@cryptax.bsky.social
Android malware analysis. Ph0wn CTF founder. IoT hacking. Frequent speaker at Virus Bulletin, Insomnihack etc. Based in France.
Currently testing Bluesky. Otherwise on Mastodon.social.
Currently testing Bluesky. Otherwise on Mastodon.social.
Ca va parler de Radare2, de Ghidra, de MCP et d'assembleur en tout genre. L'objectif est d'utiliser l'IA pour faciliter la rétro-ingénierie. L'IA ne fait pas tout (par exemple, elle ne fait pas les crêpes que je compte déguster sur place), mais elle aide ... si on sait l'utiliser.
Venez !
Venez !
#UYBHYS [Vendredi 7/11 10h] WORKSHOP de Axelle Apvrille (Fortinet) :
Reverse engineering with r2ai
unlockyourbrain.bzh/ateliers/
#UYBHYS25
Reverse engineering with r2ai
unlockyourbrain.bzh/ateliers/
#UYBHYS25
November 4, 2025 at 10:44 AM
Ca va parler de Radare2, de Ghidra, de MCP et d'assembleur en tout genre. L'objectif est d'utiliser l'IA pour faciliter la rétro-ingénierie. L'IA ne fait pas tout (par exemple, elle ne fait pas les crêpes que je compte déguster sur place), mais elle aide ... si on sait l'utiliser.
Venez !
Venez !
Reposted
#UYBHYS
A l'occasion de #UYBHYS25, de 10h à 17h les vendredi 7 et samedi 8 novembre, @ratzillas.bsky.social animera, sur le parvis du #Quartz à #Brest, un atelier de démonstration de "Car Hacking", accessible à toutes et tous sans inscription. 🙂
A l'occasion de #UYBHYS25, de 10h à 17h les vendredi 7 et samedi 8 novembre, @ratzillas.bsky.social animera, sur le parvis du #Quartz à #Brest, un atelier de démonstration de "Car Hacking", accessible à toutes et tous sans inscription. 🙂
November 3, 2025 at 11:43 AM
#UYBHYS
A l'occasion de #UYBHYS25, de 10h à 17h les vendredi 7 et samedi 8 novembre, @ratzillas.bsky.social animera, sur le parvis du #Quartz à #Brest, un atelier de démonstration de "Car Hacking", accessible à toutes et tous sans inscription. 🙂
A l'occasion de #UYBHYS25, de 10h à 17h les vendredi 7 et samedi 8 novembre, @ratzillas.bsky.social animera, sur le parvis du #Quartz à #Brest, un atelier de démonstration de "Car Hacking", accessible à toutes et tous sans inscription. 🙂
Reposted
#UYBHYS #UYBHYS25 #Brest
Il reste encore des places pour quelques ateliers de vendredi et pour la journée de conférences de samedi.
Billetterie : pretix.eu/cantine/UYBH...
Il reste encore des places pour quelques ateliers de vendredi et pour la journée de conférences de samedi.
Billetterie : pretix.eu/cantine/UYBH...
Unlock Your Brain, Harden Your System #UYBHYS !
7 Novembre 2025 – 8 Novembre 2025
pretix.eu
November 3, 2025 at 12:42 PM
#UYBHYS #UYBHYS25 #Brest
Il reste encore des places pour quelques ateliers de vendredi et pour la journée de conférences de samedi.
Billetterie : pretix.eu/cantine/UYBH...
Il reste encore des places pour quelques ateliers de vendredi et pour la journée de conférences de samedi.
Billetterie : pretix.eu/cantine/UYBH...
On Thursday afternoon, I am thrilled to give my first r2ai & ghidraMCP workshop at BruCON.
Pre-requisites: you are good to go if you already have reversed a binary (with whatever #disassembler, it doesn't matter) OR if you have basic skills and understanding in #assembly.
#mcp #LLM #AI
Pre-requisites: you are good to go if you already have reversed a binary (with whatever #disassembler, it doesn't matter) OR if you have basic skills and understanding in #assembly.
#mcp #LLM #AI
September 22, 2025 at 2:41 PM
On Thursday afternoon, I am thrilled to give my first r2ai & ghidraMCP workshop at BruCON.
Pre-requisites: you are good to go if you already have reversed a binary (with whatever #disassembler, it doesn't matter) OR if you have basic skills and understanding in #assembly.
#mcp #LLM #AI
Pre-requisites: you are good to go if you already have reversed a binary (with whatever #disassembler, it doesn't matter) OR if you have basic skills and understanding in #assembly.
