av_eip

"geopolitics" starter pack

@halvarflake There are other countries which hold US debt too. (Japan, Europe and petrodollar economies among the biggest). China also doesn't "finance" the US debt out of benevolence. It has no other way to park its trade surplus and continue its economic growth.

... the US just prints money to repay the debt, the creditors *will* have paid for it. In the event of a US-China conflict, we also have one country fighting another using equipment financed by borrowing from the adversary. Modern finance is truly glorious.

An interesting thought experiment: The US spends a lot of money on it's military capabilities, largely financed by debt from abroad. It would like other countries to stop freeloading. But if the USD devalues vs other currencies or if the US defaults on debt repayments, or if ...

@ashl3y_shen yep ! on that note there is another similar framework released lately for agentic RE of binaries x.com/0xAmruth/statu…

A lot of malware analysts, myself included, are building something similar, so it’s amazing to see a Docker environment already bundled with the tools, MCP backend, and skills. Definitely gonna try this. Thanks for sharing!!

Introducing Kong, the world's first fully-autonomous reverse engineering agent. Target any C binary with Kong (regardless of obfuscation) and it will fully decompile it to source, along with renamed functions, explanation, and organization. Kong is virtually immune to most modern forms of obfuscation, including control flow flattening, VM protection, and instruction substitution. Try Kong here: github.com/amruth-sn/kong Live on ProductHunt: producthunt.com/products/kong-… Currently works on x86/ARM64 binaries, will be language-agnostic in the future 🙏

@mr_phrazer Nice read. Claude Code with Opus 4.6, the best 🤘

New blog post: Building a Pipeline for Agentic Malware Analysis Agentic RE + malware analysis with custom skills, MCP tooling, and persistent case state to automate intial triage Link: synthesis.to/2026/03/18/age… Github: github.com/mrphrazer/agen…

Ex-BND (German Foreign Intelligence Service) deputy chief Arndt Freytag von Loringhoven received a message from fake Signal “support” asking for his PIN. He typed it in. His contacts then got a malicious link through his hijacked account. He’s a former NATO intelligence chief, and the author of a book called Putin’s Attack on Germany, where he apparently covers Russian cyberattacks. He fell for a fake customer service message.

RE//verse 2026 talks are live on YouTube! Want to revisit a talk or catch the ones you missed? The full playlist is now available: youtube.com/playlist?list=…

@curi0usJack @0xTib3rius

The "political" compass of AI. I'm in the blue. Where are you? 👀

@anantshri Used OpenClaw/Opencode with Google AIStudio key for free on (rotation), minimax and kimi2.5 models for free on Opencode cloud, Sarvam-105b for free via API, local ollama cloud. Bill = 0$. Totally worth it for writing/testing code for new ideas💯

So we started with openclaw / clawdbot/ moltbot craze about 1.5 months ago. a quick question to those who have it running and seeing results. whats your api bills like since now everyone would have recieved first bills. is it worth it?

@KingofDwolrd @keepwatchin89 @pratykumar @AryamanBharat @SarvamAI x.com/av_eip/status/…

@KingofDwolrd @keepwatchin89 @pratykumar @AryamanBharat It does. You can make a API key on @SarvamAI dashboard and use it in opencode config json to integrate it with opencode. E.g. config pastebin.com/8DkpJyke

📢 Open-sourcing the Sarvam 30B and 105B models! Trained from scratch with all data, model research and inference optimisation done in-house, these models punch above their weight in most global benchmarks plus excel in Indian languages. Get the weights at Hugging Face and AIKosh. Thanks to the good folks at SGLang for day 0 support, vLLM support coming soon. Links, benchmark scores, examples, and more in our blog - sarvam.ai/blogs/sarvam-3…

sarvam-105b (via API) and @opencode ♥️

Reverse-engineered Coruna - a nation-state iOS exploit kit - from raw JavaScript. 28 modules, 500+ XOR strings decoded, 6,596-line teardown. PAC bypass, JIT cage escape, PACDB hash forgery. nadsec.online/blog/coruna nadsec.online/blog/coruna-te… (technical analysis more interesting, read coruna blog post first, technical analysis looks better on github, link on-site)

@k3yp0d Looks like Symantec is calling it Trojan.Fakeset security.com/threat-intelli…

@av_eip GTI call this malware STAGEHAND

Iranian APT in Copium mode: f02463bb05b85da1ed7d0f166174ef9c c2825f992911c8596411575e77b56c69722b7f4c a8c380b57cb7c381ca6ba845bd7af7333f52ee4dc4e935e98b48bb81facad72b

@jamieantisocial DDoS attack against the analyst itself 😂

i have never considered it, but yes dropping 2470 decoy files is ｔｅｃｈｎｉｃａｌｌｙ evasion.

@Myrtus0x0 @s4tan Thanks !

@av_eip @s4tan bazaar.abuse.ch/sample/0b06c6a…

Ok, we get it, LLMs can reverse malware. But, I’d love to see a fully analysis (similar to what Check Point has done with XLoader) of SmokeLoader, GuLoader, POORTRY, FlawedGrace or Nymain. Not just toy malware

@Myrtus0x0 @s4tan Can you share the hash plz, if it is on VT or abuse.ch ?

@s4tan Can confirm it doesn’t work for latest smoke haha