Erwan Grelet
@ergrelet.bsky.social
Fond of reverse engineering and software development.
Doing security engineering at some company.
Doing security engineering at some company.
Reposted by Erwan Grelet
Binary Ninja 5.2, Io, is live and it's out of this world! binary.ninja/2025/11/13/b...
With some of our most requested features of all time including bitfield support, containers, hexagon, Ghidra import, and a huge upgrade to TTD capabilities, plus a ton more, make sure to check out the changelog!
With some of our most requested features of all time including bitfield support, containers, hexagon, Ghidra import, and a huge upgrade to TTD capabilities, plus a ton more, make sure to check out the changelog!
November 13, 2025 at 9:16 PM
Binary Ninja 5.2, Io, is live and it's out of this world! binary.ninja/2025/11/13/b...
With some of our most requested features of all time including bitfield support, containers, hexagon, Ghidra import, and a huge upgrade to TTD capabilities, plus a ton more, make sure to check out the changelog!
With some of our most requested features of all time including bitfield support, containers, hexagon, Ghidra import, and a huge upgrade to TTD capabilities, plus a ton more, make sure to check out the changelog!
Reposted by Erwan Grelet
I wanted to understand what information is available in .pdb files, so I made a tool for it 🔎🐛
Welcome DiaSymbolView - a debug symbol hierarchy and properties viewer based on MSDIA: github.com/diversenok/D...
Welcome DiaSymbolView - a debug symbol hierarchy and properties viewer based on MSDIA: github.com/diversenok/D...
November 10, 2025 at 9:04 PM
I wanted to understand what information is available in .pdb files, so I made a tool for it 🔎🐛
Welcome DiaSymbolView - a debug symbol hierarchy and properties viewer based on MSDIA: github.com/diversenok/D...
Welcome DiaSymbolView - a debug symbol hierarchy and properties viewer based on MSDIA: github.com/diversenok/D...
Reposted by Erwan Grelet
New Blog Post: Seth Jenkins broke kASLR by doing … nothing 😩
googleprojectzero.blogspot.com/2025/11/defe...
googleprojectzero.blogspot.com/2025/11/defe...
Defeating KASLR by Doing Nothing at All
Posted by Seth Jenkins, Project Zero Introduction I've recently been researching Pixel kernel exploitation and as part of this research I ...
googleprojectzero.blogspot.com
November 3, 2025 at 6:17 PM
New Blog Post: Seth Jenkins broke kASLR by doing … nothing 😩
googleprojectzero.blogspot.com/2025/11/defe...
googleprojectzero.blogspot.com/2025/11/defe...
Reposted by Erwan Grelet
Thank you for your interest in Decoder Loop & #rustlang reverse engineering training so far!
This Friday, November 7th, join us at Ringzer0 COUNTERMEASURE, in Ottawa, Canada, where @cxiao.net will present the workshop "Reversing a (not-so-) Simple Rust Loader": ringzer0.training/countermeasu...
This Friday, November 7th, join us at Ringzer0 COUNTERMEASURE, in Ottawa, Canada, where @cxiao.net will present the workshop "Reversing a (not-so-) Simple Rust Loader": ringzer0.training/countermeasu...
WORKSHOP: Reversing a (not-so-) Simple Rust Loader // Cindy Xiao
Rust can be challenging for even experienced reverse engineers. We will reverse a simple Rust malware loader found in the wild with obfuscated strings and a decoy payload, making it a good example for...
ringzer0.training
November 3, 2025 at 3:30 PM
Thank you for your interest in Decoder Loop & #rustlang reverse engineering training so far!
This Friday, November 7th, join us at Ringzer0 COUNTERMEASURE, in Ottawa, Canada, where @cxiao.net will present the workshop "Reversing a (not-so-) Simple Rust Loader": ringzer0.training/countermeasu...
This Friday, November 7th, join us at Ringzer0 COUNTERMEASURE, in Ottawa, Canada, where @cxiao.net will present the workshop "Reversing a (not-so-) Simple Rust Loader": ringzer0.training/countermeasu...
Reposted by Erwan Grelet
Must-read for fuzzing folks (read: tooling/algorithms/academia) by Addison Crump
addisoncrump.info/research/wha...
addisoncrump.info/research/wha...
What the hell are we doing? · Addison Crump
Homepage for Addison Crump
addisoncrump.info
October 26, 2025 at 3:16 AM
Must-read for fuzzing folks (read: tooling/algorithms/academia) by Addison Crump
addisoncrump.info/research/wha...
addisoncrump.info/research/wha...
