Hey #100DaysofYARA friends and fans! I am looking for a successor to take up the 100 days of yara mantle. I’ll still participate of course, but I think the challenge has reached a point where it can grow much more under a more organized eye

Just dropped: my RECON 2025 talk on Rust library recognition in malware! 🦀 Worth a watch if you're into RE or malware research. youtu.be/_JiuYkFzVgg?si… #malware #RIFT #microsoft #reverseengineering #rust

We are Red Teamers. We know the problem. Here's how we fix It. Launching November 10th. deceptiq.com

Once in a blue moon as a red teamer, we encountered environments with canary technology deployed across their infrastructure. The tables flipped. Blue teams caught us immediately. Canary technology uniquely detects adversaries by exploiting their behavior - digital assets with

We are live! 15 canary token providers (10 persistent, 5 ephemeral) - all designed to exploit an adversary's decision making process. (And has the added fun consequence of making folk say "wait, that's a canary token??" in a demo)

As former Red Teamers, we always were looking for low-risk, high-reward decisions. Actions where the upside-lateral movement outweighed the likelihood of detection. This risk calculus has held for years. Early warning honey tokens exist to break it. deceptiq.com/blog/early-war…

My team Huntress is hiring a Senior Hunt & Response Analyst (West Coast, 3-5 years exp). Not going to lie, this is one of the best teams I have worked for in my entire career. We want the person who: 😰 Makes threat actors sweat 🎯 You hunt threats for fun 🔥 Actually

Join us for another interview this Friday at 4pm ET with Tim Blazytko! As the instructor of Software Deobfuscation Techniques at RE//verse 2026, we'll be picking his brain about the role obfuscation and deobfuscation play a role in today's cybersecurity scene. What would you like

Jonny Johnson Vikram Venkatesan DebugPrivilege Connor McGarr Yarden Shafir All individual courses are 40% off, like "Mastering WinDbg" trainsec.net/courses/master…

Zombieware doing its thing stuck in a respawn loop…rewriting a mutated copy of itself before relaunching. Depending on the sandbox setup, one analysis can generate dozens of mutated samples, which are then fed back into pipelines and threat feeds... 🐢 🐢 🐢

Got sick of the bloat in the Python MCP server ecosystem and decided to write my own. Turns out you can fit everything you need in less than 1k lines of code. For reference: FastMCP is around 40kloc, excluding dependencies 🤯

Building real-time detections or event-driven systems on AWS? Or avoiding EventBridge because it's unintuitive? This will save you the late-night debugging sessions I went through.

🔌 Allow us to introduce the new IDA Plugin Manager. Now, with a few simple commands, you can access a modern, self-service plugin ecosystem. Discover and get discovered more easily. hex-rays.com/blog/introduci…

Finally bit the bullet and spent some time refactoring Remill's build system. It got merged and you can now use Remill with LLVM 15-21 on Windows, Linux and macos 🔥 Using Remill in your projects has always been challenging in the past and I also published a small template you

Full length reverse engineering with Invoke RE! Showcasing new iterations of the "Scavenger" malware, or what we saw as "ExoTickler" previously as a fake City Skylines 2 video game mod, now w/ more crypto/creds stealing and C2. Binary Ninja, x64dbg & more: youtu.be/wFBdeak0t70

Hey all! Invoke RE and I had the pleasure to showcase some cool malware with John Hammond! Go give it a watch!

Abused code-signing certificate by country over time. Each dot is a certificate. Any country surprising to you? See comment for interactive version.