Toshinori Usui; Talk
Over the past eight years we have systematically reverse-engineered nearly ten interpreter and VM binaries, including Lua, Python, Ruby, PHP, VBScript, JScript, PowerShell, and V8, to extract their internal structures and automate that extraction at scale. This talk presents 11 concrete analysis techniques, organized around 6 foundational binary analysis approaches, for recovering interpreter internals from stripped binaries. The techniques include multiple detection logics for VM component recovery that identify their exact locations in memory, and a progressive deduction algorithm for ISA recovery that iteratively eliminates opcode ambiguity across hundreds of test traces. Together they power STAGER, our automated dynamic analysis system built on top of Intel Pin. STAGER completes a full analysis of one interpreter in at most a couple of hours, which is an order-of-magnitude improvement over manual reverse engineering that typically takes days to weeks, and keeps pace with the frequent version updates of real-world interpreter binaries. We will release STAGER as open-source at the conference.
The security payoff is direct. We use STAGER output to build script-level API tracers, which hook the interpreter's own built-in API functions (e.g., eval), enabling behavioral monitoring across diverse interpreter targets. We further leverage branch VM instruction identification and conditional flag detection to build a multi-path explorer, and use recovered ISA mappings to perform dynamic bytecode instrumentation; together these enable fine-grained analysis of evasive script malware that actively resists conventional debugging. We also combine STAGER output with fuzzing harnesses for vulnerability discovery in interpreter runtimes, and demonstrate bytecode-based process injection techniques for red team operations that bypass diverse security mechanisms. These applications are grounded in real targets and will be shown in a live demo.
Beyond the techniques themselves, we share hard-won lessons from nearly ten real-world targets: how compiler register allocation breaks memory-based variable tracking and how to compensate with register-level static analysis, how to handle interpreters layered atop other interpreters (e.g., PowerShell on .NET CLR) where execution traces interleave two VM layers, and how to suppress or work around JIT compilation interference, including the aggressive JIT behavior seen in V8. Accuracy results across all targets, including honest failure cases where our approach hits fundamental limitations, are presented per technique.
Three concrete takeaways for attendees:
1. A working mental model of interpreter internals as attack and analysis surface, grounded in nearly ten real-world targets.
2. The 11-technique framework, including VM component localization logics and a progressive ISA deduction algorithm, directly applicable to diverse interpreter binaries.
3. STAGER (open-source release) and the methods to adapt it to new interpreter targets.
Florian Magin; Workshop (2hrs)
A binary in a new language that suspiciously looks like it's designed to foil your static analysis tools:
A new string format that breaks references and readability, virtual dispatch that masks which function is called where
and a reference counting garbage collector so you can't even tell which object ends up where.
Participants will learn how to leverage Ghidra and P-Code to tackle the challenges that pop up when analyzing compiled high level languages.
The focus will be on the iterative workflow of assisting the decompiler: Understanding why it fails,
assisting it with a custom analysis script that uses the P-Code emitted by the decompiler,
and feeding the resulting information back to Ghidra and the decompiler via the right APIs,
so that the decompiler can continue doing the heavy lifting, and provides better P-Code to tackle the next challenge.
By the end, participants will have a transferable toolbox for adapting Ghidra's decompiler to unfamiliar language runtimes by identifying runtime
patterns, writing P-Code-driven analysis scripts or to feeding recovered types and dispatch targets back to the decompiler.
John McIntosh; Workshop (3hrs)
Agent Skills are now an open format and the latest evolution in agentic workflows, enabling coding agents to execute multi‑step reverse‑engineering tasks with high accuracy and minimal prompting. This workshop teaches participants to design, build, and iterate custom Skills using coding agents such as Claude Code, OpenCode, and Mistral Vibe. Through guided exercises, attendees will build a multi‑platform driver‑analysis Skill that automates IOCTL mapping, platform‑specific dispatch analysis, code‑flow analysis, and workflow capture across Windows, macOS, and Linux. The workshop blends conceptual foundations with extensive hands‑on practice, ensuring participants leave with both the understanding and practical experience needed to implement agentic RE Skills in their own workflows.
