Olivia
Online
REhints
@REhints
sharing reverse engineering knowledge
Joined May 2013
5 Following
14.2K Followers
4.3K Posts
Pinned Tweet
New #CodeXplorer v2.1 [IDA7 Edition] released! Changelog: multiple bugfixes, added gcc Virtual Tables and RTTI parsing, improved Linux and macOS support. https://t.co/NnIFg376VQ #REhints
MCP is slow for RE-heavy projects and, in some cases, is unstable.
ghidra-rpc is way faster than MCP and scales more efficiently in a multi-agent setup, since it outputs structured JSON.
Practical Android Software Protection in the Wild: An Appetizer
In which @Farenain analyzes 2.5 million Android apps to identify and classify the obfuscators, packers and code protectors they use:
https://t.co/xKQGrK2qxI
We're mostly an IDA shop at @CellebriteLabs, but I decided to play around with Ghidra. My main motivation was to experiment with agentic reverse engineering techniques. The result is an agent skill for Ghidra, which we are releasing publicly:
https://t.co/mPrNFR8mOq >>
Who to follow
x64dbg
@x64dbg
An open-source x64/x32 debugger for windows.
REcon 
@reconmtl
REcon: Annual reverse engineering and security conference held in Montreal.
radare
@radareorg
Reverse Engineering Framework for the commandline cowboys. Follow us in our primary fediverse for more updates https://t.co/aC9GtrVSVm
That is crazy! I do not believe there are any excuses for the overall behavior. I am extremely disappointed that Microsoft thinks this is acceptable at all and that a (non-)apology suffices @msftsecresponse @MSFTBlueHat @Microsoft
Looks like @Binary_Gecko has published my blog post about putting a KASAN style MTE tag map into the kernel panic output of macOS. https://t.co/7u0osOQGqo
Logic bug in the Linux kernel's __ptrace_may_access() function (CVE-2026-46333)
Article about a logical bug in ptrace implementation that allows getting access to file descriptors of other processes and thus escalating privileges in certain scenarios.
https://t.co/s5jkzBpV36
Agents need better tools for reversing! I'm releasing declib (previously libbs), with a new CLI today that gives agents CLI access to 4 decompilers (IDA, Ghidra, Binja, angr), parity feature support to most MCP (12 features), and the ability to sync those changes across decs!
Time-to-Exploit has changed significantly for n-days, especially in OSS projects, where the code changes in the fix can serve as a harness for PoC creation.
There’s effectively zero time to apply updates, the MTTR metric has a negative value nowadays. Defense in depth definitely helps by adding layers to buy some time, but in general, old threat models are becoming irrelevant.
I was going to make this same point: “Is there even such thing as Security Through Obscurity” anymore? “I” (Claude) made short work of some DexProtect-ed Android app the other day to extract info I needed
This is a critical point for defenders to get: "Beyond the acceleration in vulnerability research and malware analysis, the same new reality applies to software protection, and security by obscurity, or assuming the attacker is limited in compute and motivation, no longer works."
NYC folks: https://t.co/y1GRMOl37x meetup this Thursday @ Etsy, 10+ lightning talks, registration link above! Our biggest one yet!
I fully agree: even targets such as anti-cheats and gaming DRMs have become significantly easier to analyze with agents, if you know how to guide them and validate their results.
@nicolodev and I will about that at @reconmtl:
https://t.co/SYeix8evn4
[#POC2026 NOTICE]
Your offensive conference is BACK again in its shape!
and POC2026 begins in a new home.
⏰ Date: November 12–13
📍 New Venue: The Westin Seoul Parnas, Korea 🇰🇷
👨🏫 CFT: June 1 – June 26
🎙️ CFP: June 1 – September 30
🎟️ Registration: September 1 – October 31
More info 👉 https://t.co/LP1W4KC4vY
![POC_Crew's tweet photo. [#POC2026 NOTICE]
Your offensive conference is BACK again in its shape!
and POC2026 begins in a new home.
⏰ Date: November 12–13
📍 New Venue: The Westin Seoul Parnas, Korea 🇰🇷
👨🏫 CFT: June 1 – June 26
🎙️ CFP: June 1 – September 30
🎟️ Registration: September 1 – October 31
More info 👉 https://t.co/LP1W4KC4vY](https://pbs.twimg.com/media/HJtq1GRbYAA06DX.jpg)
Interested in becoming a speaker at Offensivecon Tokyo? You have three months to submit your talk on an innovative offensive security topic.
More information here 👉️ https://t.co/ynVQnUBDrj
Dyn Taintflow Analysis (DTA) - one of the main components of VUzzer (NDSS 2017) - finally got the re-engineering I'd been postponing for years.
Several ideas had been stuck in my notebook ever since. 1/n
RedSun: Exploiting Windows Defender's Remediation Workflow for Local Privilege Escalation
Just showing some appreciation for @ChaoticEclipse0's excellent work. Hopefully this won't get us banned!
https://t.co/Z4zbaa2Jcd
When the verifier's model of computation is different from the implemented computation.
StepStone: LLM-Based GPU Kernel Driver Fuzzing via User-Space Libraries
Paper by @ETenal7 et. al about using LLMs for generating syzkaller descriptions for fuzzing GPU drivers via their userspace libraries APIs.
https://t.co/vhF9E8kY2j
Previous generations of software protection (DRM perspective) have always relied on code complexity (for RE), compute limitations, and human limitations as the guarantees that kept hacking timelines reasonably long.
That's changed now. Beyond the acceleration in vulnerability research and malware analysis, the same new reality applies to software protection, and security by obscurity, or assuming the attacker is limited in compute and motivation, no longer works.
Security research reporting is kinda the only situation where an individual has any power over a corporation. What goes unsaid: the researcher could easily sell exploits on the grey market and get rich. Most report out of morals, lowk a refusal to contribute to cyberwarfare. Vendors relying on those morals to bully are happily prodding good people until they crack
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers