#binaryanalysis — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #binaryanalysis, aggregated by home.social.
-
As promised, here is the technical audit of Signal (v8.3.4) and Wire (v4.21.0) using the GAMA v1.0 methodology. Analysis is strictly based on evidence from production binaries (DEX, ELF, Smali).Key Findings:Post-Quantum: Signal uses a continuous PQ-ratchet (ML-KEM1024). Wire implements a hybrid KEM (Kyber768 Draft) in MLS setup.Metadata: Signal's Sealed Sender v2 obfuscates the social graph. Wire's architecture prioritizes enterprise federation over metadata hiding.Telemetry: Detected a Firebase Measurement Connector bridge in Wire's production build.Integrity: Binary evidence of Signal’s SVR2 Noise channel for SGX-backed PIN recovery.I have also corrected material errors from my preliminary notes regarding SQLCipher and PQC in Wire. This is an objective look at architectural trade-offs.Feedback and peer review are welcome to improve the GAMA framework.Full Report:
https://blackcodeitalia.wordpress.com/2026/03/22/comparative-binary-analysis-of-signal-8-3-4-and-wire-4-21-0-a-gama-v1-0-perspective/for gama methods availabile on my github repository
#Infosec #Signal #Wire #SignalApp #WireApp #Cybersecurity #BinaryAnalysis #GAMA #PostQuantum #Privacy
-
As promised, here is the technical audit of Signal (v8.3.4) and Wire (v4.21.0) using the GAMA v1.0 methodology. Analysis is strictly based on evidence from production binaries (DEX, ELF, Smali).Key Findings:Post-Quantum: Signal uses a continuous PQ-ratchet (ML-KEM1024). Wire implements a hybrid KEM (Kyber768 Draft) in MLS setup.Metadata: Signal's Sealed Sender v2 obfuscates the social graph. Wire's architecture prioritizes enterprise federation over metadata hiding.Telemetry: Detected a Firebase Measurement Connector bridge in Wire's production build.Integrity: Binary evidence of Signal’s SVR2 Noise channel for SGX-backed PIN recovery.I have also corrected material errors from my preliminary notes regarding SQLCipher and PQC in Wire. This is an objective look at architectural trade-offs.Feedback and peer review are welcome to improve the GAMA framework.Full Report:
https://blackcodeitalia.wordpress.com/2026/03/22/comparative-binary-analysis-of-signal-8-3-4-and-wire-4-21-0-a-gama-v1-0-perspective/for gama methods availabile on my github repository
#Infosec #Signal #Wire #SignalApp #WireApp #Cybersecurity #BinaryAnalysis #GAMA #PostQuantum #Privacy
-
As promised, here is the technical audit of Signal (v8.3.4) and Wire (v4.21.0) using the GAMA v1.0 methodology. Analysis is strictly based on evidence from production binaries (DEX, ELF, Smali).Key Findings:Post-Quantum: Signal uses a continuous PQ-ratchet (ML-KEM1024). Wire implements a hybrid KEM (Kyber768 Draft) in MLS setup.Metadata: Signal's Sealed Sender v2 obfuscates the social graph. Wire's architecture prioritizes enterprise federation over metadata hiding.Telemetry: Detected a Firebase Measurement Connector bridge in Wire's production build.Integrity: Binary evidence of Signal’s SVR2 Noise channel for SGX-backed PIN recovery.I have also corrected material errors from my preliminary notes regarding SQLCipher and PQC in Wire. This is an objective look at architectural trade-offs.Feedback and peer review are welcome to improve the GAMA framework.Full Report:
https://blackcodeitalia.wordpress.com/2026/03/22/comparative-binary-analysis-of-signal-8-3-4-and-wire-4-21-0-a-gama-v1-0-perspective/for gama methods availabile on my github repository
#Infosec #Signal #Wire #SignalApp #WireApp #Cybersecurity #BinaryAnalysis #GAMA #PostQuantum #Privacy
-
As promised, here is the technical audit of Signal (v8.3.4) and Wire (v4.21.0) using the GAMA v1.0 methodology. Analysis is strictly based on evidence from production binaries (DEX, ELF, Smali).Key Findings:Post-Quantum: Signal uses a continuous PQ-ratchet (ML-KEM1024). Wire implements a hybrid KEM (Kyber768 Draft) in MLS setup.Metadata: Signal's Sealed Sender v2 obfuscates the social graph. Wire's architecture prioritizes enterprise federation over metadata hiding.Telemetry: Detected a Firebase Measurement Connector bridge in Wire's production build.Integrity: Binary evidence of Signal’s SVR2 Noise channel for SGX-backed PIN recovery.I have also corrected material errors from my preliminary notes regarding SQLCipher and PQC in Wire. This is an objective look at architectural trade-offs.Feedback and peer review are welcome to improve the GAMA framework.Full Report:
https://blackcodeitalia.wordpress.com/2026/03/22/comparative-binary-analysis-of-signal-8-3-4-and-wire-4-21-0-a-gama-v1-0-perspective/for gama methods availabile on my github repository
#Infosec #Signal #Wire #SignalApp #WireApp #Cybersecurity #BinaryAnalysis #GAMA #PostQuantum #Privacy
-
As promised, here is the technical audit of Signal (v8.3.4) and Wire (v4.21.0) using the GAMA v1.0 methodology. Analysis is strictly based on evidence from production binaries (DEX, ELF, Smali).Key Findings:Post-Quantum: Signal uses a continuous PQ-ratchet (ML-KEM1024). Wire implements a hybrid KEM (Kyber768 Draft) in MLS setup.Metadata: Signal's Sealed Sender v2 obfuscates the social graph. Wire's architecture prioritizes enterprise federation over metadata hiding.Telemetry: Detected a Firebase Measurement Connector bridge in Wire's production build.Integrity: Binary evidence of Signal’s SVR2 Noise channel for SGX-backed PIN recovery.I have also corrected material errors from my preliminary notes regarding SQLCipher and PQC in Wire. This is an objective look at architectural trade-offs.Feedback and peer review are welcome to improve the GAMA framework.Full Report:
https://blackcodeitalia.wordpress.com/2026/03/22/comparative-binary-analysis-of-signal-8-3-4-and-wire-4-21-0-a-gama-v1-0-perspective/for gama methods availabile on my github repository
#Infosec #Signal #Wire #SignalApp #WireApp #Cybersecurity #BinaryAnalysis #GAMA #PostQuantum #Privacy
-
🎯 NOW PUBLISHING: On-Location Coverage from #BlackHat USA 2025!