Sina Kheirkhah (@SinSinology); Workshop (3hrs)
Solarwinds, Microsoft Sharepoint, Microsoft Exchange, Veeam, Veritas, any many more...
All of these products are written in .NET
If you'd like to learn how to reverse engineer, find vulnerabilities and exploit .NET targets
this workshp will teach you the basics
Stefan Esser; Talk
Apple’s platform security story is shifting. Security critical functionality is increasingly moving out of the traditional XNU kernel into the guarded world, an Apple Silicon proprietary secure execution mode. Initially used for the Secure Page Table Monitor (SPTM) and the Trusted Execution Monitor (TXM), it now also hosts a separate CL4 microkernel, the Secure Kernel, which runs Exclaves. Exclaves are isolated components that XNU can communicate with through defined interfaces.
This talk is a deep technical tour of the Secure Kernel and the Exclave ecosystem as it exists on modern iOS and macOS. We will build a clear mental model of component roles, privilege separation, IPC patterns, shared memory data flows, and the choke points where validation and policy decisions occur. From there, we will show how to identify endpoints, recover message formats, map memory and permissions, and instrument execution so you can turn black box components into something you can actually audit.
The goal is to leave attendees with concrete strategies for finding vulnerabilities and mitigation bypass opportunities in this new Apple security perimeter.
Grégoire Menguy; Short Talk
Reverse engineering is fun and profitable, but can become tedious when the code is obfuscated, especially if done by hand. Under strong obfuscation, even automated analyses based on taint or symbolic reasoning fail, becoming quickly too imprecise. Fortunately, a new hope arises with black-box deobfuscation. This is an emerging paradigm for automated deobfuscation that leverages program synthesis to simplify local, highly obfuscated code snippets. Black-box deobfuscation is especially promising because it is not affected by the syntactic complexity introduced by obfuscation. Hence, it scales to strong obfuscation, where taint or symbolic reasoning would typically fail. The Xyntia framework is the state-of-the-art of black-box deobfuscation. It is backed by recent publications in international academic conferences (ACM CCS 2021 & 2025). This presentation will provide an overview of its internals and describe practical examples of successful deobfuscation with Xyntia. In particular, we will show how Xyntia can be used to deobfuscate virtual machine handlers or MBA expressions found in real code (e.g., Snapchat).
Mathieu Farrell; Talk
This talk presents a practical end-to-end attack chain against modern fiber access networks. By chaining multiple pre-authentication Remote Code Execution vulnerabilities, an attacker can compromise a GPON Optical Line Terminal and then pivot to the ISP’s cloud-based management platform. This escalation enables centralized and persistent control over all deployed OLTs. Such an attack can lead to large-scale service disruption, long-term unauthorized network access, customer traffic interception, and mass surveillance. The scenario mirrors real-world incidents involving nation-state actors targeting telecommunications providers. Technical details are being responsibly disclosed to the vendor and will be fully revealed at the conference, along with a demonstration video.
Alejandro Pinna, Angelo Frasca Caccia; Talk
We leveraged a novel code injection to a PPL process we call ‘Bring Your Own Vulnerable WerFaultSecure’ and then abuse Microsoft System Guard for privileged primitives in the kernel. We’ll explain how to make WerFaultSecure run arbitrary code and the vulnerabilities we found in a Microsoft driver.
Mathilde Venault; Talk
What if we told you there's a Windows feature that's been quietly sitting in plain sight for decades, just waiting to be weaponized in a way for which no one thought to look? Meet ClickOnce: Microsoft's well-intentioned deployment technology that lets users run, install, and automatically update applications with minimal interaction and zero admin privileges. While this feature has been simplifying software deployment for decades now, it turns out its convenience comes with some unexpected baggage.
Deep diving into this overlooked technology, we reverse engineered the ClickOnce deployment stack from the ground up, documenting for the first time how its components actually work behind the scenes. Through this process, we uncovered a new abuse of the ClickOnce technology that allows an unprivileged user to establish fileless persistence on the system. By repurposing some old tricks, threat actors can abuse an attack surface exposed by the ClickOnce components to execute their payload every time a user interacts with a ClickOnce application. No elevated privileges needed, no suspicious files left behind, and as a bonus, the malicious payload runs under a native Windows process!
