(1/n) New research on Windows malware, to appear at ACM ASIA CCS 2026 [1]: "SoK: Systematization, Detection, and Hunting of Windows Malware Persistence Techniques" [2] This work is a collaboration between EURECOM and the University of Twente.

The recording of my first Binary Cartography webinar is now public: Agentic Reverse Engineering: How AI Agents Are Changing Binary Analysis Topics: keygenning, cracking & anti-tamper removal Recording: youtube.com/watch?v=DZcDaXTv… Slides/code/samples: github.com/mrphrazer/binary-…

I was watching a presentation [1] on @REverseConf 2026 and I learned an anti-emulation trick that uses x87 FPU quirks. It is used by an anti-cheat engine (as part of an MBA). Here you go, it detects Unicorn: github.com/packmad/fprem-ant… [1] youtube.com/watch?v=3LtwqJM3…

RE//verse 2026 talks are live on YouTube! Want to revisit a talk or catch the ones you missed? The full playlist is now available: youtube.com/playlist?list=PL…

pagedout.institute/ ← we've just released Paged Out! zine Issue #7 pagedout.institute/download/… ← direct link lulu.com/search?page=1&pageS… ← prints for zine collectors pagedout.institute/download/… ← issue wallpaper Enjoy! Please please please RT to spread the news - thank you!

So, these threat actors successfully phished an author of multiple open source NPM packages with a total of 2 billion weekly downloads – including debug, chalk, and ansi-styles. Since most companies run at least one React or Angular app, they had the opportunity to execute code on millions of systems across thousands of orgs. And they used it to drop an amateurishly obfuscated crypto stealer, got caught by basic detection rules, and the issue was remediated after 2 hours. I hope everyone understands how close this was – and can imagine what would’ve happened if someone with real skills had done it. #NPM #Compromise #SupplyChain

New #TinyTracer (v3.0) is out - with many cool features: github.com/hasherezade/tiny_… - check them!

Big news: Windows Subsystem for Linux is now Open Source! 🎉 Download WSL, build from source, contribute fixes & features, and join its active development. Learn more: msft.it/6018SjYoE

Hello hackers! Another @pwncollege semester ends, continuing @ASU's @ace_inst's never-ending quest to revolutionize the way hackers learn to become productive members of the cybersecurity community. Read on to learn what this means for students and Capture the Flag! 🧵

My new article, "Writing a Full Windows ARM64 Debugger for Reverse Engineering," covers the topic in detail, including its internals and the core differences between Windows on Intel and ARM64: keowu.re/posts/Writing-a-Win…

"dos-like" is a mini-engine/framework I made a couple of years ago. It makes it easy to make games and other things with a 90s MS-DOS look and feel, but using a modern C compiler and running on Windows, Linux, macOS and in the browser using WebAssembler.

Learn to write a WinDbg extension: youtu.be/ly-nZjuLNkw

"A calculator app? Anyone could make that." Not true. A calculator should show you the result of the mathematical expression you entered. That's much, much harder than it sounds. What I'm about to tell you is the greatest calculator app development story ever told.

It's finally here! Ghidra 11.3 dropped with built-in support for Python 3 through Pyhidra. Let's go! github.com/NationalSecurityA…

Last Thursday, I gave a webinar on anti-reverse engineering techniques like obfuscation, anti-debug, anti-tamper etc, including practical examples. Recording, slides and examples are now available. youtube.com/watch?v=Ie1eZSiM… github.com/emproof-com/webin…

DataExplorer is a plugin for @x64dbg that integrates the pattern language from @WerWolv's ImHex. You can quickly visualize data structures in memory!

The last release of #TinyTracer for this year: v2.9.5 : github.com/hasherezade/tiny_… . Added ability to follow child processes (thanks to @red5heep). Improved tracing of #VMProtect - protected executables.

New #HollowsHunter (v0.4.0) is out: github.com/hasherezade/hollo…. Now you can use it in the classic mode, as well as in ETW mode - as a multi-threaded listener. The watched events can be defined by a simple profile - but it is just a beginning...

Releasing full 2 hr video of my browser exploitation workshop from VXCON 2024: youtube.com/live/b9OhamkAY2I In which I show what goes inside the mind of a skilled hacker while exploiting a highly non-trivial vulnerability in v8, from zero to exploit concept. Especially this workflow requires advanced abstract thinking, thereby emphasize the role of theoretical modeling in attacking hard zeroday research targets, which is a part of why it's fun. @zerodaytraining