MalChela 3.2: More Cowbell? More Intel! One of the things I value most about the open-source community is that the best improvements to a tool often don’t come from inside it — they come from outside conversations.  A short while back, the author of mlget, xorhex,  reached out and suggested I add more malware retrieval sources to FOSSOR, one of my earlier tools for pulling down samples from threat intel repositories.  

MalChela 3.2: More Cowbell? More Intel!

One of the things I value most about the open-source community is that the best improvements to a tool often don’t come from inside it — they come from outside conversations.  A short while back, the author of mlget, xorhex,  reached out and suggested I add…

For the few people using #BinYars, it has been updated to support #BinaryNinja 5.3 and now targets YARA-X 1.15.0

Update via Binja's plugin manager to get the latest.

github.com/xorhex/BinYa...

#YARA #YARAX

JSAC 2026 videos: www.youtube.com/playlist?lis...

NDSS 2026 videos: www.youtube.com/@NDSSSymposi...

Binary Ninja - Binary Ninja 5.3 (Jotunheim) Binary Ninja is a modern reverse engineering platform with a scriptable and extensible decompiler.

Binary Ninja 5.3 (Jotunheim) is released: binary.ninja/2026/04/13/b...

Major updates: NDS32 support, AArch64 ILP32 ABI, new Universal MachO UI, way more containers, command palette upgrade, type library helpers, ghidra gzf export, updated IDB import, HW and conditional breakpoints, and much more!

REWorkshop - Axios supply chain attack retrospective
🔔 twitch.tv/azakasekai
🔔 youtube.com/live/RxeAPsO...

It’s trite but this marks the dawn of a new era of hacking. This is Pandora’s box and we just have to hope that some of the defender benefits outweigh the bad.

These are the technical details of the hack of the government of Mexico using AI. cdn.prod.website-files.com/69944dd945f2...

📣 Our own @cxiao.net will be speaking at @rustconf.com this year, with the talk "Reverse Engineering Rust Malware in 2026"! sched.co/2KHt7

Rust is now a popular language not only for writing legitimate software, but also for writing malware. How are malware reversers dealing with this?

#RustConf

#binjaextras has been updated to allow for type information to be applied to both struct members and global variables.

Local instance of OALab's hashdb has been added as well - see setup info here: github.com/xorhex/binja...

Install/update binjaextras via the plugin manager!

#BinaryNinja

#mustangpanda

The history of BumbleBee's relationship with certificates can be viewed a few ways with CertGraveyard. You can review via a table, a graph, or download the whole database to transform the data yourself.
4/4

two men are standing next to each other and one of them is wearing a shirt that says nuts ALT: two men are standing next to each other and one of them is wearing a shirt that says nuts

Two for one today! Added support for console.log(offset, length) to the console module in YARA-X, per the suggestion of a user. Makes it nicer to work with arbitrary sequences of bytes. Hopefully it makes it in the next release!

Label yourself We all take on different roles in relation to our friends, neighbors, family members, and colleagues. Keep those different roles clear in your many Signal group chats by using group member labels, now...

New: Group member labels, a way to describe yourself or your role in a group chat, only visible to that group chat.

Label yourself the “Goalie” to your soccer team or “Favorite Child” to your family to stir some drama.

Available on Android, Desktop & iOS
signal.org/blog/group-m...

Get your tickets (and CFPs) now! This conference is always a great time and you learn a lot.

Real world example, LoJax

Your UEFI firmware can drop a binary into Windows on every boot via Windows Platform Binary Table. OEMs use it for bloatware persistence. Attackers use it the same way. One reg key kills it:

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v DisableWpbtExecution /d 1 /t REG_DWORD /f

RE//verse 2026 talks are live on YouTube! Want to revisit a talk or catch the ones you missed? The full playlist is now available:
youtube.com/playlist?lis...

RE//verse 2026: Reversing AoE 2: Upgrading tools from Dark Age to Castle Age by Carl Svensson YouTube video by REverse Conference

My @REverseConf talk about reverse engineering #AoE2 is now available on YouTube: www.youtube.com/watch?v=Dp-I... check it out and hear about some reverse engineering techniques and a code pattern matching tool I released: github.com/ZetaTwo/bnil...

GitHub - decoderloop/rust-malware-gallery: A collection of malware families and malware samples which use the Rust programming language. A collection of malware families and malware samples which use the Rust programming language. - decoderloop/rust-malware-gallery

Looking for #RustLang samples to practice your reverse engineering skills on? Just since January, we've added samples from 8 different #malware families to the Rust Malware Sample Gallery: github.com/decoderloop/...

1) KCVY OSLOCK Ransomware
2) An unnamed Rust DDoS botnet
3) FunkSec Ransomware

🧵

RationalEdge REDS now supports #APK analysis for #Android #malware, along with LLM-assisted code explainability.

If you're looking for a malware repository/analysis platform, reach at rationaledge.io

MoRE to come @rationaledge.bsky.social
#ThreatResearch #ThreatIntel #CTI #ReverseEngineering 1/3

The dark money group’s democracyunmuted[.]org domain is almost certainly administered using the same Cloudflare account as demfluencers[.]com.

The latter—originally registered in June 2025 and operational in the Nov/Dec timeframe—claims to provide paid opportunities and access for influencers.

📣 #PIVOTcon26 Agenda is here 🤟 We are thrilled to announce the lineup for this year's edition!
2⃣ days and 19 talks from leading #ThreatResearch experts.
The agenda link is in the first comment👇, and the talks and speakers are in the thread.🧵
#CTI #ThreatIntel
1/15

😬

Victor just released v1.14.0 - improvements in macho module, tighter code generation in the compiler and the new “deps” command.

Congratulations to everyone involved!

github.com/VirusTotal/y...

a man in a suit and tie stands in front of an amazon prime logo ALT: a man in a suit and tie stands in front of an amazon prime logo

We are still finalising the agenda and the updated website, so the #PIVOTcon26 lineup announcement will be made early next week.
#CTI #ThreatIntel #ThreatResearch
#StayTuned

never ask a researcher for their config parser code because it's gonna be the most spaghetti thing you've ever seen

yr + nushell, cause why not?

Reverse engineers often spend significant time deciphering third-party libraries within firmware. My talk, scheduled for Friday at 5 PM at Reverse, introduces SightHouse, an open-source initiative aimed at automatically identifying third-party functions to enhance analysis efficiency.

RE//verse 2026 - Reverse Engineering Conference Join us March 5-7, 2026 in Orlando, FL. Premier reverse engineering, vulnerability research, and malware analysis conference with world-class trainings and talks.

@re-verse.io has lighting talks 🤔

Wonder if I can dust the cobwebs off of this deob-CFF project and get it working prior to Saturday. Chances are low but going to try 😅 re-verse.io

PlugX is a long-running Remote Access Trojan (RAT) that has been consistently linked to multiple China-aligned threat actors and espionage operations worldwide.
Lab 52 | S2 Grupo
lab52.io/blog/plugx-m...

#MustangPanda