allthingsida

My talk at RE//verse is online, pure geek entertainment youtube.com/watch?v=UKGH_Y… Slides #slide=id.g58816a5281_0_0" target="_blank" rel="nofollow noopener">docs.google.com/presentation/d… CosmicHammer project - send us your bitflips github.com/fuzzsociety/Co… Please give it some RT love, this is the ultimate twist of rowhammer @halvarflake @moyix

Recently my RE workflow moved into sandboxed VMs where agents have full control over the environment. I needed an MCP server that runs headless in the same sandbox and exposes way more of the #BinaryNinja API than others. Here's the release: github.com/mrphrazer/bina…

We @binarly_io just open-sourced our VulHunt framework at @REverseConf! GitHub: github.com/vulhunt-re/vul… Documentation: vulhunt.re/docs Slack: join.slack.com/t/vulhunt/shar… vulhunt.re

The slides from my @REverseConf talk, "Challenges in Decompilation and Reverse Engineering of CUDA-based Kernels", are now online! Slides: nicolo.dev/files/pdf/reve… Plugin: github.com/seekbytes/ptxN…

Built WinGraph, my new project - a BloodHound-style dependency visualizer for every binary in Windows System32 directory. 4,000+ DLLs, EXEs. Every import. Every export. One interactive graph. Check it out now : wingraph.m0n1x90.dev

Sharing this repo where I plan to keep posting Vibe-Reverse Engineered (with idasql) targets. A few more targets in the way, dealing with more obfuscation and what not. No rocket science just basic scenarios. github.com/0xeb/vibe-re/

⚡Check out what we have in store for IDA in 2026... We’re expanding technical depth, improving performance, strengthening collaboration, and introducing a new generation of scalable RE tools. Read our 2026 Product Vision: hex-rays.com/blog/2026-prod…

If you want a really honest case study of this, please read: research.checkpoint.com/2025/generativ…

@Steph3nSims @offby1security Very cool. Congrats.

It was good to be back on the Soft White Underbelly YouTube channel with Mark Laita again to talk about AI in the offensive security space. I did the interview a month ago and already wish I could update the things I said! Be sure to follow the @offby1security YouTube channel! youtu.be/1ZfZDEcl0ZI?si…

@Changeo66 Ah yeah. It is not as trivial as what you see. You are right, Codex was not happy at first. But you can lie to it. But also, you can always switch to local models to complete the job.

@allthingsida Codex may refuse to output code for security reasons.

In this scenario, I let loose idasql+Codex CLI on a malicious C++ EXE and let it tell me how it works, write a report, find embedded keys, IOCs, rebuild the sources, etc. Basically just vibe RE. Barely touched IDA UI, only to verify and navigate a bit.

During such sessions, you can keep asking questions, keep improving the database by just prompting, have it write code or simply lift/reconstruct the underlying target into a language of your choice, etc. idasql makes it extremely easy to RE back clean closed source binaries into working form, in the same fashion as vibe coding techniques.

In this scenario, I was showing my non technical friend, with no IDA or RE knowledge, how we can just open Copilot CLI and have a chat with Notepad.exe . I started with the /idasql skill and asked it to load the binary in the background. I concluded the chat by asking about telemetry inside Notepad in Windows 11. It was a fun, casual and non technical chat with Notepad.

@call_pop_rax It depends on the operator and with the proper tooling, I see no reason as to why not.

@allthingsida Does vibe-RE work well against some heavily obfuscated binary?

@Changeo66 What do you mean?

@allthingsida How did you convince Codex to execute your command?

Treat it like vibe coding. Progressive. Warm up is a bit slow as the context is being built. Then explore as you go. If you feel confident, ask it to go recursive and give it an end goal. I like to see working with idasql and an IDA database, like reverse building the source code again. It can take a week, but it is satisfying to slowly recover and rebuild everything. IDA will be your "editor". You watch as your database gets in shape and is cleanly enhanced. I am talking from experience. This is not related to idasql in particular, but it is the whole experience/tooling. For instance, there's bnsql that allow you to do the same stuff with the same prompts but with BN as the engine. The disassembler/decompiler itself is useful to ground the agent/LLM.

@allthingsida How good do your prompts have to be ?

I know a video about how to use idasql and how to configure is due. Meanwhile, some basic stuff it can do: Let Copilot CLI (autopilot mode) + Opus 4.6 | GPT 5.3-codex-high + idasql go after Beep.sys driver, and recover it fully: - The models know about drivers RE - They can nicely follow and recursively deal with dispatch table - Recover the driver object extension type - Systematically go after the whole binary Of course, all of the above are basic scenarios that 'just work' due to how agent harnesses work when given the right tools. idasql is just one tool in your arsenal, it is not magic and with other tools and the right prompting, you can have a more pleasant experience with IDA.

@clearbluejar I know nothing about Ghidra, PyGhidra, etc. but I am learning a bit.

@allthingsida Ha, yeah. Spinning up pyghidra each time was way too slow. MCP handles Ghidra's complex state, cuts startup time, and boosts tool accessibility. CLI + MCP combo enables fast back-and-forth via quick HTTP requests. Maybe someday :)

Building driver analysis via a new skills.md using the new pyghidra-mcp-cli 👀 The new CLI is perfect to integrate into your Pi / Opencode / ClaudeCode / Codex reversing workflow.

@xiaolin A good model, and objdump is all you need ;)

@allthingsida Radare2 is good enough for this case.