The slides and materials from @cxiao.net's "Reversing a (not-so-) Simple Rust Loader" workshop at Ringzer0 COUNTERMEASURE today are now available! github.com/decoderloop/...
#rustlang #ReverseEngineering #MalwareAnalysis #infosec #reversing #malware #binaryninja #COUNTERMEASURE25 #ringzer0
#rustlang #ReverseEngineering #MalwareAnalysis #infosec #reversing #malware #binaryninja #COUNTERMEASURE25 #ringzer0
GitHub - decoderloop/2025-11-07-ringzer0-countermeasure-not-so-simple-rust-loader-workshop: Slides and materials for the workshop "Reversing a (not-so-) Simple Rust Loader" at Ringzer0 COUNTERMEASURE ...
Slides and materials for the workshop "Reversing a (not-so-) Simple Rust Loader" at Ringzer0 COUNTERMEASURE 2025. - decoderloop/2025-11-07-ringzer0-countermeasure-not-so-simple-rust-loade...
github.com
November 7, 2025 at 9:05 PM
The slides and materials from @cxiao.net's "Reversing a (not-so-) Simple Rust Loader" workshop at Ringzer0 COUNTERMEASURE today are now available! github.com/decoderloop/...
#rustlang #ReverseEngineering #MalwareAnalysis #infosec #reversing #malware #binaryninja #COUNTERMEASURE25 #ringzer0
#rustlang #ReverseEngineering #MalwareAnalysis #infosec #reversing #malware #binaryninja #COUNTERMEASURE25 #ringzer0
Still testing 🤞
For those able to use #BinaryNinja projects; #BinYars can sort the files into folders based upon the #Yara-X rule metadata field, BNFolder. The folder nesting structure is determined by the number of matches that reside under each folder - check out the video below!
For those able to use #BinaryNinja projects; #BinYars can sort the files into folders based upon the #Yara-X rule metadata field, BNFolder. The folder nesting structure is determined by the number of matches that reside under each folder - check out the video below!
October 26, 2025 at 8:27 AM
Still testing 🤞
For those able to use #BinaryNinja projects; #BinYars can sort the files into folders based upon the #Yara-X rule metadata field, BNFolder. The folder nesting structure is determined by the number of matches that reside under each folder - check out the video below!
For those able to use #BinaryNinja projects; #BinYars can sort the files into folders based upon the #Yara-X rule metadata field, BNFolder. The folder nesting structure is determined by the number of matches that reside under each folder - check out the video below!
me that this goal is worth pursuing.
I'm looking for contributors, esp. for #BinaryNinja, #IDA and #radare2 scripting so we can bring all these worlds together!
2/2
Original->
I'm looking for contributors, esp. for #BinaryNinja, #IDA and #radare2 scripting so we can bring all these worlds together!
2/2
Original->
October 24, 2025 at 6:46 PM
me that this goal is worth pursuing.
I'm looking for contributors, esp. for #BinaryNinja, #IDA and #radare2 scripting so we can bring all these worlds together!
2/2
Original->
I'm looking for contributors, esp. for #BinaryNinja, #IDA and #radare2 scripting so we can bring all these worlds together!
2/2
Original->
It's getting close to being done - #BinYars a #YARA-X #BinaryNinja plugin! Still testing, but plan on open sourcing it for all to use.
Shout out to Remco Sprooten for making this tool (also shown in the video) for quickly drafting Yara rules 💪 github.com/1337-42/Simp...
Video: Part 1 of 2
Shout out to Remco Sprooten for making this tool (also shown in the video) for quickly drafting Yara rules 💪 github.com/1337-42/Simp...
Video: Part 1 of 2
October 24, 2025 at 8:22 AM
It's getting close to being done - #BinYars a #YARA-X #BinaryNinja plugin! Still testing, but plan on open sourcing it for all to use.
Shout out to Remco Sprooten for making this tool (also shown in the video) for quickly drafting Yara rules 💪 github.com/1337-42/Simp...
Video: Part 1 of 2
Shout out to Remco Sprooten for making this tool (also shown in the video) for quickly drafting Yara rules 💪 github.com/1337-42/Simp...
