Over the past year I have been working on Python bindings (icicle-python) in stealth-mode. You can try it out today! The reversing community desperately needs alternatives to unicorn. Icicile is based on Ghidra's semantics and improvements there come essentially for free!

Unpacking VMProtect 3 (x64) 🤷‍♂️

For half of the "encrypted" strings this stealc sample checks that the decrypted value is correct??? 🤣🤣

🔥 TitanHide has been updated to support the latest VMProtect 3.9.4 changes! The service name is now used as the device name as well, so the check for \\.\TitanHide will fail if you name the service differently 🧠

YARA-X is now stable! virustotal.github.io/yara-x/blog/ya…

UnpacMe 8.7.2 - AI Script Analysis, Hunting, and Decompilation Updates 🚀 blog.unpac.me/2025/06/05/ai-…

Contract is signed! No confidentiality, AMD has leadership that's capable of acting. Let's make this training run happen, we work in public on our Discord.

May be getting time to refresh why threat actor names exist and why they are important. They're not for marketing. silascutler.com/2021/01/14/Kil…

We've uploaded our Time Travel Debugging in Binary Ninja stream with Xusheng Li from Vector 35 where we unpacked malware and analyzed anti-analysis capabilities with TTD traces. Enjoy!

Hey all! As promised, here's the in-depth analysis Josh Reynolds (jmag) from Invoke RE and I did of the malware strain that's been spreading through NPM in the last few days following a successful phish. We present to you: Scavenger. c-b.io/2025-07-20+-+I…

Using the UnpacMe byte-search IDA plugin we found some Scavenger related malware dating back to October 2024. At the time the malware was dubbed ExoTickler. Analysis follows...

Check out our latest blog post on modeling complex control flow with function-level basic block analysis in Binary Ninja 5.1. From DSPs to Brain***k, this update makes it easier to develop plugins for tricky architectures. binary.ninja/2025/08/12/fun…

We’ve seen a spike in submissions this morning, which may cause some analysis delays. We’re working to resolve the backlog.

We at emproof open-sourced a free firmware reverse engineering workshop for self-study. Topics: ELF analysis, cracking, malware triage, embedded-Linux, bare-metal, crypto-key extraction, anti-analysis. Docker setup and solutions included. github.com/emproof-com/wo…

The CFP for RE//verse 2026 is open, but not for long! Submissions close November 14th. Share your best RE and security research with us here: sessionize.com/reverse-2026

We've uploaded our stream from Oct 24 where we continued analyzing the SORVEPOTEL infection chain, including shellcode, Maverick.Agent.StageTwo, Maverick Agent, and a PowerShells WhatsApp worm. Big shout out to Dodo on Security 🇵🇸 🇺🇦, Washi and UNPACME for helping with this stream.

Infrastructure for the Rhadamanthys, VenomRAT, and Elysium botnet disrupted. ~1000 servers taken offline 👏 europol.europa.eu/media-press/ne…

Happy to share that later today (Friday, Nov 14, at 10:00 PM CET / 16:00 ET), I’ll be live on the #BinaryNinja livestream to talk about (anti-)reverse engineering & code (de)obfuscation. I'll also showcase some of my plugins.

Zombieware doing its thing stuck in a respawn loop…rewriting a mutated copy of itself before relaunching. Depending on the sandbox setup, one analysis can generate dozens of mutated samples, which are then fed back into pipelines and threat feeds... 🐢 🐢 🐢

IDA has a plugin manager now! I hope this makes it so much easier for you to try new extensions, like after the Plugin Contest. hex-rays.com/blog/introduci…