Leveraging LLMs for malware analysis - CFF deobfuscation
Motivated by this paper on Control Flow Flattening (CFF) deobfuscation via LLM, I decided to explore the topic with current frontier models. The paper does n...
Malware
research
&
reverse
engineering
Posts
Configuration extraction in Mirai samples
Over the years all the public Mirai configuration extractors that I have come across either: Rely on bruteforcing the encryption key and apply the guessed...
Decompiled code matching via AST features
This article is about a particular function matching technique implemented in diaphora and how it was ported to r2diaphora.
r2pipe optimization tips
Some quick tips on using radare2 from r2pipe python scripts to increase analysis performance.