Reposted by Erwan Grelet
Reposted by Erwan Grelet
if u want a high quality curated source of news relevant to defenders, LOOK AT THIS SITE
October 25, 2025 at 5:11 AM
if u want a high quality curated source of news relevant to defenders, LOOK AT THIS SITE
Reposted by Erwan Grelet
Impressive reverse engineering kung fu against widevine L3 by Felipe (x.com/_localo_) ! #hacklu
Cc @mrphrazer.bsky.social
Cc @mrphrazer.bsky.social
October 23, 2025 at 1:01 PM
Impressive reverse engineering kung fu against widevine L3 by Felipe (x.com/_localo_) ! #hacklu
Cc @mrphrazer.bsky.social
Cc @mrphrazer.bsky.social
Reposted by Erwan Grelet
NEW: The U.S. govt accused Peter Williams, ex general manager of hacking tool maker L3Harris Trenchant, of stealing trade secrets and selling them to buyer in Russia.
As we reported earlier, Trenchant investigated a leak of internal tools this year. It's unclear if that investigation is related.
As we reported earlier, Trenchant investigated a leak of internal tools this year. It's unclear if that investigation is related.
U.S. government accuses former L3Harris cyber boss of stealing trade secrets | TechCrunch
The U.S. Department of Justice accused Peter Williams, former general manager of L3Harris’ hacking division Trenchant, of stealing trade secrets and selling them to a buyer in Russia.
techcrunch.com
October 23, 2025 at 3:47 PM
NEW: The U.S. govt accused Peter Williams, ex general manager of hacking tool maker L3Harris Trenchant, of stealing trade secrets and selling them to buyer in Russia.
As we reported earlier, Trenchant investigated a leak of internal tools this year. It's unclear if that investigation is related.
As we reported earlier, Trenchant investigated a leak of internal tools this year. It's unclear if that investigation is related.
Reposted by Erwan Grelet
SCOOP: A man who worked on developing hacking and surveillance tools for defense contractor L3Harris Trenchant was notified by Apple that his iPhone was targeted with mercenary spyware.
The developer believes he was targeted after he was wrongly accused of leaking zero-days developed by Trenchant.
The developer believes he was targeted after he was wrongly accused of leaking zero-days developed by Trenchant.
Exclusive: Apple alerts exploit developer that his iPhone was targeted with government spyware
A developer at Trenchant, a leading Western spyware and zero-day maker, was suspected of leaking company tools and fired. Weeks later, Apple notified him that his personal iPhone was targeted with spy...
techcrunch.com
October 21, 2025 at 2:54 PM
SCOOP: A man who worked on developing hacking and surveillance tools for defense contractor L3Harris Trenchant was notified by Apple that his iPhone was targeted with mercenary spyware.
The developer believes he was targeted after he was wrongly accused of leaking zero-days developed by Trenchant.
The developer believes he was targeted after he was wrongly accused of leaking zero-days developed by Trenchant.
Reposted by Erwan Grelet
I held a talk about reverse engineering and bypassing Denuvo in Hogwarts Legacy at Navaja Negra
The recording and the slides are now online :D
momo5502.com/posts/2025-1...
The recording and the slides are now online :D
momo5502.com/posts/2025-1...
Reverse Engineering Denuvo in Hogwarts Legacy
Talk at Navaja Negra 2025 This technical presentation explores the inner workings of Denuvo Anti-Tamper, one of the gaming industry’s most widely deployed DRM solutions. Through detailed reverse engin...
momo5502.com
October 11, 2025 at 10:17 AM
I held a talk about reverse engineering and bypassing Denuvo in Hogwarts Legacy at Navaja Negra
The recording and the slides are now online :D
momo5502.com/posts/2025-1...
The recording and the slides are now online :D
momo5502.com/posts/2025-1...
Reposted by Erwan Grelet
October 18, 2025 at 6:46 PM
Reposted by Erwan Grelet
🦀 I am starting a training firm, @decoderloop.com, focused on providing Rust Reverse Engineering training! decoderloop.com
We hope to come to a conference near you next year. Stay notified on training dates: Follow us at @decoderloop.com, or join our mailing list: decoderloop.com/contact/#tra...
We hope to come to a conference near you next year. Stay notified on training dates: Follow us at @decoderloop.com, or join our mailing list: decoderloop.com/contact/#tra...
Decoder Loop | Reverse Engineering Training
Decoder Loop | Reverse Engineering Training
decoderloop.com
October 17, 2025 at 2:09 PM
🦀 I am starting a training firm, @decoderloop.com, focused on providing Rust Reverse Engineering training! decoderloop.com
We hope to come to a conference near you next year. Stay notified on training dates: Follow us at @decoderloop.com, or join our mailing list: decoderloop.com/contact/#tra...
