New #TinyTracer (4.0) is ready: github.com/hasherezade/...
- refactored for compatibility with the latest PIN - and with some new features!
Took some time to improve a few things on WinDiff (added permalinks, filtered out empty results) and added a Claude skill to easily use WinDiff to produce quick security-oriented diff analyses between binary/OS versions. Feel free to try!
github.com/ergrelet/win...
Erwan Grelet
Agents need better tools for reversing! I'm releasing declib (previously libbs), with a new CLI today that gives agents CLI access to 4 decompilers (IDA, Ghidra, Binja, angr), parity feature support to most MCP (12 features), and the ability to sync those changes across decs!
Offensivecon is coming to Tokyo! 🔗 www.offensivecon.jp
Ticket shop, sponsorships and CFP are already open...
Join us at REcon 2026 for a deep dive into deobfuscation! @mrphrazer.bsky.social and I will share some insights on the evolving landscape. Stay tuned!
Deepfakes are everywhere, but digital forensics investigators are fighting back.
Learn more: https://scim.ag/42dMPBg
Seth Jenkins updated our 0-click exploit chain to work on a Pixel 10 with an eye-popping driver bug!
We’ll be presenting this work Saturday @offensivecon.bsky.social
projectzero.google/2026/05/pixe...
Big changes to Android and Chrome VRP:
- focus on high-impact, reproducible bugs with low/no reward for lower impact
- big prizes for full chains with some annual limits
- PoCs required
It’s the end of an era, but the start of a new one.
bughunters.google.com/blog/evolvin...
Zion Leonahenahe Basque
I'll be back at @reconmtl.bsky.social teaching a training with Keith Ramphal, we'll be bringing our combined malware reverse engineering experience to the masses! Whatever runs, wherever it runs, cause the days of your boring ol' Windows C bot are over. recon.cx/2026/en/trai...
We are announcing changes to the Chrome & Android Vulnerability Reward Programs (VRP) which take effect immediately and are focused on adjusting our reward amounts and bonuses to reflect the types of ...
bughunters.google.com
We recently published an exploit chain for the Google Pixel 9 that demonstrated it was possible t...
4-day hands-on malware analysis training by Marion Marschalek and Keith Ramphal. Master Windows, Linux & macOS malware reverse engineering at REcon Montreal.
@blackhoodie.bsky.social will be back at @reconmtl.bsky.social this year 😱😻✨ Jane Tangen and Amna K Moon will be teaching an Introduction to x86 Reverse Engineering! We're delighted to be hosted at the Montreal Google offices!
blackhoodie.re/Recon2026/
We are looking forward to hosting another Blackhoodie training at Recon for 2026! We will be hosting a free, one day training for women, by women.Join us for an introduction to Ghidra and static analy...
Talk w/ @nicolo.dev at @reconmtl.bsky.social : Deobfuscation in the Age of Agentic Reverse Engineering
From control-flow cleanup to interprocedural analysis—and why human reasoning still matters.
Details: cfp.recon.cx/recon-2026/t...
Additional training on deobfuscation:
recon.cx/2026/en/trai...
