRaysSA for their constant and uninterrupted support, which have helped me write these articles. I promised to write a series of ten articles, and this is the last one. I hope that over the years I have provided professionals around the world with a little help in improving their malware analysis and reverse engineering skills. The series is now complete and this was my last contribution on malware analysis. Next week (JAN/22) the third article of the Exploiting Reversing Series (ER 03), which is my long-term series, will be released. I hope you like it. Have an excellent day. #linux #malware #reverseengineering #reversing #idapro #malwareanalysis #elf #crypto #ransomware

The nineth article (38 pages) of the Malware Analysis Series (MAS) is available on: exploitreversing.com/2025/01… I would like to thank Ilfak Guilfanov @ilfak and @HexRaysSA for their constant and uninterrupted support, which have helped me write these articles. Even though I haven't been on this subject for years, I promised that I would write a series of ten articles, and the last one will be released on next week (JAN/15). Have a great day. #windows #shellcode #malware #reverseengineering #reversing #idapro #malwareanalysis

The next 3 of you to register for one or more of our September #IDAPro Online Training Sessions will get 👇 🎁 10% discount (use the SOCIAL10 code) 🎁 1 x super cool F5 Cap 🎁 1 x T-shirt 🎁 2 x Badges & stickers. Hurry up! Seats are limited 🎫 eu1.hubs.ly/H0c0WSq0

Join me, John, Mike, Anne and Trent in this live webinar from @QUT as we reminiscent on the original ideas of decompilation, it's dissemination via copyright and open source, and it's follow on work & impact. Friday 12th July at 2-4 pm AEST. qut.zoom.us/j/85240616304?pw…

Fantastic panel session on decompilation at ⁦@reconmtl⁩ with ⁦@ilfak⁩ ⁦@sergeybratus⁩ ⁦@WeldPond⁩ and Rusty @vector35! Great mix of industry and academic experience, security researcher and developer experience, and different goals for decompilation 🙏

Mateusz Jurczyk on Windows Registry. Amazing 50 security bugs found there! #reconmtl

Session now scheduled for 5:35 pm start. cc:@ilfak, @WeldPond @sergeybratus @vector35

Early pioneers! Including @ilfak of @HexRaysSA

Takahiro on control flow unflattening #reconmtl

Dr Cristina Cifuentes speaking about decompilation, very interesting!

This July marks the 30th year anniversary of the publication of my PhD thesis on Reverse Compilation Techniques. In 1994, little did I know the impact this pioneering work would have on the security community that grew up in the 2000s. 🎉 Celebration events to be announced!

Try the ask_ida/c GPT [ chat.openai.com/g/g-VgbIr9TQ… ] for IDA SDK related questions in C/C .

Video walkthrough of Mandiant's #Flareon10 Yoda challenge: youtu.be/r_ZSqbkFSsc - Full CTF logic explained - Dealing with instruction shuffling and chunked functions - Dealing with obfuscated API calls - Reverse engineering and decompiling ROP chains into regular functions - Various scripting techniques Thanks @_marklech_ for this fun challenge.

Ghida performed really well in September, but we have a new leader! A big shout-out to tidy 👏 That’s how you make an entrance 🙌 Could you do better? Publish your #plugin on our #PluginRepository, and win a cool cap 🌐hex-rays.com/blog/the-plugin… #PluginRoundup #IDAPro #IDAPython

While everyone is focusing on the catastrophe of the MGM breach, it should be noted that it is business as usual for other ransomware groups. Note: Publicly listed victims on ransomware websites indicate the victim did not pay and/or negotiations are still on-going. - Cactus ransomware group was the most active this month (so far), with 30 new victims publicly displayed. Their victims are primarily agricultural and industrial organizations. - ALPHV ransomware group claims 19 new victims in September. Besides MGM, they have claimed law firms, architecture and design companies, real estate companies, physicians offices, investment companies, and media analysis companies. - Lockbit ransomware group claims 19 new victims as well. Lockbit ransomware group most notably targeted a non-profit hospital, a Behavioral health center for the mentally ill, 2 school distracts located within the United States, and law firm which represents American Veterans who need legal assistance. - CryptBB, a new and emerging group, claimed 8 victims, most notably a school district in the United States. - NoEscape claims to have compromised US-Canada water organization, the International Joint Commission, and threatens to leak sensitive government data. - BianLain attacks Save the Children International, a 104 year old non-profit which aided children who were victims of WW2 nazi concentration camps (among many other incredible deeds). - RansomedVC claims 30 new victims this month, primarily leveraging web exploitation and intimidation tactics. Other active ransomware group activity this month: RagnarLocker, Threeam, CiphBit, Trigona, Knight, Akira, Monti, Stormous, Blacksuit, Play, RansomHouse, IncRansom, Lorenz, BlackByte, Qilin, RaGroup, Everest, Mallox, Medusa, Rhysida, 8base, Abyss. In the month of September, 2023, there have been over 200 newly documented ransomware attacks. Again, this does not include victims who have paid. The most notorious groups still remain on top: ALPHV and Lockbit. Both have existed (in some manner) since at least 2019.

Observing some strange-looking address expressions in the pseudocode? No problem, see how you can improve them 🌐 hex-rays.com/blog/igors-tip-… #IgorsTipOfTheWeek #IDAtips #IDAProTutorials #Decompiler

Get ready for our Black Friday/Cyber Monday deals! Starting on 25 Nov at 12:01 am (CET) and running until 28 Nov at 11:59 pm (CET), this is the best time to get IDA & Decompilers at a discounted price. Details will be available soon 🌐hex-rays.com/?utm_source=Soc… #HexRays #BlackFriday

The feeling when unreadable code becomes crystal clear...