x86byte

Whatever the brands of your smartphone are no guarantee of digital security because attackers keep evolving their game. 👨‍💻🏴

@SpinkaMilan looks like was developed by lumma stealer developers, they use like this kind of encryption tricks, lol (kidding)

Sometimes, reversing #malware teaches you random fun facts. For example: Did you know that encrypted Discord tokens stored on disk are prefixed with the YouTube ID of "Never Gonna Give You Up" by Rick Astley? 🎸

@HackingLZ S3 bucket is alive with 849 files 😱😱😱

Free research Fridays? hXXp://139.162.182.252:8080/

@HackingLZ lmfao

@HackingLZ nice bash history

@0xfluxsec honestly I’d resolve those targets faster with a tiny IDAPython script (or manually)

@x86byte You’d think it’s something common enough they’d figure it out, but then, I’ve never written a decompiler haha. I wanna try Microsoft’s rust plugin to see if that tries to resolve dynamic dispatch. I’ll try tonight

For Red Team tools, to make it harder and more annoying for static analysis, at least by to a human eye, vtables in dynamic dispatch can help (somewhat) obfuscate calls. I would quite like to disas this with some Ida rust plugins and see if it can be smarter about pulling out vtables in the decomp. If you can write some absolutely diabolic code that decompiles to noise and stick some cheeky dyn's in there it could be hard to spot. See also the massive difference in how the compiler treated both dynamic dispatch scenarios, the first decompiles as we would expect with vtables, the second - the compiler was smart enough about. I mentioned a human eye above, this is a very simple program obv, but I attached an MCP and asked Claude to tell me what the program did and you can see what it said in the screenshot.

@vxunderground MSRC blog post basically: please stop leaking 0days bro we can fix this relationship

Microsoft Security Response Center put out a blog post today about Eclipse Nightmare guy Basically they think he's super mean and totally not cool he's dropping zero days. They say you're a jerk if you do this stuff because it's dangerous and stuff microsoft.com/en-us/msrc/blo…

@aaravdayal am kidding too haha :)

@x86byte ????

sbox Compile-time AES string obfuscation for C++. No XOR. No delimiters. No plaintext in .rdata. github.com/x86byte/sbox

@aaravdayal lol, real xor :3

@x86byte Liar. Saw XOR

@axelriet ??

@x86byte ADVobfuscator?

@unknowncheatsme Respect, appreciate the star :3

@x86byte Cool., I give star. REspect.

@PELock until it hits real world cfg flattening, handler indirection, self modifying VMs and 20k+ instruction traces!!?

@x86byte Well, the Claude 4.7 handles obfuscation and virtualization like VMprotect pretty good ;)

@PELock i tested LLM assisted reversing before against Obfusk8 At some point you're just feeding thousands of transformed instructions and CFG noise into the context window 😭 mostly turns into token burning instead of meaningful analysis :(

@x86byte Nice work, have you tried it against LLMs?

IDA seeing random db 58h, db E9h blocks while the CPU executes them perfectly: ‘bro skipped the disassembler tutorial’

Static Devirtualization of Themida/CodeVirtualizer. The techniques in this article apply to pretty much every virtual machine obfuscator with minor modifications. back.engineering/blog/09/05/202… Original Program & Devirtualized Output github.com/backengineerin…

Always happy to see more people get into LLVM-based deobfuscation!

Someone just dropped a pre-built, fully jailbroken IOS 26 virtual machine. You can test tweaks and exploits without ever risking your real Iphone. It comes ready-to-run with rootless, Sileo, Filza, and TrollStore vibes. 100% Open Source.

@mr_phrazer can u add an deobfuscator called github.com/NaC-L/Mergen before doing the analysis of big binaries...?

New blog post: Building a Pipeline for Agentic Malware Analysis Agentic RE + malware analysis with custom skills, MCP tooling, and persistent case state to automate intial triage Link: synthesis.to/2026/03/18/age… Github: github.com/mrphrazer/agen…

@belabs_engineer has released a binary polynomial MBA explorer. You can check out the website here: tools.codedefender.io