Lmst

📣🦀 We're very excited to announce TWO sessions for our flagship Rust reverse engineering course, Deconstructing Rust Binaries, coming to you in early 2026!

1) Deconstructing Rust Binaries at @ringzer0 COUNTERMEASURE, March 23-26 2026, 16 hours, Remote: https://ringzer0.training/countermeasure-spring-2026-deconstructing-rust-binaries/

2) Deconstructing Rust Binaries at @NorthSec, May 11-13 2026, 24 hours, Onsite in Montréal, Canada and Remote: https://nsec.io/training/2026-deconstructing-rust-binaries/

Deconstructing Rust Binaries is the first comprehensive training course focused _solely_ on reverse engineering Rust binaries. This course is for any reverse engineer who needs a rapid, practical upskill in your ability to analyze Rust binaries. You will learn how to effectively triage Rust binaries, how to trace data flow through Rust binaries, and how to tackle common techniques found in the Rust malware ecosystem.

This course is taught and written by an experienced malware reverse engineer, @cxiao, with extensive experience specifically in reversing Rust binaries. Want a preview of the technical expertise we offer? Check out the 120+ FREE slides on Rust reversing from our recent workshop, "Reversing a (Not-so-Simple) Rust Loader"! https://github.com/decoderloop/2025-11-07-ringzer0-countermeasure-not-so-simple-rust-loader-workshop/

A few key things about the course:

1) No previous experience with reversing Rust binaries, or writing Rust code, is required!
2) The course will use Binary Ninja as the primary reverse engineering tool. You will be provided a Binary Ninja student license as part of the course.
3) We're excited to offer flexibility in the training format and course depth. You have the choice of either taking:

a) A fully remote, 4 hour per day, shorter class at Ringzer0 (https://ringzer0.training/countermeasure-spring-2026-deconstructing-rust-binaries/)
b) A remote or onsite, 8 hour per day, comprehensive class at NorthSec (https://nsec.io/training/2026-deconstructing-rust-binaries/)

We look forward to seeing you in 2026!

#infosec #InfosecTraining #malware #MalwareAnalysis #ReverseEngineering #reversing #rust #rustlang #binaryninja #NorthSec #ringzer0 #Ringzer0Training

Misc story time:
tldr: I've been collecting security conference stickers for 20+ years and just now got around to using them ¯\_(ツ)_/¯

I'm not the kind of person to put stickers on my laptop. This means that for 23 years (apparently), when I got stickers from a conference, I kept them, put them in a bag, moved them from house-to-house, but never actually did anything with them. Until now.

I finally found a usage; which is decorating the otherwise-sketchy-looking metal ammo case which @VeronicaKovah & I are now using to carry phones with us to trainings. We watched some videos on youtube that make it seem like those LiPo fire-protection bags would do a whole lot of not-much in the event that a fire broke out on one of the batteries. But a simple metal box seemed to do a lot better in terms of containing the flames.

So we of course expect that airport security will always stop us when traveling with them (though at least this time our TSA pre-check status seemed to give us a pass on the way out). But the expectation is that contrary to what you might thing, adding hacking conference stickers will actually be disarming, rather than alarming, with security personnel - at least when compared to the alternative of seeing a raw ammo canister ;)

The oldest sticker seems to be from DEF CON 10 (X), circa 2002 (my first DEF CON was 8 FWIW). In general I don't seek out stickers, but I do think the BadBIOS and "I want to believe" ones are things I probably got from Joe Fitz as they were of-the-moment and relevant to my interests. (If you're not familiar with the latter, it's from a very FUDish cover article [1]). I could have completely filled them, but I left a little bit of space for the future. Check out the larger pics for a potential stroll down memory lane. (RIP Shmoocon, Hackademic.info, NoSuchCon. Memento mori conference organizers ;))

#DEFCON, #BlackHat, #ShmooCon, #BlueHat, #RingZer0, #HackLU, #HardwearIO, #DistrictCon, #HackFest, #NoSuchCon, #DeepSec, #HITB, #HackersOnTheHill

[1] https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

The slides and materials from @cxiao's "Reversing a (not-so-) Simple Rust Loader" workshop at Ringzer0 COUNTERMEASURE (@ringzer0) today are now available! https://github.com/decoderloop/2025-11-07-ringzer0-countermeasure-not-so-simple-rust-loader-workshop

In addition to the slides, the materials include an annotated @binaryninja database file! Check out the Tags in the database for key locations in the binary, and the History in the database for a step-by-step walkthrough of how we marked up the binary.