In this talk, we'll demystify the ClickOnce technology by exploring its deployment scenarios and documenting how it works behind the scene. We'll walk through the journey that led to our new discovery, demonstrate the technique live, and wrap up with practical detection strategies to protect against these techniques. By the end, you'll understand how sometimes the most unexpected threats come gift-wrapped in Microsoft's most helpful features.
Joshua Reynolds; Workshop (3hrs)
One of the first steps taken during the reverse engineering process is to recover as much context as possible from a given binary, including symbols, function signatures, classes and structures associated with statically linked code. This is especially important for modern compilers and linkers that embed a plethora of boilerplate that you don't want to spend time reverse engineering. Throughout this workshop we will explore recovering this information using multiple open source tools in Binary Ninja. Our target will be a real-world malware sample written in C++ that is used to terminate EDR and antivirus technologies. The sample contains multiple components, including user-mode and kernel-mode binaries that require symbol and type information recovery for accurate analysis.
Nicolò Altamura, Tim Blazytko; Short Talk
Agentic workflows are rapidly changing how we reverse engineer binaries. Large language models are no longer limited to explaining decompiler output or writing small helper scripts; when paired with real tooling, they can drive analysis, orchestrate workflows, and connect multiple analysis layers faster and at a larger scale than a human analyst alone. In this talk, we explore what this shift means for code deobfuscation, from deflattening, opaque-predicate removal, and string recovery to interprocedural and whole-program deobfuscation. We argue that the key advance is not that models suddenly understand obfuscated code perfectly, but that they can now coordinate the broader workflow around deobfuscation. We conclude by examining what kinds of obfuscation may remain resilient in the face of increasingly agentic reverse engineering.
Lennert Wouters, Joe Grand; Talk
The STM32 family of microcontrollers is deployed in billions of embedded systems, making them desirable, high-value targets. In particular, the STM32F2 and STM32F4 series have been heavily scrutinized due to their use in popular cryptocurrency hardware wallets like the KeepKey, Trezor One, and Trezor Model T. Previous research has shown that fault injection can bypass protection mechanisms and enable flash memory extraction. However, those techniques can lead to device corruption or permanent loss of data.
In this talk, Joe and Lennert present three years of work refining and extending these attacks into a more repeatable and reliable process for extracting protected flash memory from STM32F2 and STM32F4 devices. They will discuss the practical engineering behind the work, including failures, breakthroughs, and new attack strategies. Using these techniques, they have recovered the cryptocurrency recovery seeds from dozens of customer-owned hardware wallets with a 100% success rate.
Tim Noise, bryce case, jr./ytcracker; Talk
Amazon Element55 unpacks CVE-2025-24857, a severe flaw they discovered in U-Boot’s FAT filesystem support that exposes unauthorized code execution. This talk will elucidate the requisite lore of our research and methodology, how Amazon responded internally, and the coordinated disclosure process.
Florent TARDIF; Talk
How safe is the data on your phone? On modern Android phones, all OS data except a minimal boot image is encrypted on the flash memory in a way that is device-bound, so that if we take out the flash and dump it we get nothing of interest. But encrypted with what?
This talk presents our research on cold-storage security on Android against an attacker with physical access. In the process, we uncovered a decade-old vulnerability on Mediatek-based Android phones (CVE-2026-20435), which allows us to recover the PIN and all user data (including Keystore content) from the flash memory of a switched-off phone. Depending on the models, it only takes a USB access and a few minutes, which we will demonstrate during the talk.
Iceman, Kirils Solovjovs; Talk
When reverse engineering the proprietary DUOX PLUS intercom system dubbed the ‘most secure in world’ by Fermax, previously Kirils & friends focused on its digital 2-wire signalling and employed such tools like oscilloscopes, logic analyzers and breadboards.
While these attacks are important as they shine light on the internal workings on the system, their application in the field is limited as one would need to acquire access to the 2-wire bus, which is only possible from the inside of the building.
