I haven't been publishing much lately, but not because I haven't been doing research -- in fact, I've done more than ever in the past five years. My ~200KLOC backlog will soon begin trickling out into the IDA/Hex-Rays ecosystem.

🧠 Reverse engineers, your lab just got smarter. IDA Free 9.1 is now preinstalled in FLARE VM — Mandiant (part of Google Cloud) 's open-source malware analysis environment. ➥ Lightweight static analysis with cloud decompilers ➥ One-click to launch IDA directly ➥ IDA Plugin ecosystem ready to

new IDA license, who dis?

I have been working on a GitHub competitor, but built around the jj version control system.

I’ve done a little U-turn on Git and Jujutsu. I learned JJ and it changed the way I thought about VCS: that history was malleable. Then I found lazygit and I realized history is editable in Git too. And the keyboard shortcuts are even easier than JJ. So, back with Git.

amusing forensic/post-exploitation challenge: reconstruct project structure and source code from Claude Code transcripts. (did you know it stores complete traces?)

TIL: you can quickly create bookmarks in IDA by clicking in the execution flow area. Thanks Igor Skochinsky (@[email protected]) for your tip here: hex-rays.com/blog/igors-tip…

“Truncated blocks are important, as 90% of all pareto distributions appear in the 10% of all problems that are relevant to search engines.” 🤣 marginalia.nu/log/a_123_inde…

With Claude Code supporting background processes now, I wondered if I could do Aider-style "--watch mode" (use source code comments like "# ai: use walrus operator here" to trigger Claude Code). But CC only checks for output during chat msgs today :-/ github.com/williballenthi…

despite primarily using the Helix text editor, I find myself using Zed next to Claude Code, since it shows the live contents of the file. It’s annoying to have to “:rla” in Helix to reload the file when an external tool makes changes. I get it, but still.

what disassemblers should look like

The EMBER2024 dataset just got an update! We're releasing the raw bytes and disassembly for 16.3 million functions from malicious files in EMBER2024. Each function is associated with one or more behavioral capabilities. Check it out here: huggingface.co/datasets/joyce…

QUANTUMSTRAND beta 1 released: built for analysts to quickly understand *where* strings are, *what* they might be, and *how* important they are, without getting lost in a sea of undifferentiated text. Thanks Moritz and the crew at Mandiant (part of Google Cloud) FLARE github.com/mandiant/flare…

What should I spend my time digging into? Which data points are new and novel, which are rare and interesting, which ones are useless? I can't be expected to pivot on every little thing. Please do not show me data unless you help me understand it and empower me to act on it.

🚦 Stop guessing and start GOing. The upcoming IDA 9.2 release brings cleaner Golang decompilation with tuple types. Read the full blog: eu1.hubs.ly/H0mFg8l0

I’ve been discovering Reverse Engineering tools and techniques by following IDA Pro plugin updates, which I publish via RSS. Daily, a script searches GitHub for IDA API names that suggest a project uses IDA. Then it renders recent releases and commits. williballenthin.com/ida/plugins/ac…

ifyky 😎 github.com/blacktop/aarch…

After a little study, I figured out how to programmatically undo/redo in IDA Pro. Makes me think there's a way to hack together "transactions" for the IDB. reverseengineering.stackexchange.com/a/33543/17194