Security through explanation
For the 2026 edition of Botconf, and the 13th edition overall, we found ourselves in Reims. From the 14th through the 17th of April, nearly 400 attendees gathered in what has become a yearly pilgrimage for many. As with the previous editions, the food, atmosphere, and talks were well worth a visit. This year, I … Read more
Yaraify is one of the many services Abuse.ch freely provides to the public. It exposes quite some API endpoints that contain useful information. Before open-sourcing this API client, there was no publicly supported Java library. The code can be found on Github. The new version has no change in its features, as only the dependencies … Read more
The main page for this API client can be found here. One can find the library’s code here. This release contains minor updates and bug fixes. Support for the Recorded Future US sandbox endpoint Fixed searching by encoding the pipe in the URL parameter Upload a list of files (as a List) Upload all files … Read more
The API client’s main page, which contains the installation instructions and a brief rationale, can be found here. Malware Bazaar is one of the many services Abuse.ch freely provides to the public. It exposes quite some API endpoints that contain useful information. This version contains updated dependencies, as can be seen in the Git Diff, … Read more
The main page for this API client can be found here. MalShare is a free initiative for researchers to share malware samples for research purposes, which can be accessed via the website and via the API. The code can be found on Github. The new version has no change in its features, as only the … Read more
The main page for this API client can be found here. ThreatFox is one of Abuse.ch‘s services. This specific services is used to share indicators of compromise (IOCs). The release notes for this version are rather brief: all API endpoints provided by ThreatFox are supported in the Java library, along with convenience method wrappers and … Read more
This year, BlackHat USA was held on the 6th and 7th of August 2025, directly followed by DEFCON from the 8th through the 10th of August. On the morning of Saturday the 9th, I gave my DEFCON workshop. I represented Trellix during the conferences. Unlike other years, I did not talk at the BlackHat (Arsenal), … Read more
This year was Botconf’s 12th edition, located in Angers, where I gave a four hour workshop diving into Ghidra. Some of talks were rated as TLP:GREEN or higher, this decreases the details which I can include in the blog, as well as the information on the given talks. The listed talks are covered in chronological … Read more
This article is based on the public release of Ghidra 11.2. Documentation in code is great to have, although it is not as great a task to write it. When reverse engineering a binary with Ghidra, comments are your documentation. You might write down some notes for your future self, or for your colleagues or … Read more
On the 28th of February and the 1st of March, the folks behind Binary Ninja (Vector35) organised RE//VERSE in Orlando, Florida. While this was the conference’s first edition, this wasn’t noticeable at all, as the conference was exceptionally well organised. The communication from the speaker desk was swift and clear, even with the six hour … Read more