Then we noticed something that was right in front of our eyes - access control panels! These things are out there just on the perimeter! And, when installed on multi-tenant buildings, they have RFID reader modules installed. Fermax offers modules doing EM4100, MIFARE Classic, and MIFARE Desfire.
In this talk we give an overview of previous research and expand on it by exploring the possibilities of entering the perimeter by attacking the RFID dimension of these systems, and exploring card cloning, implanting, and cryptographic attacks together with Iceman.
Attendees will gain insight into decoding and interacting with closed digital protocols, exposing vulnerabilities in real-world access control systems. They also get practically applying RFID attacks to real world systems in use right now.
Holger Unterbrink; Talk
Endpoint Detection and Response (EDR) solutions are widely considered a cornerstone of modern enterprise defense. However, recent malware campaigns show adversaries increasingly focus on actively disabling security controls. Disabling EDR systems is not a trivial task, as adversaries must bypass and evade multiple detection and protection layers before they can successfully neutralize them.
This talk examines a recent intrusion chain associated with the Qilin ransomware ecosystem, where a dedicated EDR killer is deployed early in the attack lifecycle. The analyzed malware is able to identify and disable hundreds of EDR drivers from multiple vendors, effectively removing visibility and response capabilities from the target environment. The initial execution relies on DLL sideloading of a trojanized msimg32.dll, which acts as a PE loader for the EDR killer payload. The execution flow is deliberately convoluted using SEH/VEH-based control flow manipulation, effectively breaking linear disassembly and complicating static analysis. The sample further minimizes its user-mode footprint by dynamically resolving APIs and selectively switching to direct and indirect syscalls to evade userland hooks commonly used by EDR solutions. In parallel, it tampers with ETW providers to degrade telemetry visibility.
Attendees will gain a deep understanding of how modern EDR killers are engineered, including their use of undocumented APIs, kernel object manipulation, and advanced obfuscation strategies. The talk will bridge low-level reverse engineering insights with practical detection opportunities, highlighting weaknesses in current defensive models and offering concrete ideas for improving resilience against malware that targets the defenders themselves. The race is on.
Philippe Laulheret; Short Talk
What's a Claude? Why are we re-inventing IPCs? What's the difference between GPT-5.2 and 5.3? All great questions we will NOT answer in this presentation. Instead we will focus on how we can use AI to handle the annoying tasks while saving our time for the fun work. We'll see how we can identify binaries of interest and spicy code, create a VR harness in the age of MCP servers to automate report generation and the associated collection of necessary artifacts, and more. All-in-all, a pragmatic approach to using AI to enhance our reversing capabilities instead of deskilling ourselves.
Erik Egsgard; Short Talk
The Local Security Authority Subsystem Service (LSASS) sits at the core of Windows security, handling critical functions like authentication, credential management, and security policy enforcement. Despite the sensitive nature of the data it guards, the LSASS exposes a surprisingly wide attack surface through various legacy and modern interfaces. This talk presents the results of a comprehensive research campaign targeting three distinct vectors against this "Iron Giant".
Marion Marschalek; Workshop (2hrs)
Curious about expanding your reverse engineering skills to another architecture? Lets go learn MIPS! Both x86-64 and ARM reverse engineering knowledge transfer really well to MIPS, and with some basics and an instruction cheat sheet we're on our way in no time. We'll analyze AcidRain, a piece of MIPS-32 malware, a Russian wiper malware none the less. The sample is stripped, and we'll learn how to quickly recover essential libc functions, to then reconstruct the malware's code flow.
Mark Lim; Workshop (3hrs)
Standard sandboxes and automated scanners fall short when faced with the modern state of Guloader. Its reliance on Vectored Exception Handling (VEH) to redirect control flow through intentional exceptions creates a "black box" for traditional debuggers and linear disassemblers. This 3 hour workshop bypasses the basics and dives straight into the heavy lifting of modern malware deobfuscation.
We will perform a deep-dive dissection of a multi-stage infection chain, moving rapidly through PowerShell loaders into the core of the matter: multi-layered shellcode. Participants will reverse-engineer the "exception soup" of Guloader, mapping out how it uses various CPU instructions and a custom handler to mask its code flow.
