🎙️ You may have heard of the Glupteba botnet, but did you know @Google didn't just disrupt it—they sued the operators? In a wild twist, the Russian operators didn't stay in the shadows. They hired a US attorney and showed up in a New York court to fight back. In the latest episode of Behind the Binary, @pmbureau discusses the wild tale of the technical and legal takedown! 🎧 Listen here: open.spotify.com/episode/0Tg…

Forgot to add this to the release notes, but nibble wildcard patterns also work now! `67 6? ?7 67`

This is actually a very well-explained beginner series on #dotnet #reversing. We need more good beginner-friendly sources like these.

🎙️ Next Behind the Binary episode is now live! In this episode, I'm joined by @__sethJenkins from @Google's Project Zero to discuss a recent zero-click exploit chain in the Pixel 9—groundbreaking research he co-authored with @natashenka. We also dive into how AI features are rapidly changing the modern mobile attack surface. 🎧 open.spotify.com/episode/3XB…

I recently had an interview with @jstrosch on the Behind the Binary podcast about @natashenka and I's Pixel 9 exploit chain with a bit of a bonus conversation about vulnerability research and security in the age of AI! You can find the whole episode here🎧 open.spotify.com/episode/3XB…

🥵 #BlackHatUS is just around the corner - if you're looking to not only sharpen your RE skills, but understand how complex malware is constructed - here is your chance to join us for 4-days of hands-on, deep-dive learning! blackhat.com/us-26/training/… @BlackHatEvents

I've been a part of this course since I joined FLARE a few years ago and it's exciting to see all of the new content. This content is largely driven by two factors - the problems the team encounters on a daily basis, and what hear from our community. This 4-day version at @BlackHatEvents US takes you through all of the core challenges facing modern re and techniques for unraveling obfuscation. 🔗 blackhat.com/us-26/training/… DMs are open if you have any questions!

🤯 I've spent the last few months working on a major retooling of my workflow—specifically for tackling compiler-based obfuscations. This shift has opened my eyes to new ways of deconstructing logic, moving beyond traditional methods to leverage ASTs and IRs far more effectively (with a little help from LLMs). Curious to see what I've been working on? You can join me at @BlackHatEvents US this summer in Vegas... 🫣 blackhat.com/us-26/training/…

🧩 Video 2 in the .NET obfuscation series is now public! youtu.be/6rcUxmRGhlg In this video we'll explore the Global Module Constructor (.cctor) to analyze the impact of anti-debugging and anti-tamper protections.

🇨🇦 I'm finally going to be able to check @reconmtl off my conference list! And I'm not just attending, I'm helping deliver our 4 day advanced RE course. If you want to get hands on with time-travel debugging, ransomware cryptography, or deobfuscating .NET here is your chance to join us for 4 days of learning and experience sharing. 🔗 recon.cx/2026/en/trainingFLA… As always, DMs are open if you have any questions.

We tested 9 LLMs on real-world #malware triage and static unpacking tasks, using only #Malcat’s MCP server. We compared not only their results, but also their speed and cost. Full write-up: malcat.fr/blog/benchmarking-…

New blog post covering what's changed in Amatera Stealer 4.0.2 Beta! Plus a bug I found that can be used as a vaccine. - XTEA-encrypted strings - C2 protocol changes (AES -> ECDH P256 ChaCha20-Poly1305) making decryption more difficult - SysCall SSN encoding, decoded just before WoW64Transition esentire.com/blog/amatera-st…

I'm excited to announce that I'll be returning to Vegas for @BlackHatEvents with the FLARE team to help deliver our 4 day advanced class! This is an almost entirely rewritten course that now features: ✅ Reversing GO and Rust binaries ✅ Leveraging time-travel debugging ✅ Deobfuscating scattered control flow 👉 blackhat.com/us-26/training/… Hope to see you there! DMs are open if you have any questions.

🤔 Can you truly dismantle what you don't know how to build...? In my upcoming @BlackHatEvents 2-day training, we’re using modern LLVM pipelines to write the same obfuscation passes used by nation-states. Once you see the "why" behind the transform, the "how" of the reversal becomes more apparent. Learn how compilers work effectively so you can too 😉 ⏳ Early bird pricing ends May 22. Join me in Vegas: 🔗 blackhat.com/us-26/training/…

.LNK files are implemented as COM objects. You need IShellLink IPersistFile to create, read, or modify them programmatically. New video write-up, code included, security angle too. trainsec.net/library/windows…