Jesko HüttenhainMar 17
A lot of convenience added to #BinaryRefinery in 0.10.2 overall, so this might be a good time to update.
Jesko HüttenhainMar 17

If you like both #BinaryRefinery and #Claude, try out this skill I wrote:

https://github.com/binref/agent/

GitHub - binref/agent: Language Model Agent Instructions for Binary Refinery

Language Model Agent Instructions for Binary Refinery - binref/agent

GitHub
Jesko HüttenhainFeb 23

Announcing #BinaryRefinery 0.10.0 [BR]. Includes some (hopefully) notable performance improvements and quite a few bug fixes. It also adds a prototype batch parser/emulator which aspires to become a proper batch deobfuscator in future releases.

[BR] https://github.com/binref/refinery

GitHub - binref/refinery: High Octane Triage Analysis

High Octane Triage Analysis. Contribute to binref/refinery development by creating an account on GitHub.

GitHub
Jesko HüttenhainDec 26

RE: https://infosec.exchange/@larsborn/115786127689710651

Speaking of which: I will also.be at #39c3, in close vicinity of this gentleman. I can offer some cyber of my own, #BinaryRefinery , or classically, math & crypto stuff.

Jesko HüttenhainDec 15
Yesterday I released #BinaryRefinery v0.9.20; it supports unpacking InnoSetup archives up to the most recent version. I also fixed a bug that made every unit crash when running under Python 3.14 in case that sounds familiar to you.
Jesko HüttenhainDec 6
I just released #BinaryRefinery v0.9.13. No particularly amazing new features, but it contains quite a few bug fixes. If you haven't updated in a while, maybe this is the time! Changelog:
https://github.com/binref/refinery/blob/master/CHANGELOG.md
Jesko HüttenhainJul 22, 2025
So #BinaryRefinery 0.8.25 is out with support for the latest Inno Setup installer files, but more importantly the repo has 4000 commits!!
Jesko HüttenhainJun 20, 2025

I just pushed out #BinaryRefinery v0.8.24 which fixes all the issues I encountered during my recent live stream =D.

The main problems were caused by running an old version of pip in WSL, which caused an old version of LIEF to be installed, hence failing to parse executable formats. The 'solution' is to add a stricter version requirement for LIEF and improve the documentation to include a pip update.

Finally, I have finally fixed the annoying issue that I ran into on the stream with passing arguments to path extractor units that match a file on disk. Starting with v0.8.24, these arguments will no longer read file contents by default.

Jesko HüttenhainJun 19, 2025

I will be doing a live stream [stream] later today, kindly hosted by the amazing Dr. Josh Stroschein! I will be using #BinaryRefinery to replicate an analysis that Josh previously presented [source], of a download chain going from exploit document all the way to the AgentTesla payload itself.

[stream]: https://www.youtube.com/live/HuLONk0Rt98
[source]: https://www.youtube.com/playlist?list=PLHJns8WZXCdvfqIp9m0kkjsbg9G8YWdSH

Unraveling a Multi-Stage Downloader with Binary Refinery - Guest Jesko Hüttenhain

YouTube
Jesko HüttenhainMay 21, 2025

If you use #BinaryRefinery for unpacking MSI or CAB files, I urge you to update to at least 0.8.18: I recently fixed a very subtle error in my LZX implementation which will make it so that your output is almost correct, with just a few incorrect bytes.

LZX is used for extracting certain CABs, which in turn is used for certain MSIs. The bug is in the x86 filter used by LZX where I treated an integer as unsigned when it needs to be interpreted as signed. I am indebted to a colleague of mine who shall remain anonymous for now for pointing out the erroneous output, this would have been fairly hard to catch otherwise.