The highlight of the session is a transition from manual analysis to programmatic automation. We will leverage the Unicorn emulator framework to build a custom configuration extractor capable of reconstructing non-contiguous encrypted payloads that stay hidden from static analysis.
Nicole Fishbein; Short Talk
Most threat intelligence treats Russia as a source of attacks. This talk examines Russia as a target. Paper Werewolf (aka GOFFEE) is a cyberespionage group with a sustained focus on Russian defense-industry and government organizations, and despite the group's activity level, it still flies under the radar. This talk presents a full technical teardown of a recent campaign, from the initial delivery mechanism to the implant, the exploitation chain, and the infrastructure that ties it to prior Paper Werewolf operations.
The loading mechanism is an XLL add-in, a delivery format that is not new but is rarely dissected in public research. We walk through the loader's DLL export structure, its time-delay sandbox evasion logic, and the unpacking chain leading to EchoGather, a backdoor we uncovered. We reverse EchoGather's XOR-encrypted string handling, C2 protocol, and command handler architecture. A parallel delivery chain exploits CVE-2025-8088, a WinRAR path traversal bug that abuses NTFS alternate data streams to silently drop a persistence script into the Windows Startup folder.
Beyond the binaries, the campaign has two details worth examining in their own right. The decoy documents impersonating the Russian Ministry of Industry and Trade contain clear AI-generated artifacts, offering a fingerprinting angle on how threat actors are incorporating generative AI into their operations. And to accelerate our own infrastructure analysis, we built a lightweight script on top of the Validin API using Claude Code, turning a manual correlation process into a systematic one. We will share the script, the methodology, and previously undisclosed indicators discovered after our public blog post.
Hugo; Talk
Prism is Microsoft's binary translator on Windows on ARM, JIT-compiling x86 and x64 to ARM64 at runtime. Five binaries, ~11K functions, no symbols. We reversed the full JIT pipeline, the CHPE/ARM64X hybrid loading mechanism, and the undocumented .jc translation cache format. Along the way we found that the x64se variant runs CRC32C integrity verification on translated code while x86 does not. The cache has no integrity checks on x86 translations: four structural checks, then arbitrary ARM64 executes verbatim. We release prism-cache-parser and demonstrate cache poisoning on Snapdragon X: drop a crafted .jc file, hijack translations for any DLL, survive reboots, invisible to every default detection layer.
Todd Manning; Talk
The proliferation of AI agents is quickly becoming one of the foremost concerns of security teams. Engineering teams are clamoring for the increase in velocity afforded by AI coding agents. Non-technical teams have noticed, and employees of all job types are asking for agentic AI tools to facilitate their work. Security teams need to have a clear understanding of how these tools operate, what their security features are, and where the security failures lie. Armed with this knowledge, security teams can enable these new agentic work paradigms while protecting all the things.
This talk presents the complete reverse engineering of Anthropic's Claude Code, Claude Desktop, and Claude Cowork. The recent release of Claude Cowork provides the LLM agent with extraordinary host privileges -- spawning VMs, mounting host directories, taking screenshots, typing into terminals, automating browsers and applications -- all decided by a language model one prompt injection away from hostile intent. We take a look at the two personalities of Claude Cowork. One component of Cowork is Claude Code, running inside a Linux VM using multiple isolation strategies to constrain LLM agent access to user resources, and another is Claude with agentic access to dive the desktop user interface, with capabilities for reading and interacting with anything on the screen.
In this talk, we also present the power of agent-assisted research and development for not only understanding the features and attack surface of these Claude agents, but we demonstrate newly-discovered vulnerabilities in components of Claude. We also identify attack surfaces that in some cases are obvious to see, and other attack surfaces that are completely surprising to discover.
We investigate binaries spanning multiple languages, including Swift, Rust, Go; two JavaScript runtimes; recovering the complete VM hardware configuration from decompiled Swift; the full vsock RPC protocol from a stripped Go guest agent; examine Claude's cloud based and local configuration systems; perform analyses of the Linux VM container isolation strategies; and uncover a hidden BLE hardware companion protocol that provides auto-approve capabilities (effectively 'dangerous permission mode') for every tool request the model makes. We present confirmed vulnerabilities in multiple subsystems.