We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!
🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!
We're thrilled to share this critical Brand Story conversation thanks to our friends at ReversingLabs 🙏
Your Business Apps Are Bringing Friends You Didn't Invite
Every commercial software application is a complex assembly of first-party, contracted, open source, and third-party code. But when #SolarWinds, #Kaseya, and #Ivanti happened, we learned that vendor questionnaires and contractual assurances offer little protection against supply chain compromises.
At #BlackHat2025, Saša Zdjelar, Chief Trust Officer at ReversingLabs, reveals how organizations can finally verify the integrity of #software from outside vendors—without relying on blind trust.
The game-changer: Comprehensive binary analysis that deconstructs any file into its components to:
• Detect malware, tampering, and embedded secrets
• Identify #vulnerabilities and insecure practices
• Uncover undocumented network connections
• Flag #compliance risks from restricted regions
This isn't just another policy checkbox—it's a true technical control that inspects the software itself, regardless of size or complexity.
Real-world applications:
• Procurement: Auto-scan all software before deployment
• Version Monitoring: Detect unexpected behavior changes between releases
• Critical Environments: Verify integrity before software enters OT, ICS, or financial systems
• Risk Management: Assess COTS software as part of ongoing vendor reviews
With regulations like EO 14028 and the EU's #CyberResilience Act demanding transparency, the ability to technically validate every application delivers both strategic protection and measurable benefits.
📺 Watch the video: https://youtu.be/pU9bHYFND7c
➤ Learn more about ReversingLabs: https://itspm.ag/reversinglabs-v57b
✦ Catch more stories from #ReversingLabs: https://www.itspmagazine.com/directory/reversinglabs
🎪 Follow all of our #BHUSA 2025 coverage: https://www.itspmagazine.com/bhusa25
#Cybersecurity #SupplyChainSecurity #SoftwareIntegrity #BlackHatUSA #BHUSA25 #ThirdPartyRisk #SBOM #BinaryAnalysis #Compliance #ZeroTrust
-
🎯 NOW PUBLISHING: On-Location Coverage from #BlackHat USA 2025!
We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!
🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!
We're thrilled to share this critical Brand Story conversation thanks to our friends at ReversingLabs 🙏
Your Business Apps Are Bringing Friends You Didn't Invite
Every commercial software application is a complex assembly of first-party, contracted, open source, and third-party code. But when #SolarWinds, #Kaseya, and #Ivanti happened, we learned that vendor questionnaires and contractual assurances offer little protection against supply chain compromises.
At #BlackHat2025, Saša Zdjelar, Chief Trust Officer at ReversingLabs, reveals how organizations can finally verify the integrity of #software from outside vendors—without relying on blind trust.
The game-changer: Comprehensive binary analysis that deconstructs any file into its components to:
• Detect malware, tampering, and embedded secrets
• Identify #vulnerabilities and insecure practices
• Uncover undocumented network connections
• Flag #compliance risks from restricted regions
This isn't just another policy checkbox—it's a true technical control that inspects the software itself, regardless of size or complexity.
Real-world applications:
• Procurement: Auto-scan all software before deployment
• Version Monitoring: Detect unexpected behavior changes between releases
• Critical Environments: Verify integrity before software enters OT, ICS, or financial systems
• Risk Management: Assess COTS software as part of ongoing vendor reviews
With regulations like EO 14028 and the EU's #CyberResilience Act demanding transparency, the ability to technically validate every application delivers both strategic protection and measurable benefits.
