A fantastic review of the Introduction to Malware Binary Triage course from Kelvin Winborne who recently completed the course
https://grepstrength.dev/invoke-res-introduction-to-malware-binary-triage-review-ff482d5228be
Invoke RE’s Introduction to Malware Binary Triage Review
Put some respect on your own name!
We've uploaded our live stream from RE//verse 2026 where we sat down with Mason Reed from
@binaryninja to discuss WARP signatures used for symbol and type information recovery. Mason is a wealth of knowledge and it was a pleasure speaking with him at this amazing event!
https://youtu.be/BgV2azB_ajk
Live From RE//verse 2026: WARP Signatures with Mason Reed (Stream - 06/03/2026)
Our founder Joshua Reynolds will be attending RE//verse 2026! Come say hi during the conference to get some Invoke RE swag and talk to him about malware analysis and reverse engineering!
Addressing Common Misconceptions about .NET in the InfoSec World by
@washi https://blog.washi.dev/posts/misconceptions-about-dotnet/Addressing Common Misconceptions about .NET in the InfoSec World
Over the past couple years, I have come to know the .NET platform pretty well, from both a developer’s and a reverse engineer’s standpoint.
We've uploaded our stream from last Thursday where we analyzed the Avalon Linux bot with IDA Pro. Throughout this stream we reversed its persistence, C2 functionality, encryption and command dispatcher. Enjoy!
https://youtu.be/IaWUq5K6HCc
Avalon Linux Bot Malware Analysis with IDA Pro (Stream - 05/02/2026)
Our second Floxif file infector stream from Jan 13 is up! We continued analyzing Floxif with Binary Ninja and finished the custom string types and stack strings deobfuscation scripts:
https://www.youtube.com/watch?v=vPNpYq67RnQ enjoy!
Floxif File Infector String Decryption and Analysis (Stream Part 2 - 13/01/2026)
With our Binary Ninja MCP server, we were able to automate malware analysis and generate a Yara rule based on analysis conducted, which to our surprise was functional 🤯
We've uploaded our stream where we analyzed Stealc with Binary Ninja, wrote automation to decrypt its strings and dynamically analyzed it with x64dbg
https://www.youtube.com/watch?v=zqVOhIK1cM8 enjoy! Notes and code can be found here:
https://github.com/Invoke-RE/stream-notes/tree/main/stealc
Stealc Malware Analysis with Binary Ninja (Stream - 25/02/2025)
We are excited to announce that we will be doing in-person training at NorthSec 2025! This will be an in-person adaptation of our Binary Ninja malware analysis course. It will primarily be hands on activities where you will learn to analyze real-world malware samples with Binary Ninja, x64dbg and other open source tools. More info here:
https://nsec.io/training/2025-introduction-to-malware-binary-triage/
AI SecureOps: Attacking & Defending AI Applications & Agents
We have uploaded the workshop materials from our REcon 2024 workshop on Automating Malware Deobfuscation with Binary Ninja. The slides, workshop manual and code can be found here:
https://cfp.recon.cx/recon2024/talk/review/TAX8LR3HBYDMJDGGXXVB8RLENWXETNX7 thank you again to all those who attended!
Automating Malware Deobfuscation with Binary Ninja Recon 2024
[15 min] Introducing Workshop Resources and Content
The workshop will begin by familiarizing participants with the tools used in the workshop, including:
* Binary Ninja (https://binary.ninja/) and Binary Ninja’s user-interface (UI) components that we will be using throughout the workshop (mainly the disassembler, decompiler, Python REPL, and scripting interfaces)
* Binary Ninja’s Decompiler, which uses Binary Ninja Intermediate Languages (BNILs - https://docs.binary.ninja/dev/bnil-overview.html). These BNILs will be used to assist with understanding disassembled instructions during our reverse engineering process
* Binary Ninja’s Python interface, which will be used for interacting with these BNILs
Participants will then be provided with a brief overview of the malware we will be analyzing (Qakbot) and the steps that we will take to get there.
[45 min] Writing a Static Unpacker
This section will teach participants how to automate unpacking and decryption of malware samples. This will be accomplished using the Qakbot sample as an example. The Qakbot sample is packed (obfuscated using an external program that “unpacks itself”) and therefore we will perform multiple hands-on exercises to automate the extraction of Qakbot from its packed form using Binary Ninja, PEFile and Binary Refinery
* The first exercise will teach attendees how to use Binary Ninja to identify the encryption algorithm used by the first stage of the packer and how to extract key information to decrypt the second stage
* The next exercise will teach attendees how to use PEFile (https://github.com/erocarrera/pefile) to extract an embedded resource from the packed binary. Once extracted, the resource will then be decrypted using the key information from the first exercise
* The next exercise will teach attendees how to use Binary Refinery (https://github.com/binref/refinery) to carve binary files from the decrypted resource