#mcp #LLM #AI
Slides of my prez at Barb'hack: www.fortiguard.com/events/6189/...
Understand what a recent sample of Linux/Trigona #ransomware does.
Learn how to spot #AI errors (hallucinations, omissions etc), learn how to tweak context length, output token limits to get the best out of your model.
#barbhack25
Understand what a recent sample of Linux/Trigona #ransomware does.
Learn how to spot #AI errors (hallucinations, omissions etc), learn how to tweak context length, output token limits to get the best out of your model.
#barbhack25
Publications | FortiGuard Labs
<p>This talk presents 2 different Linux malware:</p><ul><li><p>a shellcode, named Linux/Shellcode_ConnectBack.H!tr. The binary is small and compact, but traditional disassemblers like Ghidra fail to p...
www.fortiguard.com
September 1, 2025 at 8:13 AM
Slides of my prez at Barb'hack: www.fortiguard.com/events/6189/...
Understand what a recent sample of Linux/Trigona #ransomware does.
Learn how to spot #AI errors (hallucinations, omissions etc), learn how to tweak context length, output token limits to get the best out of your model.
#barbhack25
Understand what a recent sample of Linux/Trigona #ransomware does.
Learn how to spot #AI errors (hallucinations, omissions etc), learn how to tweak context length, output token limits to get the best out of your model.
#barbhack25
I had (several) interesting questions yesterday on r2ai.
One of them was that, obviously the tool needed to be used by an experienced reverse engineer.
I'd like to comment a bit further.
I feel normal that such a tool cannot be used by total beginners. All jobs require some adequate training. 1/n
One of them was that, obviously the tool needed to be used by an experienced reverse engineer.
I'd like to comment a bit further.
I feel normal that such a tool cannot be used by total beginners. All jobs require some adequate training. 1/n
August 31, 2025 at 8:38 AM
I had (several) interesting questions yesterday on r2ai.
One of them was that, obviously the tool needed to be used by an experienced reverse engineer.
I'd like to comment a bit further.
I feel normal that such a tool cannot be used by total beginners. All jobs require some adequate training. 1/n
One of them was that, obviously the tool needed to be used by an experienced reverse engineer.
I'd like to comment a bit further.
I feel normal that such a tool cannot be used by total beginners. All jobs require some adequate training. 1/n
Barb'hack is over and it was a pleasure to attend: very nice folks, friendly organizers, excellent food, best rumps lol and a CTF with a videogame interface+ challenges on Minitel. I loved it! Kudos to the staff.
#barbhack25
#barbhack25
August 31, 2025 at 5:52 AM
Barb'hack is over and it was a pleasure to attend: very nice folks, friendly organizers, excellent food, best rumps lol and a CTF with a videogame interface+ challenges on Minitel. I loved it! Kudos to the staff.
#barbhack25
#barbhack25
I've very happy to speak at Barb'hack on Saturday.
barbhack.fr/2025/fr/conf...
There will be 2 demos.
One live.
One recorded - simply because I don't have the guts to do it live ;P
We reverse engineer Linux/Trigona and Linux/Shellcode with radare2 + AI + HI
HI standards for Human Intelligence ;P
barbhack.fr/2025/fr/conf...
There will be 2 demos.
One live.
One recorded - simply because I don't have the guts to do it live ;P
We reverse engineer Linux/Trigona and Linux/Shellcode with radare2 + AI + HI
HI standards for Human Intelligence ;P
August 25, 2025 at 10:57 AM
I've very happy to speak at Barb'hack on Saturday.
barbhack.fr/2025/fr/conf...
There will be 2 demos.
One live.
One recorded - simply because I don't have the guts to do it live ;P
We reverse engineer Linux/Trigona and Linux/Shellcode with radare2 + AI + HI
HI standards for Human Intelligence ;P
barbhack.fr/2025/fr/conf...
There will be 2 demos.
One live.
One recorded - simply because I don't have the guts to do it live ;P
We reverse engineer Linux/Trigona and Linux/Shellcode with radare2 + AI + HI
HI standards for Human Intelligence ;P
Overlays are often used in Android malware.
They are actually a burden to other domains such as browser extensions. This research, by Marek Toth, shows how click jacking [on hidden overlays] can trick the end-user in sharing his/her entire password manager.
marektoth.com/blog/dom-bas...