#rustlang #ReverseEngineering #MalwareAnalysis #infosec #reversing #malware #binaryninja #COUNTERMEASURE25 #ringzer0

A screenshot of the Tags window in the software Binary Ninja, showing a list of bookmarked locations in a Rust binary.

A screenshot of the History window in the software Binary Ninja, showing a step by step list of variable definition, variable rename, and comment annotations made in a binary.

An annotation of a decompiled version of the Rust standard library std::sys::pal::windows::thread::Thread::new::thread_start function, showing an indirect call, via a virtual function table (vtable), to the function call_once.

Thank you all for your interest in Decoder Loop and Rust reverse engineering training so far!

Our first event is coming up this Friday, November 7th, where @cxiao will be presenting the workshop "Reversing a (not-so-) Simple Rust Loader" at the Ringzer0 COUNTERMEASURE conference (@ringzer0), in Ottawa, Canada: https://ringzer0.training/countermeasure25-workshop-reversing-a-not-so-simple-rust-loader/

By the end of this workshop, you should know where to get more information about Rust structures and types, know a few tricks for finding interesting landmarks in Rust binaries, and be much more confident in approaching Rust binaries! The workshop will be conducted with @binaryninja , so this is also a great chance to get familiar with Binary Ninja.

We hope to see you there! For more information about upcoming workshops and trainings, keep an eye on this account or sign up on our mailing list: https://decoderloop.com/contact/#training-signup-form

#rustlang #ReverseEngineering #MalwareAnalysis #infosec #reversing #malware #binaryninja #COUNTERMEASURE25 #ringzer0

🇨🇦 I'll also be presenting a hands-on, step-by-step version of "Reversing a (not-so-) Simple Rust Loader" as a workshop at Ringzer0 COUNTERMEASURE in Ottawa, Canada on November 7, 2025! We will be reversing the Rust malware sample in this article together.

https://ringzer0.training/countermeasure25-workshop-reversing-a-not-so-simple-rust-loader/

Hope to see you at @ringzer0 in Ottawa!

#malware #rust #rustlang #infosec #ReverseEngineering #MalwareAnalysis #infostealer #ringzer0

Over the course of the next few weeks, #hackers virtually around the world will be reaching the next lvl sk177z at
@ringzer0!

Find out how at the #DCG201 #HackerSummerCamp 2024 Guide for #ringzer0 #DOUBLEDOEN24: https://defcon201.medium.com/hacker-summer-camp-2024-guides-part-eight-doubledown24-by-ringzer0-3b36a9241553

@defcon #bhusa #blackhat #redteam #blueteam

#zdi declaring #pwn2own automotive the most extensive use of #rfhackers they've seen , often for 6 figure bugs at #ringzer0

Fan-boi-ing on @horizon3ai @ #ringzer0

@scarletfire

Hi!

I'm prepping last minute things for my trip tomorrow for #ringzer0 Running the Hack Our Drone workshop in Austin this Saturday

#Ringzer0 #Bootstrap24 will have a Keynote from the incredible Halvar Flake on "Revisiting 2017: #AI and #Security, 7 years later". This keynote is a followup to his earlier ZeroNights Moscow keynote, available here: https://www.youtube.com/watch?v=BrKL4knp_Xk - don't miss it!

Headed to Austin for #ringzer0 @ringzer0

screenshot of acceptance letter from Ringzer0 for the "Hack Our Drone" workshop

🚀💥 Brace for impact! Ringzer0's #ZER0GRAVITY event is hitting Las Vegas this August! Level up with 15 stellar trainings! Don't miss out—grab your early bird ticket NOW!

🎟️🐦 https://ringzer0.regfox.com/ringzer0-zer0gravity

#Ringzer0 #CyberSecurity #LasVegas #EarlyBird

For my #Android training next week at #RingZer0, please:

- Install Docker CE
- Install my container: docker pull cryptax/android-re:latest
- Install Android Studio
- If possible, use Linux (it's tested on it)
- Be sure to have: SSH or VNC client, a recent Java JDK, a recent Python (3+), Discord & Zoom clients, your favorite editor.

Note: you do NOT need an Android smartphone, and actually, it's *dangerous* to use it :D
We will be using Android emulators all the time.

cc: @ringzer0

Finished creating an exercise for my @ringzer0 training where we use #Medusa to unpack X layers of a Android/Joker sample of yesterday

sha256: eb46541e2991a20c20fca66e51a705a309e6576296c435126ac369ba41e6bff5

#Android #malware #ringzer0 #training

Just another incentive to register! :D

I've been working today on improving & updating my training for #RingZer0. It's not finished yet, but I've already added a fresh new exercise on #Quark, and I want to add one on #Pithus too

#Android #malware

#ringzer0

Client Info