Maik Morgenstern

@tom_doerr Ancient and outdated. Not working any longer.

Open source version of VirusTotal github.com/maliceio/malice

@therealdreg The only x64dbg plugin I regularly use 👍

They’ve included my DbgChild in Mandiant’s FLARE-VM security.googlecloudcommunity.com/community-blog…

@m_r_tz I just focused on the API call's and ignored most of the actual instructions. That worked surprisingly well

Here's how the obfuscation in #flareon12 challenge 7 looks like in source - all just junk code 🗑️

@malware_owl If you know you know 🤣

Fingers crossed

@hasherezade Grats!

Finally done with #flareon12. The 9th task was quite a ride. I need some tips from those who did the whole thing in less than a week.

@ReverseThatApp @Mandiant Grats for finishing so quick 💪

Really enjoyed #flareon12 — especially challenges 7, 8, and the brutal but fun final challenge (9). 🧠🔥 Thanks to @Mandiant for another amazing RE CTF. #CTF #ReverseEngineering #CyberSecurity

@ZetaTwo @vector35 @x64dbg I actually enjoy scripting Ghidra a lot now, but everybody praises Binja, I will have to take a look 😁

@TriggerMeHappy @vector35 @x64dbg I still use x64dbg for interactive debugging most of the time but I'm trying to use windbg and the built-in Binja debugger more but when it comes to static analysis I think Binja is king. The API is fantastic.

In case you haven't tried it yet: Time-Travel Debugging + @vector35 Binary Ninja integration is such a ridiculously powerful reverse engineering method.

@0xB000DEAD @harfanglab @googlecloud @Mandiant Grats, 9 was really something else =)

Done with #FlareOn12 An improvement from last year, proud to be representing @HarfangLab. The maths in #9 really threw me (most people it seems) off. More malware like #7! Big thanks to @googlecloud, @Mandiant this competition is a great opportunity to improve every year.

@x86matthew Good job, pretty fast on 9! Which was really painful 😁

finished for 2025! the final challenge was very painful but happy with the result overall 🙃 #flareon12

@malware_owl That's what I said as well, I was close to crying once I discovered another layer after having thought I am done 🤣

Challenge 7 of #flareon12 has so many junks that I almost cried. Managed to write a deobfuscator for that. Time to solve it for real ...

Challenge accepted. Challenge completed. 💪 #FlareOn12 The last one, #9 was brutal, but I made it — 30th out of 2,500+ players! Proud to have represented @ReversingLabs for the first time and placed it high on the scoreboard. Thanks @Mandiant & @googlecloud for Flare-On 12!

@willington1337 Grats, still wondering about ch9 and whether there is a shortcut or not 😁

I won Flare-On 12! Got 8th on total leaderboard. GG (btw, it's funny that message hasn't been updated to Flare-On 11 lol)

@junr0n Nice, grats! Still struggling with 9 and looking for the shortcut 😁

Finished #flareon12 in the top 10!

@SuperFashi1 It's all fun until 8 and I am lost 😐

this year's flare-on is actually chill, nothing too crazy. however, still got a technically unsolvable 6 😓

@m_r_tz Open the first four challenges for everyone now, and then open the rest at the scheduled start time =)

Timezones are hard, FLARE-On is harder! Apologies, challengers – #flareon12 had an unintentional early start. To keep things fair for everyone, we are pausing the competition. We're evaluating the situation and will provide an update around 10 AM ET.

#flareon12 is coming in hot and fast this year and will only run for 4 weeks this year instead of the usual 6. Don't miss it! flare-on.com

I don't retweet much but this is big. One of the best RE tools on Windows got even better.

@ddd1ms c.pki.goog ? How did you check for false positives in that list?

Following the DOJ and Microsoft's seizure of approximately 2,300 malicious domains that formed the backbone of Lumma’s infrastructure, I checked Malware Intelligence for more domains and found 30,068 URLs in the past month.

@cyb3rops Plus a huge clean file repo in the cloud to deal with all the false positives 😁

Funny how many AI endpoint security startups reach out to get access to our YARA rule feed and detection logic All that machine learning magic - but somehow still need our handcrafted rules included