Binary Ninja 5.3 (Jotunheim) is released: binary.ninja/2026/04/13/bina… Major highlights: NDS32 support, AArch64 ILP32 ABI, new Universal MachO UI, command palette upgrade, new type library helpers, ghidra export, updated IDB import, HW and conditional breakpoints, and much more!

Wake up binjas, new Binary Ninja 5.3.9757 stable just dropped. No functionality this time (head over to dev for that!) but lots of stability fixes for the appropriately named stable branch: binary.ninja/2026/06/09/5.3-…

I also created an architecture for binary ninja that actually properly shows functions and operations that in my opinion made it easier to see how the VM works. @vector35 has a really nice tool!

Xusheng is streaming live today at 2PM EST with @InvokeReversing! Tune in here: twitch.tv/InvokeReversing

In Sidekick 26.0, Indexes give you a persistent work queue for reverse engineering! Create one from a BNQL query, then keep adding as you find more. Sidekick can also write to indexes during analysis. Later, use the index to filter down, pin what matters, and jump straight to each location. docs.sidekick.binary.ninja/g…

The Notebook in Sidekick 26.0 is where you turn chat work into something that sticks. It is a persistent workspace where you track analysis goals and record outcomes. Sidekick reads it as context in Chat, so it can build on what you already established across turns and sessions. docs.sidekick.binary.ninja/g…

Working in a messy function? Sidekick 26.0 suggestion operations can repair and annotate the code right at your cursor. Start with Suggest Repairs when the analysis substrate looks off. Then use Suggest Types, Suggest Names, or Suggest Comments to apply focused improvements.

Semantic indexing in Sidekick 26.0 lets you search by what code does instead of what it is named. It builds a local vector index for your binary. Then concept() in BNQL or the Python API can surface matches for things like TLS handshake even when everything is still default named. The index stays local, no binary content goes to the cloud. docs.sidekick.binary.ninja/g…

In Sidekick 26.0, Chat is where most binary analysis starts. Ask a question and Sidekick uses its tools to query the binary, then the thread builds as you dig deeper. The sidebar keeps it transparent. You get a thread list with live status, changes, findings, and any approvals waiting. Open a thread to see the full conversation plus grouped tool calls so you can audit what ran. docs.sidekick.binary.ninja/g…

Sidekick 26.0 is out now! Major updates across the board plus a full refresh of the Sidekick website. New specialist agents, a validation agent that cross checks findings against evidence, project scoped workspaces with cross binary search, and built in skills tuned for Binary Ninja. Read about the latest release here: sidekick.binary.ninja/blog/s…

Dear folks, How are you doing? I wanted to share with everyone the news that based on my most recent "When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com - Part Five" blog post - ddanchev.blogspot.com/2026/0… where I actually found several CWE flaws including a hardcoded decryption key in the actual encrypted file for a Conti Ransomware sample which I obtained from 2020 as I further continued pursuing my belief that this is the case with other related Conti Ransomware binaries today I came across to a second Conti Ransomware sample which is doing exactly the same namely storing the decryption key in the actual encrypted file where I'll soon summarize my findings and publish them. Also for the record in my previous "When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com" - ddanchev.blogspot.com/2026/0… blog post series I also came across to a relatively interesting wrapper function called "Asshole". “AssHole” wrapper purpose and mechanics Literal marker: "AssHole" at 0x405558. Alphabet used by transform: "0123456789abcdef" at 0x405544. And. Both send_data_to_c2 and recv_command_from_c2 incorporate "AssHole" directly into the transform pipeline: On send: the outgoing buffer is combined with "AssHole" and passed through encode_obfuscated_hex_string (0x4024a0). On receive: the received blob is combined with "AssHole" and passed through decode_obfuscated_hex_string (0x402620). I'll continue pursuing my belief that this hardcoded decryption key mentality might be the case with other related Conti Ransomware samples and I'll soon publish my findings. The more malware samples the merrier. Special thanks to @vector35's BinaryNinja reverse engineering product and service of which I'm a proud user. Thanks, Dancho

Do you remember how we got here? Because I don't. Join us at 4pm ET today where we'll be writing a reverser's reflog plugin for Binary Ninja: youtube.com/live/oBzBMGJGC8E With a chance of some exciting announcements 👀

To help us track down bugs faster, 5.3 introduces opt-in crash reporting. This feature is disabled by default in paid versions and enabled by default in our free version. Either way, you can change the setting whenever you want. Details in our latest blog post: binary.ninja/2026/04/13/bina…

The debugger got some real love in our latest update. Hardware breakpoints and conditional breakpoints have both landed, and the new debug adapters make things faster and more reliable across a range of workflows. Read more from the latest blog: binary.ninja/2026/04/13/bina…

Our latest release makes it much easier to move analysis between tools. With new Ghidra Export support and a major overhaul to IDB import, more of your work carries over cleanly and more IDA databases work better in Binary Ninja. binary.ninja/2026/04/13/bina…

This marks the first stable release of our v2 Enterprise server bringing major improvements for Enterprise customers, and while we will continue supporting v1 for a period of time, v2 is where we recommend heading next. More on the v2 server and the rest of 5.3 here: binary.ninja/2026/01/26/ente…

Binary Ninja 5.3 adds new BNTL utilities for easier type library workflows in both the UI and headless environments. WARP also gets a cleaner server experience, with bundled Linux signatures helping complete the shift away from SigKit. binary.ninja/2026/04/13/bina…

A lot of practical UI work landed in Binary Ninja 5.3. We replaced the old MachO slice selection flow with a dedicated picker, expanded Container Browser coverage across a wide range of container formats, and significantly extended command palette behavior. binary.ninja/2026/04/13/bina…

Binary Ninja 5.3 (Jotunheim) adds new architecture APIs for full function level lifting. We are already using them for upcoming TMS320C6x work, and plugin authors should be able to put them to good use too. Also new: NDS32 and AArch64 ILP32 ABI updates. Check out the latest blog: binary.ninja/2026/04/13/bina…

Join us tomorrow, April 17th @ 4pm ET, for some live pwn! We'll be using Binary Ninja's shell coding compiler, patching binaries to make them easier to debug, analyzing data moving from globals to the stack to the heap, and finishing by popping shells live with pwntools: youtube.com/live/VcK4SoeYZiU