Merci de pré-installer sur vos laptops: Docker, Python 3 et Java.

Cet atelier est accessible à ceux qui ne connaissent ni Radare2 ni Ghidra.
Mais il est conseillé d'avoir des bases en assembleur ou d'avoir déjà décompilé des binaires (qq soit le logiciel utilisé).
C'est un peu technique qd meme...

Setting up your laptop before the workshop:

- It helps if you have already installed Radare2: radare.org/n/radare2.html .

- If you want to isolate your own OS from the workshop, I recommend Exegol, or Docker, or a Kali VM.

#radare2 #exegol #docker #kali #brucon

One of the demos is here: asciinema.org/a/pBPEaJhp6c...

It demonstrates the automatic mode of r2ai, where we can ask a question whose answer requires to read/understand several functions of the binary.

#radare2 #r2ai #AI #LLM

Nevertheless, I've done more reverse engineering on Android malware than for Linux malware. I'm not "a strong expert", and r2ai lowered the bar + it quickens the analysis.

I think that's the goal of r2ai: give malware analysts a nice tip when they need one + speed up their work.

n=3

Nobody would expect me to play the violin in a concert hall tomorrow, even with the help of AI.
And, to be honest, that wouldn't even be good, it would devalue the profession.
The same applies to anti-virus research.

2/n

Thanks!

Hey, @lastpass.bsky.social I wish you'd fix that. True, it involves a malicious website, but it's really difficult to spot from the end-user's perspective.
How about asking for a confirmation password before sharing the password database perhaps?

Full explanation of why/how in my blog post: cryptax.medium.com/r2ai-with-lm...

Normally, I don't do Windows malware ;P
This blog post sparked special interest research.checkpoint.com/2025/ai-evas...

Although after this interesting read, I still wondered how the prompt was launched, exactly what for, and also what the malware did globally. So, did my own research.

If you want to follow (part) of the live reversing I did with r2ai, head here: youtu.be/o47QNN2Udto