They are actually a burden to other domains such as browser extensions. This research, by Marek Toth, shows how click jacking [on hidden overlays] can trick the end-user in sharing his/her entire password manager.
marektoth.com/blog/dom-bas...
DOM-based Extension Clickjacking: Your Password Manager Data at Risk
I described a new attack technique that I used against 11 password managers. The result was that stored data of tens of millions of users could be at risk.
marektoth.com
August 21, 2025 at 8:43 AM
Overlays are often used in Android malware.
They are actually a burden to other domains such as browser extensions. This research, by Marek Toth, shows how click jacking [on hidden overlays] can trick the end-user in sharing his/her entire password manager.
marektoth.com/blog/dom-bas...
They are actually a burden to other domains such as browser extensions. This research, by Marek Toth, shows how click jacking [on hidden overlays] can trick the end-user in sharing his/her entire password manager.
marektoth.com/blog/dom-bas...
Reposted
Last chance to share your research at VB2025.
Whether you have fresh research, practical insights, or real-world case studies to share, now is your moment to step into the spotlight!
📅 24 Aug 2025 — only 5 days left
📍 Berlin. 24–26 Sept 2025
👉 tinyurl.com/3mccm8br
Whether you have fresh research, practical insights, or real-world case studies to share, now is your moment to step into the spotlight!
📅 24 Aug 2025 — only 5 days left
📍 Berlin. 24–26 Sept 2025
👉 tinyurl.com/3mccm8br
August 19, 2025 at 3:14 PM
Last chance to share your research at VB2025.
Whether you have fresh research, practical insights, or real-world case studies to share, now is your moment to step into the spotlight!
📅 24 Aug 2025 — only 5 days left
📍 Berlin. 24–26 Sept 2025
👉 tinyurl.com/3mccm8br
Whether you have fresh research, practical insights, or real-world case studies to share, now is your moment to step into the spotlight!
📅 24 Aug 2025 — only 5 days left
📍 Berlin. 24–26 Sept 2025
👉 tinyurl.com/3mccm8br
I love this kind of analysis 😍 Well done!
Exploiting the Thermomix.
Hey @synacktiv.com can you cook me a chocolate cake? ;-)
www.synacktiv.com/en/publicati...
Exploiting the Thermomix.
Hey @synacktiv.com can you cook me a chocolate cake? ;-)
www.synacktiv.com/en/publicati...
Let Me Cook You a Vulnerability: Exploiting the Thermomix TM5
Related Work The Thermomix TM5 has previously drawn the attention of the security community, notably through research presented by Jean-Michel Besnard at SSTIC 2019 [1], which described a code execut
www.synacktiv.com
July 16, 2025 at 10:10 AM
I love this kind of analysis 😍 Well done!
Exploiting the Thermomix.
Hey @synacktiv.com can you cook me a chocolate cake? ;-)
www.synacktiv.com/en/publicati...
Exploiting the Thermomix.
Hey @synacktiv.com can you cook me a chocolate cake? ;-)
www.synacktiv.com/en/publicati...
My blog post on how AI is reshaping malware and malware analysis is out: www.fortinet.com/blog/threat-...
Examples on Linux/Trigona, Linux/Prometei, Linux/Ladvix and Android/SpyLoan.
Enjoy.
#malware #r2ai #r2 #claude #delphi #trigona #rust #flutter
Examples on Linux/Trigona, Linux/Prometei, Linux/Ladvix and Android/SpyLoan.
Enjoy.
#malware #r2ai #r2 #claude #delphi #trigona #rust #flutter
Catching Smarter Mice with Even Smarter Cats | FortiGuard Labs
Explore how AI is changing the cat-and-mouse dynamic of cybersecurity, from cracking obfuscation and legacy languages to challenging new malware built with Flutter, Rust, and Delphi.…
www.fortinet.com
July 10, 2025 at 2:39 PM
W32/SkyAI uses AI? So do I.
cryptax.medium.com/w32-skyai-us...
- Where the malware loads the AI prompt, what for, why it fails.
- How to find the encryption key with AI
- Extract & decrypt the embedded PE
- How the malware checks if it's on a VM
- R2ai tips when curl argument is too long
cryptax.medium.com/w32-skyai-us...
- Where the malware loads the AI prompt, what for, why it fails.
- How to find the encryption key with AI
- Extract & decrypt the embedded PE
- How the malware checks if it's on a VM
- R2ai tips when curl argument is too long
W32/SkyAI uses AI? So do I.