Video: Part 1 of 2
It was a great honor to share the stage with Tim to present MBA deobfuscation using our powerful BinaryNinja plugin.
An incredible experience at REcon 2025 — thank you to everyone who made it unforgettable! Check out the recording!
An incredible experience at REcon 2025 — thank you to everyone who made it unforgettable! Check out the recording!
The recording of our (CC @nicolo.dev ) talk "Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications" at @reconmtl.bsky.social is now online!
Recording: www.youtube.com/watch?v=QxSG...
Slides: synthesis.to/presentation...
#BinaryNinja Plugin: github.com/mrphrazer/ob...
Recording: www.youtube.com/watch?v=QxSG...
Slides: synthesis.to/presentation...
#BinaryNinja Plugin: github.com/mrphrazer/ob...
Recon 2025 - Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications
YouTube video by Recon Conference
www.youtube.com
October 18, 2025 at 9:42 AM
It was a great honor to share the stage with Tim to present MBA deobfuscation using our powerful BinaryNinja plugin.
An incredible experience at REcon 2025 — thank you to everyone who made it unforgettable! Check out the recording!
An incredible experience at REcon 2025 — thank you to everyone who made it unforgettable! Check out the recording!
Great write up for reversing C++ virtual tables with BinaryNinja by @whatthefuzzvr.bsky.social
www.seandeaton.com/gotta-re-em-...
#reverseEngineering
www.seandeaton.com/gotta-re-em-...
#reverseEngineering
Gotta RE 'em All: Reversing C++ Virtual Function Tables with Binary Ninja
C++ can be frustrating to reverse engineer. Explore how to reverse engineer those with Binary Ninja.
www.seandeaton.com
October 17, 2025 at 4:27 PM
Great write up for reversing C++ virtual tables with BinaryNinja by @whatthefuzzvr.bsky.social
www.seandeaton.com/gotta-re-em-...
#reverseEngineering
www.seandeaton.com/gotta-re-em-...
#reverseEngineering
The recording of our (CC @nicolo.dev ) talk "Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications" at @reconmtl.bsky.social is now online!
Recording: www.youtube.com/watch?v=QxSG...
Slides: synthesis.to/presentation...
#BinaryNinja Plugin: github.com/mrphrazer/ob...
Recording: www.youtube.com/watch?v=QxSG...
Slides: synthesis.to/presentation...
#BinaryNinja Plugin: github.com/mrphrazer/ob...
Recon 2025 - Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications
YouTube video by Recon Conference
www.youtube.com
October 15, 2025 at 10:56 PM
The recording of our (CC @nicolo.dev ) talk "Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications" at @reconmtl.bsky.social is now online!
Recording: www.youtube.com/watch?v=QxSG...
Slides: synthesis.to/presentation...
#BinaryNinja Plugin: github.com/mrphrazer/ob...
Recording: www.youtube.com/watch?v=QxSG...
Slides: synthesis.to/presentation...
#BinaryNinja Plugin: github.com/mrphrazer/ob...
The new version of my #BinaryNinja plugin Obfuscation Analysis (v1.2) adds recursive function inlining in the decompiler.
It collapses call-heavy code into a single function; analysis, constant propagation, DCE and other analyses work across boundaries.
github.com/mrphrazer/ob...
It collapses call-heavy code into a single function; analysis, constant propagation, DCE and other analyses work across boundaries.
github.com/mrphrazer/ob...
October 11, 2025 at 3:27 PM
The new version of my #BinaryNinja plugin Obfuscation Analysis (v1.2) adds recursive function inlining in the decompiler.
It collapses call-heavy code into a single function; analysis, constant propagation, DCE and other analyses work across boundaries.
github.com/mrphrazer/ob...
It collapses call-heavy code into a single function; analysis, constant propagation, DCE and other analyses work across boundaries.
github.com/mrphrazer/ob...
@xorhex.bsky.social Good work on this BinaryNinja plugin! It really came in handy the other day when I was trying to type and label some dynamic api resolution code. Someone in Binja’s slack recommended it. Rock on!
github.com/xorhex/binja...
github.com/xorhex/binja...
