49 Photos and videos
Pinned Tweet
17 Sep 2025
First steps with #malcat? Here is a tutorial video, courtesy of @InvokeReversing :
youtu.be/gqESN-etkok?feature…
13
34
7,856
Jun 12
We are working a new project: Malcat Logos. A web platform to perform LLM-assisted #malware triage at scale using solely Malcat MCP server.
Don't hesitate to contact us if you want to beta-test (in a few months). We would like feedback from SOC teams in particular.
7
41
2,383
Operation Dreamjob:
Writeup for a trojanized Keepass executable, being part of Zero2Auto malware analysis course.
txc.gitbook.io/documentation…
@malcat4ever Kesakode and MCP server did a great job to find suspicious functions included, giving a starting point for an in-depth analysis.
3
5
540
Jun 2
Still working on #malware automated triage report. What do you think of this report, on a somewhat complex infection chain: malcat.fr/test/split-report.…
We've tried to attach a technical report to every (sub-)object open by the LLM
1
2
13
906
Malcat dev retweeted
May 27
We are proud to announce the release of our new flagship course, Advanced Malware Binary Triage (AMBT)! The AMBT course provides a comprehensive overview of advanced techniques implemented by malware authors to bypass detection by security technologies and prevent analysis by reverse engineers. Throughout this course you will learn how to reverse engineer real-world malware variants that implement these techniques and how to implement automation methodologies to address them. This includes advanced red team tools, kernel mode drivers, and prolific crimeware (including loaders and ransomware) used in high profile attacks and takedowns. This version of AMBT uses Binary Ninja for static analysis, dynamic analysis and automation.
2
11
30
2,023
May 18
We tested 9 LLMs on real-world #malware triage and static unpacking tasks, using only #Malcat’s MCP server.
We compared not only their results, but also their speed and cost.
Full write-up:
malcat.fr/blog/benchmarking-…
2
52
124
10,212
May 4
#Malcat 0.9.14 is out! This is a maintenance build, with some bonuses:
● AccessDB parsing
● RAR unpacking
● UPX (static) unpacking
● Improved __noreturn detection
● ... and as usual, up-to-date signature, constants and Kesakode DBs!
14
72
4,359
Apr 29
If you are facing malicious access databases (getting traction rn), you can extract the VBA easily in #Malcat:
1. Locate "Attribute VB_Name"
2. Select from the 0x01 preceeding
3. .. up until a sequence of null bytes
4. Ctrl-T-> Office RLE
We are working on a parser module!
9
46
3,245
Malcat dev retweeted
Apr 21
#cybersecurity #malware #clickfix #macos #botconf
Hi, I’ve decided to share a tool I wrote in my spare time. The app is designed to track the ongoing ClickFix campaign targeting macOS and Win users and collect compromised websites.
clickfix.pro
Hey @madzincyber :)
4
14
29
5,075
Malcat dev retweeted
Apr 17
FUD CastleLoader signed "INFOTECK SOLUTIONS PRIVATE LIMITED"
The 40MB exe makes it hard for detection engines to see the 1 important line of python it will execute. Short #malcat investigation though.
62a6e64a7233f4a756d01c54840ff703a620a416929d57eebc0bdac3b9ed2019
1/3
1
10
46
4,459
Apr 3
New anti-AV technique!
By setting the PE VersionInfo to specific strings (here french for "dont-scan-mf"), you'll bypass most security solutions!
Even if your file is named "RAT" or Stub.dll :D
5
20
175
11,087
Apr 3
Btw, it seems to be a new RAT named "Sero". Binary there: bazaar.abuse.ch/sample/ebf93…
1
1
4
1,044
Mar 22
Underrated use for LLMs:
the ability to port Go programs to other languages, so that nobody has to touch this ugly language ever again.
1
1
15
935
Mar 20
In Malcat, hitting <Ctrl M> will start the in-GUI MCP server (works in free version too). You can then interact with the current analysis using your LLM of choice.
Here I renamed functions and variables of the C2 dispatcher function for an unknown malware:
4
40
2,507
Malcat dev retweeted
Mar 12
ran xchanger through malcat MCP (using claude). Out of the box, got domains & registry behavior, failed to get the hard-coded XOR key. I had to have claude disassemble the .NET to get that additional info. Then had it create and HTML report. So, semi-automated. 🤷
1
1
9
625
Malcat dev retweeted
Mar 10
My favorite malware analysis tool has become better.
Now Mac support and MCP availability? Amazing.
Mar 10
We're happy to announce that #malcat 0.9.13 is out!
You'll find a new Apple-silicon MacOS port, two integrated MCP servers (in-GUI headless) for automated triage and an improved interface:
malcat.fr/blog/0913-is-out-m…
4
13
1,900
Malcat dev retweeted
LIA 🤝 Malcat
We are happy to announce that LIA has partnered with Malcat to strengthen payload detections using Kesakode!
Malcat also provides a LIA Threat Intelligence plugin for SHA256 lookups and sample downloads!
Read more on: insights.loaderinsight.agenc…
5
12
1,548
Mar 10
We're happy to announce that #malcat 0.9.13 is out!
You'll find a new Apple-silicon MacOS port, two integrated MCP servers (in-GUI headless) for automated triage and an improved interface:
malcat.fr/blog/0913-is-out-m…
10
27
5,333