We hope to come to a conference near you next year. Stay notified on training dates: Follow us at @decoderloop.com, or join our mailing list: decoderloop.com/contact/#tra...
Reposted by Erwan Grelet
The recording of our (CC @nicolo.dev ) talk "Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications" at @reconmtl.bsky.social is now online!
Recording: www.youtube.com/watch?v=QxSG...
Slides: synthesis.to/presentation...
#BinaryNinja Plugin: github.com/mrphrazer/ob...
Recording: www.youtube.com/watch?v=QxSG...
Slides: synthesis.to/presentation...
#BinaryNinja Plugin: github.com/mrphrazer/ob...
Recon 2025 - Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications
YouTube video by Recon Conference
www.youtube.com
October 15, 2025 at 10:56 PM
The recording of our (CC @nicolo.dev ) talk "Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications" at @reconmtl.bsky.social is now online!
Recording: www.youtube.com/watch?v=QxSG...
Slides: synthesis.to/presentation...
#BinaryNinja Plugin: github.com/mrphrazer/ob...
Recording: www.youtube.com/watch?v=QxSG...
Slides: synthesis.to/presentation...
#BinaryNinja Plugin: github.com/mrphrazer/ob...
Reposted by Erwan Grelet
The new version of my #BinaryNinja plugin Obfuscation Analysis (v1.2) adds recursive function inlining in the decompiler.
It collapses call-heavy code into a single function; analysis, constant propagation, DCE and other analyses work across boundaries.
github.com/mrphrazer/ob...
It collapses call-heavy code into a single function; analysis, constant propagation, DCE and other analyses work across boundaries.
github.com/mrphrazer/ob...
October 11, 2025 at 3:27 PM
The new version of my #BinaryNinja plugin Obfuscation Analysis (v1.2) adds recursive function inlining in the decompiler.
It collapses call-heavy code into a single function; analysis, constant propagation, DCE and other analyses work across boundaries.
github.com/mrphrazer/ob...
It collapses call-heavy code into a single function; analysis, constant propagation, DCE and other analyses work across boundaries.
github.com/mrphrazer/ob...
Reposted by Erwan Grelet
RE//verse 2026 CFP is open! Got research? Prove it: sessionize.com/reverse-2026
October 9, 2025 at 5:05 PM
RE//verse 2026 CFP is open! Got research? Prove it: sessionize.com/reverse-2026
Reposted by Erwan Grelet
It turns out this analysis was incorrect, and someone pointed it out to me. I've redone the analysis, and it's now much improved. For Part 2, where I cover the true cause of the crash, please take a look here: medium.com/@Debugger/un...
October 8, 2025 at 1:27 AM
It turns out this analysis was incorrect, and someone pointed it out to me. I've redone the analysis, and it's now much improved. For Part 2, where I cover the true cause of the crash, please take a look here: medium.com/@Debugger/un...
Reposted by Erwan Grelet
Close your eyes and ✨imagine:
From a low-integrity process (from LPAC even), you can inject your data anywhere you want:
privileged tasks, PPL/protected processes, the OS kernel itself, and VTL1 trustlets.
Now open your eyes. It is not hypothetical.
It is the reality. Read it on page 33.
From a low-integrity process (from LPAC even), you can inject your data anywhere you want:
privileged tasks, PPL/protected processes, the OS kernel itself, and VTL1 trustlets.
Now open your eyes. It is not hypothetical.
It is the reality. Read it on page 33.
pagedout.institute ← we've just released Paged Out! zine Issue #7
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!
Please please please share to spread the news - thank you!
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!
Please please please share to spread the news - thank you!
October 5, 2025 at 12:14 AM
Close your eyes and ✨imagine:
From a low-integrity process (from LPAC even), you can inject your data anywhere you want:
privileged tasks, PPL/protected processes, the OS kernel itself, and VTL1 trustlets.
Now open your eyes. It is not hypothetical.
It is the reality. Read it on page 33.
From a low-integrity process (from LPAC even), you can inject your data anywhere you want:
privileged tasks, PPL/protected processes, the OS kernel itself, and VTL1 trustlets.
Now open your eyes. It is not hypothetical.
It is the reality. Read it on page 33.
Reposted by Erwan Grelet
#FTSCon Speaker Spotlight: Aleksandra Doniec (@hasherezade.bsky.social) is presenting “Uncovering Malware's Secrets with TinyTracer” in the MAKER track.
See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...
See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...
