Lmst

New chapter: I've transitioned to a part-time Chief Scientist role at Emproof.

I’m shifting my focus to my independent work in reverse engineering:

trainings • consulting • tooling • research

Details: https://synthesis.to

Happy to bring my Software Deobfuscation Techniques training back to @recon - June 15–18, 2026 in Montreal!

Learn systematic approaches to defeating modern obfuscation found in DRM/anti-tamper & APT malware.

https://recon.cx/2026/en/trainingSoftwareDeobfuscationTechniques.html

#reverseengineering #malware

Happy to share that later today (Friday, Nov 14, at 10:00 PM CET / 16:00 ET), I’ll be live on the #BinaryNinja livestream to talk about (anti-)reverse engineering & code (de)obfuscation. I'll also showcase some of my plugins.

https://www.youtube.com/watch?v=GQtX7S_oXbY

The recording of our (CC @nicolodev talk "Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications" at @recon is now online!

Recording: https://www.youtube.com/watch?v=QxSGWk3MqaQ

Slides: https://synthesis.to/presentations/recon25_mba_obfuscation.pdf

#BinaryNinja Plugin: https://github.com/mrphrazer/obfuscation_analysis

#reverseengineering #malware

The new version of my #BinaryNinja plugin Obfuscation Analysis (v1.2) adds recursive function inlining in the decompiler.

It collapses call-heavy code into a single function; analysis, constant propagation, DCE and other analyses work across boundaries.

https://github.com/mrphrazer/obfuscation_analysis

#reverseengineering

We at emproof open-sourced a free firmware reverse engineering workshop for self-study.

Topics: ELF analysis, cracking, malware triage, embedded-Linux, bare-metal, crypto-key extraction, anti-analysis. Docker setup and solutions included.

https://github.com/emproof-com/workshop_firmware_reverse_engineering

#reverseengineering

The slides from our @recon talk, "Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications" (CC @nicolodev are now online!

Slides: https://synthesis.to/presentations/recon25_mba_obfuscation.pdf

Plugin: https://github.com/mrphrazer/obfuscation_analysis

Tomorrow at 3:30 pm, Nicolò Altamura and I will present our talk “Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications” at @recon

Details: https://cfp.recon.cx/recon-2025/talk/BKBQ37/
Plugin release: https://github.com/mrphrazer/obfuscation_analysis

Tim Blazytko boosted:

My class on code deobfuscation at REcon Montreal (June 24-27) is now open for registration! Learn how to analyze obfuscated code and break it by writing custom tools using symbolic execution, SMT solving, and program synthesis.

Details & Register: https://recon.cx/2025/trainingSoftwareDeobfuscationTechniques.html

New #BinaryNinja plugin: Obfuscation Analysis

Simplifies arithmetic obfuscation (MBA) directly in the decompiler (see demo below). Also identifies functions with corrupted disassembly.

Co-authored by @nicolodev ; available in the plugin manager.

Check it out: https://github.com/mrphrazer/obfuscation_analysis

#reverseengineering #malware #cybersecurity

Excited to teach my class on software deobfuscation in Paris at @hexacon_fr Oct 6–9, 2025!
Learn advanced techniques to defeat state-of-the-art obfuscation in DRMs & APT malware.

https://www.hexacon.fr/trainer/blazytko/

#reverseengineering #malware #malwareanalysis #softwaresecurity

At @recon , @nicolodev and I discuss the current state of MBA (de)obfuscation and their applications. We’ll also introduce a new #BinaryNinja plugin for simplifying MBAs in the decompiler.

Details: https://cfp.recon.cx/recon-2025/featured/

I'll also give a training: https://recon.cx/2025/trainingSoftwareDeobfuscationTechniques.html

#reverseengineering #malware

New heuristic in my #BinaryNinja plugin obfuscation_detection:

Duplicated Subgraphs uses iterative context hashing to spot repeated multi-block code. We merge each block’s signature with its successors over multiple rounds for efficiency.

Link: https://github.com/mrphrazer/obfuscation_detection

#reverseengineering

My class on code deobfuscation at REcon Montreal (June 24-27) is now open for registration! Learn how to analyze obfuscated code and break it by writing custom tools using symbolic execution, SMT solving, and program synthesis.

Details & Register: https://recon.cx/2025/trainingSoftwareDeobfuscationTechniques.html

Last Thursday, I gave a webinar on anti-reverse engineering techniques like obfuscation, anti-debug, anti-tamper etc, including practical examples. Recording, slides and examples are now available.

Recording: https://www.youtube.com/watch?v=Ie1eZSiMEJ8

Slides, code & samples: https://github.com/emproof-com/webinars/tree/main/2025-01-software_protection

The line-up for RE//verse is impressive, but one talk I’m particularly excited about is from Vikas Gupta and Peter Garba:

“Standing on the Shoulders of Giants: De-Obfuscating WebAssembly using LLVM”

https://re-verse.sessionize.com/session/763329

#reverseengineering

I can also be found on Bluesky: https://bsky.app/profile/mrphrazer.bsky.social

New version of my #BinaryNinja plugin obfuscation_detection.

New features detect:
* RC4 implementations (KSA + PRGA)
* functions with a high loop frequency (potential performance bottlenecks)
* irreducible loops (aggressive optimizations & obfuscation)

https://github.com/mrphrazer/obfuscation_detection

#malware #malwareanalysis

Happy to present "Unleashing AI: The Future of Reverse Engineering with Large Language Models" with @mu00d8 at
@recon We'll cover current & future RE applications, running offline models and enhancing results by merging LLMs with static analysis.

https://recon.cx/2024/presentations.html

#reverseengineering #malwareanalysis #malware #AI #LLM #REcon2024