GitHub - xorhex/binjaextras
Contribute to xorhex/binjaextras development by creating an account on GitHub.
github.com
October 2, 2025 at 5:45 PM
@xorhex.bsky.social Good work on this BinaryNinja plugin! It really came in handy the other day when I was trying to type and label some dynamic api resolution code. Someone in Binja’s slack recommended it. Rock on!
github.com/xorhex/binja...
github.com/xorhex/binja...
Why is it so hard to get software over the last mile stone to make it usable for more than just me? I've a new #BinaryNinja ( #yarax ) plugin sitting in the wings needing to be polished for release and another release of #BinjaExtras with additional features close, but not close enough for release.
September 30, 2025 at 12:48 AM
Why is it so hard to get software over the last mile stone to make it usable for more than just me? I've a new #BinaryNinja ( #yarax ) plugin sitting in the wings needing to be polished for release and another release of #BinjaExtras with additional features close, but not close enough for release.
I’m forcing myself to learn #BinaryNinja, and using an LLM to search through the user manual and learn the basics is a game changer. Questions about fonts, theming, basic shortcuts, and considerations coming from IDA all answered easily.
August 14, 2025 at 9:53 PM
I’m forcing myself to learn #BinaryNinja, and using an LLM to search through the user manual and learn the basics is a game changer. Questions about fonts, theming, basic shortcuts, and considerations coming from IDA all answered easily.
[Blog Post] New high-level API in LIEF that allows the
creation of DWARF files. Additionally, I present two plugins designed to export
program information from Ghidra and BinaryNinja into a DWARF file.
lief.re/blog/2025-05...
(Bonus: DWARF file detailing my reverse engineering work on DroidGuard)
creation of DWARF files. Additionally, I present two plugins designed to export
program information from Ghidra and BinaryNinja into a DWARF file.
lief.re/blog/2025-05...
(Bonus: DWARF file detailing my reverse engineering work on DroidGuard)
DWARF as a Shared Reverse Engineering Format
This blog post introduces a new API in LIEF to create DWARF files
lief.re
May 27, 2025 at 1:51 PM
[Blog Post] New high-level API in LIEF that allows the
creation of DWARF files. Additionally, I present two plugins designed to export
program information from Ghidra and BinaryNinja into a DWARF file.
lief.re/blog/2025-05...
(Bonus: DWARF file detailing my reverse engineering work on DroidGuard)
creation of DWARF files. Additionally, I present two plugins designed to export
program information from Ghidra and BinaryNinja into a DWARF file.
lief.re/blog/2025-05...
(Bonus: DWARF file detailing my reverse engineering work on DroidGuard)
New #BinaryNinja plugin: Obfuscation Analysis
Simplifies arithmetic obfuscation (MBA) directly in the decompiler (see demo below). Also identifies functions with corrupted disassembly.
Co-authored by @nicolo.dev; available in the plugin manager.
github.com/mrphrazer/ob...
Simplifies arithmetic obfuscation (MBA) directly in the decompiler (see demo below). Also identifies functions with corrupted disassembly.
Co-authored by @nicolo.dev; available in the plugin manager.
github.com/mrphrazer/ob...
May 25, 2025 at 9:39 PM
New #BinaryNinja plugin: Obfuscation Analysis
Simplifies arithmetic obfuscation (MBA) directly in the decompiler (see demo below). Also identifies functions with corrupted disassembly.
Co-authored by @nicolo.dev; available in the plugin manager.
github.com/mrphrazer/ob...
Simplifies arithmetic obfuscation (MBA) directly in the decompiler (see demo below). Also identifies functions with corrupted disassembly.
Co-authored by @nicolo.dev; available in the plugin manager.
github.com/mrphrazer/ob...
Glad to report that binaryninja-docker still works with Binary Ninja 5.x in case you are on older glibc (or other dependency):
github.com ->
Original->
github.com ->
Original->
May 11, 2025 at 12:05 PM
Glad to report that binaryninja-docker still works with Binary Ninja 5.x in case you are on older glibc (or other dependency):
github.com ->
Original->
github.com ->
Original->
[RSS] Fixing Decompilation of Stack Clash Protected Binaries
intrigus.org ->
#Ghidra #BinaryNinja #ReverseEngineering
Original->
intrigus.org ->
#Ghidra #BinaryNinja #ReverseEngineering
Original->
May 10, 2025 at 9:40 AM
[RSS] Fixing Decompilation of Stack Clash Protected Binaries
intrigus.org ->
#Ghidra #BinaryNinja #ReverseEngineering
Original->
intrigus.org ->
#Ghidra #BinaryNinja #ReverseEngineering
Original->
Crazy thought… what if your decompiled Objective-C code looked like Objective-C code?
