Thanks to @elykdeer.bsky.social and the @binary.ninja team for having me on the AI vs AI Binary Ninja stream. Great discussion on agentic RE, tooling, and feedback loops.
www.youtube.com/watch?v=TBqB...
This Thursday I'm joining @binary.ninja's live to put LLM-powered reverse-engineering workflows head-to-head.
We compare Binja's client-side LLM integrations vs. fully headless agents
Expect practical workflow comparisons, lots of fun, and a bit of chaos.
The recording of my first Binary Cartography webinar is now public:
Agentic Reverse Engineering: How AI Agents Are Changing Binary Analysis
Topics: keygenning, cracking & anti-tamper removal
Recording: www.youtube.com/watch?v=DZcD...
Slides/code/samples: github.com/mrphrazer/bi...
Agentic reverse engineering can do a lot, but obfuscation still breaks many analysis workflows in malware and commercial software.
If you want to learn how to build & steer automation for analyzing protected code, check out my training at @reconmtl.bsky.social :
recon.cx/2026/en/trai...
New blog post: Building a Pipeline for Agentic Malware Analysis
Agentic RE + malware analysis with custom skills, MCP tooling, and persistent case state to automate intial triage
Link: synthesis.to/2026/03/18/a...
Github: github.com/mrphrazer/ag...
I also published my Ghidra Headless MCP that follows similar design principles: github.com/mrphrazer/gh...
Recently my RE workflow moved into sandboxed VMs where agents have full control over the environment. I needed an MCP server that runs headless in the same sandbox and exposes way more of the #BinaryNinja API than others.
Here's the release: github.com/mrphrazer/bi...
New chapter: I've transitioned to a part-time Chief Scientist role at @emproofsecurity.bsky.social .
I’m shifting my focus to my independent work in reverse engineering:
trainings • consulting • tooling • research
Details: synthesis.to
Happy to bring my Software Deobfuscation Techniques training back to @reconmtl.bsky.social - June 15–18, 2026 in Montreal!
Learn systematic approaches to defeating modern obfuscation found in DRM/anti-tamper & APT malware.
recon.cx/2026/en/trai...
Happy to share that later today (Friday, Nov 14, at 10:00 PM CET / 16:00 ET), I’ll be live on the #BinaryNinja livestream to talk about (anti-)reverse engineering & code (de)obfuscation. I'll also showcase some of my plugins.
www.youtube.com/watch?v=GQtX...
Impressive reverse engineering kung fu against widevine L3 by Felipe (x.com/_localo_) ! #hacklu
Cc @mrphrazer.bsky.social
The recording of our (CC @nicolo.dev ) talk "Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications" at @reconmtl.bsky.social is now online!
Recording: www.youtube.com/watch?v=QxSG...
Slides: synthesis.to/presentation...
#BinaryNinja Plugin: github.com/mrphrazer/ob...
The new version of my #BinaryNinja plugin Obfuscation Analysis (v1.2) adds recursive function inlining in the decompiler.
It collapses call-heavy code into a single function; analysis, constant propagation, DCE and other analyses work across boundaries.
github.com/mrphrazer/ob...
We at @emproofsecurity.bsky.social open-sourced a free firmware reverse engineering workshop for self-study.
Topics: ELF analysis, cracking, malware triage, embedded-Linux, bare-metal, crypto-key extraction, anti-analysis. Docker setup and solutions included.
github.com/emproof-com/...
Reminder: If you’re interested in learning how to analyze and deal with obfuscated code, you’re welcome to join my training at @hexacon.bsky.social from October 6-9.
You can still register here: www.hexacon.fr/trainer/blaz...
Congrats!
A side-by-side view of Ghidra's decompiler. Left is the raw output, right is the output enhanced by the LLM.
Based on research by @mrphrazer.bsky.social and @mu00d8.bsky.social, presented at RECon 2024, I used graph theory code from Ghidra's codebase to select the order in which functions are sent to the LLM, ensuring as much context as possible is retained. The script is aptly named GhidrAI!
5/n
The slides from our @reconmtl.bsky.social talk, "Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications" (CC @nicolo.dev ), are now online!
Slides: synthesis.to/presentation...
Plugin: github.com/mrphrazer/ob...
Tomorrow at 3:30 pm, @nicolo.dev and I will present our talk “Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications” at @reconmtl.bsky.social !
Details: cfp.recon.cx/recon-2025/t...
Plugin release: github.com/mrphrazer/ob...
Reminder: If you’re interested in code deobfuscation, you’re welcome to join my training at @reconmtl.bsky.social Montréal from June 24-27.
You can still register here: recon.cx/2025/trainin...
Honored to join @jstrosch.bsky.social on his podcast "Behind the Binary"! We discussed my RE journey, identifying & analyzing obfuscated code, software protection in industry vs malware, the dynamic between building & breaking protections, and others.
open.spotify.com/episode/7yJB...
New #BinaryNinja plugin: Obfuscation Analysis
Simplifies arithmetic obfuscation (MBA) directly in the decompiler (see demo below). Also identifies functions with corrupted disassembly.
Co-authored by @nicolo.dev; available in the plugin manager.
github.com/mrphrazer/ob...
Excited to teach my class on software deobfuscation in Paris at @hexacon.bsky.social , Oct 6–9, 2025!
Learn advanced techniques to defeat state-of-the-art obfuscation in DRMs & APT malware.
www.hexacon.fr/trainer/blaz...
Reminder: Training registrations are still open for my deobfuscation training at REcon Montreal. Secure your spot before prices go up on May 1!
At @reconmtl.bsky.social, @nicolo.dev and I discuss the current state of MBA (de)obfuscation and their applications. We’ll also introduce a new #BinaryNinja plugin for simplifying MBAs in the decompiler.
Details: cfp.recon.cx/recon-2025/f...
I'll also give a training: recon.cx/2025/trainin...
New heuristic in my #BinaryNinja plugin obfuscation_detection:
Duplicated Subgraphs uses iterative context hashing to spot repeated multi-block code. We merge each block’s signature with its successors over multiple rounds for efficiency.
Link: github.com/mrphrazer/ob...
RE//verse training registration closes today! Have to finalize count for the hotel. If you still want to join after registration closes, contact us ASAP as some extra slots may be available. https://re-verse.io/#trainings
My class on code deobfuscation at REcon Montreal (June 24-27) is now open for registration! Learn how to analyze obfuscated code and break it by writing custom tools using symbolic execution, SMT solving, and program synthesis.
Details & Register: recon.cx/2025/trainin...
Last Thursday, I gave a webinar on anti-reverse engineering techniques like obfuscation, anti-debug, anti-tamper etc, including practical examples. Recording, slides and examples are now available.
Recording: www.youtube.com/watch?v=Ie1e...
Slides, Code & Samples: github.com/emproof-com/...
The line-up for @re-verse.io is impressive, but one talk I’m particularly excited about is from Vikas Gupta and Peter Garba:
“Standing on the Shoulders of Giants: De-Obfuscating WebAssembly using LLVM”
re-verse.sessionize.com/session/763329
