Got sick of the bloat in the Python MCP server ecosystem and decided to write my own. Turns out you can fit everything you need in less than 1k lines of code. For reference: FastMCP is around 40kloc, excluding dependencies 🤯

The new REMnux MCP server lets AI analyze malware using the REMnux toolkit. I was surprised at the depth of investigation it delivers. Most of my time went into capturing how I approach malware analysis and providing AI the right guidance at the right time, so it can think and

omill - experimental deobfuscator based on the SATURN paper, utilizing remill to lift instructions from machine code into LLVM IR, and deobfuscating this code for recompilation. It also implements a small OLLVM-style obfuscator to fuzz against. Built with Claude . It

here is IDA debugging a PE file being emulated by the Speakeasy Windows system emulator.

x.com/i/article/2027…

If you want a really honest case study of this, please read: research.checkpoint.com/2025/generativ…

I recommend reading this, it's very decent content 💙 Thank you Thomas Roccia 🤘 my friend for sharing this valuable content! 🙏 But read it all, slowly, carefully — the title is strong and some can just skim and leave thinking reverse engineering is dead, replaced by AI… which is not

There's a lot of talk currently about reverse engineering with LLMs, I encourage folks to check out my keynote from September where I spoke about their applicability/limitations with malware analysis youtu.be/tLR_hHQVkOk LLMs have improved but the core principles still apply.

⚡Check out what we have in store for IDA in 2026... We’re expanding technical depth, improving performance, strengthening collaboration, and introducing a new generation of scalable RE tools. Read our 2026 Product Vision: hex-rays.com/blog/2026-prod…

I am excited to release the seventh article in the Exploiting Reversing Series (ERS). Titled “Exploitation Techniques | CVE-2024-30085 (part 01)” this 119-page technical guide offers a comprehensive roadmap for vulnerability exploitation: exploitreversing.com/2026/03/04/exp… Key features of

Sharing this repo where I plan to keep posting Vibe-Reverse Engineered (with idasql) targets. A few more targets in the way, dealing with more obfuscation and what not. No rocket science just basic scenarios. github.com/0xeb/vibe-re/

Rust binaries aren’t C binaries. Learn modern reversing techniques from Cindy Xiao (RECon / RE//verse / NorthSec speaker, founder of Decoder Loop). Deconstructing Rust Binaries March 2026 • Virtual 🔗 ringzer0.training/countermeasure…

While the use of AI in cyber operations isn't brand new, Microsoft’s latest blog reveals just how deeply threat actors are embedding AI into their daily workflows. Of particular note are DPRK threat actors, who are aggressively adopting AI as a "force multiplier" across the

#IDA Pro tip 🤙 ApplyCalleeTypeEx — ApplyCalleeType is Reborn 🔥 — — — IMO one of the most practically useful IDA plugins ever written. It died on IDA 9.x. Not anymore. Rebuilt from scratch — compatible IDA 8.x → 9.3+. github.com/Dump-GUY/Apply… — — — What's new: ✅ IDA 9.3 ready +

Speakeasy emulator v2b1 is here! 🚀 Massive upgrade thanks to Willi Ballenthin. Modernized codebase using Unicorn 2. Now handles complex multi-stage unpacking and deep system introspection. API traces on par with sandbox analysis. github.com/mandiant/speak… pypi.org/project/speake…

⏪Dynamic analysis has come a long way. Time-travel debugging (TTD) is a great example - it allows you to query execution information instead of relying on break/resume to find what you are looking for! - Full OS interaction - Forwards/backwards navigation from the trace -

.Volexity recently released GoResolver v1.4, bringing significant updates to our #opensource tool for recovering symbol data from obfuscated Go binaries. This release is available on GitHub: github.com/volexity/GoRes… [1/8]

This is a very interesting piece of research by the team on algorithmic methods for effective complex type recovery. Practical type inference is a challenging problem the industry has been grappling with for years. paper: arxiv.org/abs/2603.08225 blog: binarly.io/blog/type-infe…

x.com/i/article/2031…

Syscall Tracer🔥🔥 Sometimes it’s useful to observe the system calls happening inside a given target process. Especially if the target includes some kind of Frida detection, root detection, or any other kind of Runtime Application Self-Protection (RASP). frida.re/news/2026/03/0…