Today's journey: implementing an Objective-C “pseudo-language” view for Binary Ninja.
#binaryninja #reverseengineering #objectivec
Today's journey: implementing an Objective-C “pseudo-language” view for Binary Ninja.
#binaryninja #reverseengineering #objectivec
May 7, 2025 at 11:24 PM
Crazy thought… what if your decompiled Objective-C code looked like Objective-C code?
Today's journey: implementing an Objective-C “pseudo-language” view for Binary Ninja.
#binaryninja #reverseengineering #objectivec
Today's journey: implementing an Objective-C “pseudo-language” view for Binary Ninja.
#binaryninja #reverseengineering #objectivec
I've been experimenting with improving Binary Ninja's analysis of Objective-C. By hiding reference counting calls and applying types based on [super init] and objc_alloc_init calls, the structure of the decompiled code becomes clearer.
github.com/bdash/bn-obj...
#binaryninja #reverseengineering
github.com/bdash/bn-obj...
#binaryninja #reverseengineering
![After: Decompilation of the same function, but with retain / release calls removed and the type of [super init] propagated to the local variable. As a result, access to instance variables are correctly recognized and field names are displayed.](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:2vbhejxyx6mt343q5guzw6k5/bafkreigfb76h3qgi47vgyjxdozhdzaz7lfce34zaucnzfbnkipy4ql3nqy@jpeg)
May 5, 2025 at 3:21 PM
I've been experimenting with improving Binary Ninja's analysis of Objective-C. By hiding reference counting calls and applying types based on [super init] and objc_alloc_init calls, the structure of the decompiled code becomes clearer.
github.com/bdash/bn-obj...
#binaryninja #reverseengineering
github.com/bdash/bn-obj...
#binaryninja #reverseengineering
I thought binary ninja was some trans person’s nickname
https://infosec.exchange/@binaryninja/114434406486540066
https://infosec.exchange/@binaryninja/114434406486540066
Binary Ninja (@[email protected])
Attached: 2 images Binary Ninja 5.0 has major upgrades for firmware analysis! Firmware Ninja is now built into Ultimate, with entropy analysis, memory insights, and automatic board detection. Hex formats like IHEX and SREC are now supported natively, and SVD file loading includes full structure and comment support. https://binary.ninja/2025/04/23/5.0-gallifrey.html#firmware
infosec.exchange
May 2, 2025 at 12:18 AM
I thought binary ninja was some trans person’s nickname
https://infosec.exchange/@binaryninja/114434406486540066
https://infosec.exchange/@binaryninja/114434406486540066
🥷 Now that we've recorded a TTD trace in BinaryNinja - what do we do with it? In this video, you'll start to see the true benefit of TTD traces by navigating it using the BN UI 👇
youtu.be/CUu3d4QKcFs
youtu.be/CUu3d4QKcFs
03 - Replaying TTD Traces in Binary Ninja
In the final vide of this series, we'll use Binary Ninja to replay our TTD traces and see, first hand, the power of time travel debugging!Join this channel t...
youtu.be
April 24, 2025 at 5:01 PM
🥷 Now that we've recorded a TTD trace in BinaryNinja - what do we do with it? In this video, you'll start to see the true benefit of TTD traces by navigating it using the BN UI 👇
youtu.be/CUu3d4QKcFs
youtu.be/CUu3d4QKcFs
🥷 With the basics of configuring TTD in BinaryNinja, the next step is to record a trace. In this video, we'll cover how to use the BinaryNinja interface to record and some benefits of using it directly 👇
youtu.be/BbLyfvgXi5s
youtu.be/BbLyfvgXi5s
02 - Recording a TTD Trace with Binary Ninja
In this video, we'll explore how to capture a TTD trace using Binary Ninja. I'll also discuss the underlying utility that Binary Ninja uses and some benefits...
youtu.be
April 23, 2025 at 5:01 PM
🥷 With the basics of configuring TTD in BinaryNinja, the next step is to record a trace. In this video, we'll cover how to use the BinaryNinja interface to record and some benefits of using it directly 👇
youtu.be/BbLyfvgXi5s
youtu.be/BbLyfvgXi5s
Control Flow Hijacking via Data Pointers
CC: Jordan Jay
www.legacyy.xyz/defenseevasi...