Finally, we draw some conclusions about the security architecture of Claude Desktop as a whole, identifying some glaring gaps in which threats the architecture prioritizes, and which seem to have been woefully ignored. We investigate strategies for improving isolation of the agent, and consider where these might fall short.
Nick Anderson, Roy Tu, Roy Tu; Workshop (3hrs)
As malware authors shift tactics, they increasingly hide malicious functionality within popular mobile application frameworks, allowing them to evade static and dynamic analysis. This workshop will introduce participants to some of the more popular frameworks used in App development as well as techniques leveraging open source tools to approach reverse engineering said mobile applications for malware analysis and defensive threat intelligence.
The workshop will comprise two sections, one for Flutter and Unity. Both will begin with a quick foundational overview of the respective framework, including the basics on the Dart and Unity programming languages as well as a high-level overview of the Dart VM, its compilation models, and the resulting "snapshot" artifacts that analysts encounter. We then explain how both frameworks present unique obstacles for reverse engineering and walk through different techniques and tools (Il2CPPDumper and Blutter) used to produce higher-level code, as well as their shortcomings and limitations.
Students attending will get hands-on practice reversing In-the-Wild Android malware built with each respective framework, and be exposed to more advanced anti-analysis techniques employed by framework malware to impede dynamic analysis.
Olivier THOMAS - Texplained; Talk
From quite manual to semi-automated, these are targeting the conversion of pictures into a proper binary that can then be analyzed using the usual tools.
One issue that is reportedly described is the presence of scrambling within the memory array making converting the pictures to something sensical a task involving trial and errors that can lead in the worst case scenario to a project halt if the scrambling scheme is not trivial.
Furthermore, when encryption is used, there is no obvious option to try solving it. This is generally where fully invasive techniques become the method of choice, involving a much more equipped lab with an FIB and micro-probing station but also the need to analyze digital circuit and to potentially bypass counter-measures such as security shields for example.
This lecture aims at showing that ROM dumps including descrambling and decryption can be done using a fully analytical methods where pictures of all of the layers of the memory including control circuitry, row and column decoders can be converted into a HDL langage which make it possible to simulate the memory to retrieve its content independent of internal scrambling schemes. By extension, the description will be pushed to decryption circuitry which is another bloc of logic that can be modeled and simulated accurately.
The lecture will include demonstrations of the method using simple to professional setups so as to clearly outline their benefits and limitations.
Elias Bachaalany; Talk
"Vibe coding" lets developers build software by describing intent to an AI agent. Can the same approach work for reverse engineering - where the analyst describes what they want to understand and the agent drives the tools?
Three tools - idasql (IDA Pro), ghidrasql (Ghidra), and bnsql (Binary Ninja) - expose the internals of each platform as live SQL virtual tables: functions, cross-references, strings, types, disassembly, and decompilation, all queryable and writable through standard SQL. The same query runs against all three tools. Because SQL is the one query language every LLM already speaks fluently, these tools turn any AI coding agent into a reverse engineering partner - no scripting, no plugins, no tool-specific API knowledge required.
We will demonstrate live "vibe reversing" sessions: an analyst converses naturally with an AI agent that autonomously issues SQL queries, decompiles
functions, annotates variables, recovers types, and cross-references findings across multiple binaries and multiple RE tools simultaneously. We will show side-by-side analysis of the same binary in IDA, Ghidra, and Binary Ninja, driven entirely through natural language, and transfer annotations between them.
Andy, William Janelle; Talk
Have you ever wanted to just run that damn code you are looking at in IDA Pro? You are not alone. Even assuming you can find a working emulator for the required processor, execution requires setting up enough of a complete initial runtime environment and that is by no means easy. There are many puzzle pieces to assemble and put in the right places including register and memory contents, operating system information, libraries, and peripheral models. SmallWorld is designed to make all of that easy, in addition to supporting popular dynamic analysis platforms like Unicorn, angr and others for dynamic analysis. You can even readily move machine state between such platforms. In short, SmallWorld makes code harnessing and dynamic analysis fast and easy. We will explain all of this in detail and present three demonstrations of common but juicy use cases.