September 18, 2025 at 6:10 PM
#FTSCon Speaker Spotlight: Aleksandra Doniec (@hasherezade.bsky.social) is presenting “Uncovering Malware's Secrets with TinyTracer” in the MAKER track.
See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...
See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...
Reposted by Erwan Grelet
We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/ge...
signal.org
October 3, 2025 at 4:14 PM
We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/ge...
Reposted by Erwan Grelet
Brand new paper with Roxane Cohen, Robin David (both from @quarkslab.bsky.social ) and Florian Yger on obfuscation detection in binary code doi.org/10.1007/s411... We show that carefully selected features can be leveraged by graph neural networks to outperform classical solutions.
Identifying obfuscated code through graph-based semantic analysis of binary code - Applied Network Science
Protecting sensitive program content is a critical concern in various situations, ranging from legitimate use cases to unethical contexts. Obfuscation is one of the most used techniques to ensure such a protection. Consequently, attackers must first detect and characterize obfuscation before launching any attack against it. This paper investigates the problem of function-level obfuscation detection using graph-based approaches, comparing algorithms, from classical baselines to advanced techniques like Graph Neural Networks (GNN), on different feature choices. We consider various obfuscation types and obfuscators, resulting in two complex datasets. Our findings demonstrate that GNNs need meaningful features that capture aspects of function semantics to outperform baselines. Our approach shows satisfactory results, especially in a challenging 11-class classification task and in two practical binary analysis examples. It highlights how much obfuscation and optimization are intertwined in binary code and that a better comprehension of these two principles are fundamental in order to obtain better detection results.
doi.org
September 30, 2025 at 5:03 PM
Brand new paper with Roxane Cohen, Robin David (both from @quarkslab.bsky.social ) and Florian Yger on obfuscation detection in binary code doi.org/10.1007/s411... We show that carefully selected features can be leveraged by graph neural networks to outperform classical solutions.
Reposted by Erwan Grelet
lmao, apparently this guy managed to give two different talks at two of the the biggest hacking conferences using AI generated slop that doesn't even make any sense. Welcome to infosec in 2025.
Looks like some Linux eBPF vulnerabilities presented at this year's Black Hat are made-up AI slop
www.openwall.com/lists/oss-se...
www.openwall.com/lists/oss-se...
September 30, 2025 at 6:29 PM
lmao, apparently this guy managed to give two different talks at two of the the biggest hacking conferences using AI generated slop that doesn't even make any sense. Welcome to infosec in 2025.
Reposted by Erwan Grelet
Here are my RomHack slides about low-privileged attack vectors against PsSetLoadImageNotifyRoutine and drivers that rely on it. Enjoy!
diversenok.github.io/slides/RomHa...
diversenok.github.io/slides/RomHa...
September 29, 2025 at 11:29 PM
Here are my RomHack slides about low-privileged attack vectors against PsSetLoadImageNotifyRoutine and drivers that rely on it. Enjoy!
diversenok.github.io/slides/RomHa...
diversenok.github.io/slides/RomHa...
Reposted by Erwan Grelet
Super cool potential ASLR leak involving dictionary hashes! googleprojectzero.blogspot.com/2025/09/poin...
Pointer leaks through pointer-keyed data structures
Posted by Jann Horn, Google Project Zero Introduction Some time in 2024, during a Project Zero team discussion, we were talking about how...
googleprojectzero.blogspot.com
September 26, 2025 at 5:07 PM
Super cool potential ASLR leak involving dictionary hashes! googleprojectzero.blogspot.com/2025/09/poin...
Reposted by Erwan Grelet
GUIFuzz++ is the first general-purpose fuzzer for desktop GUI software! Fuzzing by translating AFL++ random input into user interaction with GUIs, leading to the discovery of 23 new bugs!
Paper: futures.cs.utah.edu/papers/25ASE.pdf
Source: github.com/FuturesLab/GUIFuzzPlusPlus
Go test some GUIs!
Paper: futures.cs.utah.edu/papers/25ASE.pdf
Source: github.com/FuturesLab/GUIFuzzPlusPlus
Go test some GUIs!
September 24, 2025 at 8:52 PM
GUIFuzz++ is the first general-purpose fuzzer for desktop GUI software! Fuzzing by translating AFL++ random input into user interaction with GUIs, leading to the discovery of 23 new bugs!
Paper: futures.cs.utah.edu/papers/25ASE.pdf
Source: github.com/FuturesLab/GUIFuzzPlusPlus
Go test some GUIs!
Paper: futures.cs.utah.edu/papers/25ASE.pdf
Source: github.com/FuturesLab/GUIFuzzPlusPlus
Go test some GUIs!