Matthieu Walter

Speakeasy emulator v2b1 is here! 🚀 Massive upgrade thanks to @williballenthin. Modernized codebase using Unicorn 2. Now handles complex multi-stage unpacking and deep system introspection. API traces on par with sandbox analysis. github.com/mandiant/speak… pypi.org/project/speake…

@m_r_tz Less math, more malware ! Not a single VM was ruined this year and this feels wrong 🥲 (love you anyway)

To all #flareon12 finishers: CONGRATULATIONS and please provide your feedback on this year's challenges 🙂

#flareon12 challenges 7 to 9 were pretty cool, even though 9 was pretty punitive. A bit too much math and not enough malware for my taste. Still hope they can keep the yearly burnout tradition alive in the future ;-)

La team @FlatNetworkOrg tfns.fr ctftime.org/team/87434/ The Flat Network Society TOP 5 Mondial CTFTime gagne des bons d'achats 🍖, des médailles de bronze gravées Barbhack, des bières édition limitée, un module #flipperzero Messenger

Given the recent events with VMPSoft DMCA'ing educational YouTube videos demonstrating how to unpack malware protected with VMProtect, we have decided to release a free to use unpacker which works for all versions of VMP 3.x including the most recent version. Simply sign up/login here: app.codedefender.io and then click on "Unpacker" on the top right corner. For context: x.com/rhotav/status/… x.com/allthingsida/s… x.com/herrcore/statu…

After #flareon11 challenge 7, I got inspired to build tooling for #dotnet Native AOT reverse engineering. As such, I built a #Ghidra Analyzer that can automatically recover most .NET types, methods and frozen objects (e.g., strings). Blog:👉blog.washi.dev/posts/recoveri…

Excellent post on quick and dirty Lumma control flow deobfuscation using ghidralib and Python cert.pl/en/posts/2025/…

We released a few more video of Recon 2024. @oliverlavery @_revng @ergrelet @lauriewired @allthingsida @buherator @reconmtl" target="_blank" rel="nofollow noopener">youtube.com/@reconmtl recon.cx #reverseengineering #cybersecurity Have a good weekend!

PyGhidra (Python3 Ghidra) is official now!

⌛ This series will take you through installing WinDbg and configuring Binary Ninja to use the WinDbg engine to create and use TTD traces. It will also show you how to capture TTD traces and replay them in Binary Ninja 👇 buff.ly/3Q8jMJd

I have a banger #BinaryRefinery release for y'all. Version 0.8.2 adds support for InnoSetup extraction: Thanks to @malcat4ever for porting part of innoextract to Python, it served as the main template for my code. Many thanks also to @SquiblydooBlog who pointed this out to me.

Remote code execution on a Yamaha piano. psi3.ru/blog/swl01u/

RULECOMPILE - Undocumented Ghidra decompiler rule language. A blog post about how frustration with poor decompilation led me to dive deep into Ghidra's decompiler to discover (and reverse-engineer) - an obscure, undocumented DSL msm.lt/re/ghidra/rule… #reverseengineering #ghidra

🚀Excited to announce ghidralib - a library that makes #Ghidra scripts drastically shorter and easier to write. I've been using it daily for #reverseengineering and decided it’s time to share! Check it out: github.com/msm-code/ghidr… And the docs: msm-code.github.io/ghidralib/ #infosec

I recently added a new #BinaryRefinery tutorial: github.com/binref/refiner… This one follows the same steps as a very cool #MalCat blog article (thanks to @malcat4ever!)

Reversing virtualized binaries is no easy task. Our intern Jack took on exploring automated devirtualization techniques, and presents in our latest blog post an efficient, modular, taint-based approach that leverages LLVM IR: blog.thalium.re/posts/llvm-pow…

🎙️ Live streams resume tomorrow - Jesko Huttenhain (@huettenhain) joins us tomorrow at 11am CST to discuss data transformations with #BinaryRefinery! youtube.com/live/-B072w0qj…

I just published my writeups for all challenges of #flareon11: 👉 washi1337.github.io/ctf-writeups/w… 👉 blog.washi.dev/posts/flareon1… Hope you like them as much as I liked writing them!

@allthingsida @_marklech_ It’s often at least worth trying it :-)

@matth_walter @_marklech_ Funny, we have very similar approaches :P

#flareon11 challenge 10 - almost blackbox vm solves: github.com/matthw/ctf/tre… / sorry @_marklech_ i didnt put more effort into it after the serpentine burnout, was a good one tho :)