#infosec #hijacking #windows #binaryninja #reverseengineering
CC: Jordan Jay
www.legacyy.xyz/defenseevasi...
#infosec #hijacking #windows #binaryninja #reverseengineering
Control Flow Hijacking via Data Pointers
When performing process injection, one of the most important IOCs that make up behavioural signatures is passing execution to our shellcode. Whilst there are multiple techniques to doing so and this i...
www.legacyy.xyz
April 21, 2025 at 8:20 AM
Control Flow Hijacking via Data Pointers
CC: Jordan Jay
www.legacyy.xyz/defenseevasi...
#infosec #hijacking #windows #binaryninja #reverseengineering
CC: Jordan Jay
www.legacyy.xyz/defenseevasi...
#infosec #hijacking #windows #binaryninja #reverseengineering
At @reconmtl.bsky.social, @nicolo.dev and I discuss the current state of MBA (de)obfuscation and their applications. We’ll also introduce a new #BinaryNinja plugin for simplifying MBAs in the decompiler.
Details: cfp.recon.cx/recon-2025/f...
I'll also give a training: recon.cx/2025/trainin...
Details: cfp.recon.cx/recon-2025/f...
I'll also give a training: recon.cx/2025/trainin...
April 7, 2025 at 4:13 PM
At @reconmtl.bsky.social, @nicolo.dev and I discuss the current state of MBA (de)obfuscation and their applications. We’ll also introduce a new #BinaryNinja plugin for simplifying MBAs in the decompiler.
Details: cfp.recon.cx/recon-2025/f...
I'll also give a training: recon.cx/2025/trainin...
Details: cfp.recon.cx/recon-2025/f...
I'll also give a training: recon.cx/2025/trainin...
New heuristic in my #BinaryNinja plugin obfuscation_detection:
Duplicated Subgraphs uses iterative context hashing to spot repeated multi-block code. We merge each block’s signature with its successors over multiple rounds for efficiency.
Link: github.com/mrphrazer/ob...
Duplicated Subgraphs uses iterative context hashing to spot repeated multi-block code. We merge each block’s signature with its successors over multiple rounds for efficiency.
Link: github.com/mrphrazer/ob...
March 14, 2025 at 2:46 AM
New heuristic in my #BinaryNinja plugin obfuscation_detection:
Duplicated Subgraphs uses iterative context hashing to spot repeated multi-block code. We merge each block’s signature with its successors over multiple rounds for efficiency.
Link: github.com/mrphrazer/ob...
Duplicated Subgraphs uses iterative context hashing to spot repeated multi-block code. We merge each block’s signature with its successors over multiple rounds for efficiency.
Link: github.com/mrphrazer/ob...
New version of qiling is out!
Made the new contributors list for an IDAPython fix, but have since switched to BinaryNinja 😄 - I still use qiling a fair bit.
github.com/qilingframew...
Made the new contributors list for an IDAPython fix, but have since switched to BinaryNinja 😄 - I still use qiling a fair bit.
github.com/qilingframew...
Release Version 1.4.7 · qilingframework/qiling
What's Changed
since shell script using sh, if [[]] is a bash specific syntax by @xwings in #1370
Update saver_tendaac15_httpd.py by @xwings in #1371
Periodic maintenance PR by @elicn in #1376
fix...
github.com
March 9, 2025 at 9:54 PM
New version of qiling is out!
Made the new contributors list for an IDAPython fix, but have since switched to BinaryNinja 😄 - I still use qiling a fair bit.
github.com/qilingframew...
Made the new contributors list for an IDAPython fix, but have since switched to BinaryNinja 😄 - I still use qiling a fair bit.
github.com/qilingframew...
March 9, 2025 at 8:53 PM