A new sample, named W32/SkyAI (or Topozuy, or Skynet), has recently emerged, showing use of a AI prompt bypass attempt. Perfect occasion to…
cryptax.medium.com
July 4, 2025 at 12:43 PM
W32/SkyAI uses AI? So do I.
cryptax.medium.com/w32-skyai-us...
- Where the malware loads the AI prompt, what for, why it fails.
- How to find the encryption key with AI
- Extract & decrypt the embedded PE
- How the malware checks if it's on a VM
- R2ai tips when curl argument is too long
cryptax.medium.com/w32-skyai-us...
- Where the malware loads the AI prompt, what for, why it fails.
- How to find the encryption key with AI
- Extract & decrypt the embedded PE
- How the malware checks if it's on a VM
- R2ai tips when curl argument is too long
Reposted
June 30, 2025 at 4:27 PM
Vous connaissez les vidéos de @tixlegeek.bsky.social ? Avec cet adorable Tux animé ? Ben, ça me faisait trop envie. Alors j'ai fait pareil avec Pico le Croco ! J'ai repris les explications de
@tixlegeek.bsky.social dans le Twitch @laluka.bsky.social EP 193, et j'ai codé pour Pico :)
@tixlegeek.bsky.social dans le Twitch @laluka.bsky.social EP 193, et j'ai codé pour Pico :)
June 30, 2025 at 4:48 PM
Vous connaissez les vidéos de @tixlegeek.bsky.social ? Avec cet adorable Tux animé ? Ben, ça me faisait trop envie. Alors j'ai fait pareil avec Pico le Croco ! J'ai repris les explications de
@tixlegeek.bsky.social dans le Twitch @laluka.bsky.social EP 193, et j'ai codé pour Pico :)
@tixlegeek.bsky.social dans le Twitch @laluka.bsky.social EP 193, et j'ai codé pour Pico :)
Nicolas Rouvière, of Ph0wn and SHL, will show you how to use Qiling in practice, for dynamic binary emulation. Don't miss it: on-site at SHL (Vallauris), June 19 at 7pm.
In 2024, Nicolas used Qiling to solve the Ph0wn CTF teaser. See how here: github.com/ph0wn/writeu...
#qiling #CTF #binary
In 2024, Nicolas used Qiling to solve the Ph0wn CTF teaser. See how here: github.com/ph0wn/writeu...
#qiling #CTF #binary
June 17, 2025 at 8:14 AM
Nicolas Rouvière, of Ph0wn and SHL, will show you how to use Qiling in practice, for dynamic binary emulation. Don't miss it: on-site at SHL (Vallauris), June 19 at 7pm.
In 2024, Nicolas used Qiling to solve the Ph0wn CTF teaser. See how here: github.com/ph0wn/writeu...
#qiling #CTF #binary
In 2024, Nicolas used Qiling to solve the Ph0wn CTF teaser. See how here: github.com/ph0wn/writeu...
#qiling #CTF #binary
Hey, I'd like to share the best talks/papers/videos/tools/CTF challenges I encountered in 2025 H1.
This is the official "Cryptax Award 2025 H1" (lol). Congrats!
cryptax.github.io/nomination-2...
cc: @elbsides.bsky.social @northsec.io @radareorg.bsky.social @bsideskrs.bsky.social
This is the official "Cryptax Award 2025 H1" (lol). Congrats!
cryptax.github.io/nomination-2...
cc: @elbsides.bsky.social @northsec.io @radareorg.bsky.social @bsideskrs.bsky.social
Cryptax Nomination Awards 2025 H1
Cryptax Nomination Awards. Lol. In other words, I’m listing my favorite talks, papers, challenges (etc) for the first half of 2025. Nothing more than that. Okay?
H1 2025 Category Nominated Best cyberc...
cryptax.github.io
June 14, 2025 at 8:32 AM
Hey, I'd like to share the best talks/papers/videos/tools/CTF challenges I encountered in 2025 H1.
This is the official "Cryptax Award 2025 H1" (lol). Congrats!
cryptax.github.io/nomination-2...
cc: @elbsides.bsky.social @northsec.io @radareorg.bsky.social @bsideskrs.bsky.social
This is the official "Cryptax Award 2025 H1" (lol). Congrats!
cryptax.github.io/nomination-2...
cc: @elbsides.bsky.social @northsec.io @radareorg.bsky.social @bsideskrs.bsky.social
How many times will I have to say this?
Antivirus is not stupid and does NOT rely on fixed hashes or whatever to detect malware.
This is an outdated myth from prehistoric times.
Malware "signatures" understand binary formats + assembly and can easily dynamically detect variants.
Antivirus is not stupid and does NOT rely on fixed hashes or whatever to detect malware.
This is an outdated myth from prehistoric times.
Malware "signatures" understand binary formats + assembly and can easily dynamically detect variants.
June 13, 2025 at 9:46 AM
How many times will I have to say this?
Antivirus is not stupid and does NOT rely on fixed hashes or whatever to detect malware.
This is an outdated myth from prehistoric times.
Malware "signatures" understand binary formats + assembly and can easily dynamically detect variants.
Antivirus is not stupid and does NOT rely on fixed hashes or whatever to detect malware.
This is an outdated myth from prehistoric times.
Malware "signatures" understand binary formats + assembly and can easily dynamically detect variants.
Keynotes are a difficult exercises (for me). I'll be closing the @elbsides.bsky.social conference tomorrow with a *Quizz* keynote on how AI is used by malware authors (attack) and malware analysts (defense).
I even hope to have time for a short demo :)
#AI #malware #keynote #elbsides
I even hope to have time for a short demo :)
#AI #malware #keynote #elbsides
June 12, 2025 at 7:53 AM
Keynotes are a difficult exercises (for me). I'll be closing the @elbsides.bsky.social conference tomorrow with a *Quizz* keynote on how AI is used by malware authors (attack) and malware analysts (defense).
I even hope to have time for a short demo :)
#AI #malware #keynote #elbsides
I even hope to have time for a short demo :)
#AI #malware #keynote #elbsides
Reposted
📣 📣 Elbsides 2025 conference is fully booked 📣 📣
Really looking forward to seeing a full conference room on Friday and listening to our wonderful speakers presenting their latest insights.
#Elbsides2025 #Infosec #Cybersecurity #Hamburg
Really looking forward to seeing a full conference room on Friday and listening to our wonderful speakers presenting their latest insights.
#Elbsides2025 #Infosec #Cybersecurity #Hamburg
June 11, 2025 at 8:15 PM
📣 📣 Elbsides 2025 conference is fully booked 📣 📣
Really looking forward to seeing a full conference room on Friday and listening to our wonderful speakers presenting their latest insights.
#Elbsides2025 #Infosec #Cybersecurity #Hamburg
Really looking forward to seeing a full conference room on Friday and listening to our wonderful speakers presenting their latest insights.
#Elbsides2025 #Infosec #Cybersecurity #Hamburg
MCP should ask for user approval for each of its steps. And I mean not just high level questions "are you ok that I rename this file?" but we need to see exactly what is going to run on our host: e.g. "mv file1 file2", and only that can get executed.
1/2
1/2
June 7, 2025 at 7:01 AM
MCP should ask for user approval for each of its steps. And I mean not just high level questions "are you ok that I rename this file?" but we need to see exactly what is going to run on our host: e.g. "mv file1 file2", and only that can get executed.
1/2
1/2
Interesting read: invariantlabs.ai/blog/mcp-git...
It shows how GitHub MCP can be exploited to leak private information. You create a dummy issue with a prompt that asks to leak the information, and there it goes.
It shows how GitHub MCP can be exploited to leak private information. You create a dummy issue with a prompt that asks to leak the information, and there it goes.
GitHub MCP Exploited: Accessing private repositories via MCP
We showcase a critical vulnerability with the official GitHub MCP server, allowing attackers to access private repository data. The vulnerability is among the first discovered by Invariant's security ...
invariantlabs.ai
June 7, 2025 at 6:58 AM
Interesting read: invariantlabs.ai/blog/mcp-git...
It shows how GitHub MCP can be exploited to leak private information. You create a dummy issue with a prompt that asks to leak the information, and there it goes.
It shows how GitHub MCP can be exploited to leak private information. You create a dummy issue with a prompt that asks to leak the information, and there it goes.
Reposted
📣 📝 We are proud to announce the #r2con2025 call for papers! Expect it online and around Nov/Dec! Submit your talk proposals and stay tuned for updates!
👉 radare.org/con/2025
👉 radare.org/con/2025
June 5, 2025 at 10:24 PM
📣 📝 We are proud to announce the #r2con2025 call for papers! Expect it online and around Nov/Dec! Submit your talk proposals and stay tuned for updates!
👉 radare.org/con/2025
👉 radare.org/con/2025