📺 Watch the video: https://youtu.be/pU9bHYFND7c
➤ Learn more about ReversingLabs: https://itspm.ag/reversinglabs-v57b
✦ Catch more stories from #ReversingLabs: https://www.itspmagazine.com/directory/reversinglabs
🎪 Follow all of our #BHUSA 2025 coverage: https://www.itspmagazine.com/bhusa25
#Cybersecurity #SupplyChainSecurity #SoftwareIntegrity #BlackHatUSA #BHUSA25 #ThirdPartyRisk #SBOM #BinaryAnalysis #Compliance #ZeroTrust
-
🎯 NOW PUBLISHING: On-Location Coverage from #BlackHat USA 2025!
We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!
🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!
We're thrilled to share this critical Brand Story conversation thanks to our friends at ReversingLabs 🙏
Your Business Apps Are Bringing Friends You Didn't Invite
Every commercial software application is a complex assembly of first-party, contracted, open source, and third-party code. But when #SolarWinds, #Kaseya, and #Ivanti happened, we learned that vendor questionnaires and contractual assurances offer little protection against supply chain compromises.
At #BlackHat2025, Saša Zdjelar, Chief Trust Officer at ReversingLabs, reveals how organizations can finally verify the integrity of #software from outside vendors—without relying on blind trust.
The game-changer: Comprehensive binary analysis that deconstructs any file into its components to:
• Detect malware, tampering, and embedded secrets
• Identify #vulnerabilities and insecure practices
• Uncover undocumented network connections
• Flag #compliance risks from restricted regions
This isn't just another policy checkbox—it's a true technical control that inspects the software itself, regardless of size or complexity.
Real-world applications:
• Procurement: Auto-scan all software before deployment
• Version Monitoring: Detect unexpected behavior changes between releases
• Critical Environments: Verify integrity before software enters OT, ICS, or financial systems
• Risk Management: Assess COTS software as part of ongoing vendor reviews
With regulations like EO 14028 and the EU's #CyberResilience Act demanding transparency, the ability to technically validate every application delivers both strategic protection and measurable benefits.
📺 Watch the video: https://youtu.be/pU9bHYFND7c
➤ Learn more about ReversingLabs: https://itspm.ag/reversinglabs-v57b
✦ Catch more stories from #ReversingLabs: https://www.itspmagazine.com/directory/reversinglabs
🎪 Follow all of our #BHUSA 2025 coverage: https://www.itspmagazine.com/bhusa25
#Cybersecurity #SupplyChainSecurity #SoftwareIntegrity #BlackHatUSA #BHUSA25 #ThirdPartyRisk #SBOM #BinaryAnalysis #Compliance #ZeroTrust
-
🎯 NOW PUBLISHING: On-Location Coverage from #BlackHat USA 2025!
We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!
🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!
We're thrilled to share this critical Brand Story conversation thanks to our friends at ReversingLabs 🙏
Your Business Apps Are Bringing Friends You Didn't Invite
Every commercial software application is a complex assembly of first-party, contracted, open source, and third-party code. But when #SolarWinds, #Kaseya, and #Ivanti happened, we learned that vendor questionnaires and contractual assurances offer little protection against supply chain compromises.
At #BlackHat2025, Saša Zdjelar, Chief Trust Officer at ReversingLabs, reveals how organizations can finally verify the integrity of #software from outside vendors—without relying on blind trust.
The game-changer: Comprehensive binary analysis that deconstructs any file into its components to:
• Detect malware, tampering, and embedded secrets
• Identify #vulnerabilities and insecure practices
• Uncover undocumented network connections
• Flag #compliance risks from restricted regions
This isn't just another policy checkbox—it's a true technical control that inspects the software itself, regardless of size or complexity.
Real-world applications:
• Procurement: Auto-scan all software before deployment
• Version Monitoring: Detect unexpected behavior changes between releases
• Critical Environments: Verify integrity before software enters OT, ICS, or financial systems
• Risk Management: Assess COTS software as part of ongoing vendor reviews
With regulations like EO 14028 and the EU's #CyberResilience Act demanding transparency, the ability to technically validate every application delivers both strategic protection and measurable benefits.
📺 Watch the video: https://youtu.be/pU9bHYFND7c
➤ Learn more about ReversingLabs: https://itspm.ag/reversinglabs-v57b
✦ Catch more stories from #ReversingLabs: https://www.itspmagazine.com/directory/reversinglabs
🎪 Follow all of our #BHUSA 2025 coverage: https://www.itspmagazine.com/bhusa25
#Cybersecurity #SupplyChainSecurity #SoftwareIntegrity #BlackHatUSA #BHUSA25 #ThirdPartyRisk #SBOM #BinaryAnalysis #Compliance #ZeroTrust
-
🎯 NOW PUBLISHING: On-Location Coverage from #BlackHat USA 2025!
We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!
🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!
We're thrilled to share this critical Brand Story conversation thanks to our friends at ReversingLabs 🙏
Your Business Apps Are Bringing Friends You Didn't Invite
Every commercial software application is a complex assembly of first-party, contracted, open source, and third-party code. But when #SolarWinds, #Kaseya, and #Ivanti happened, we learned that vendor questionnaires and contractual assurances offer little protection against supply chain compromises.
At #BlackHat2025, Saša Zdjelar, Chief Trust Officer at ReversingLabs, reveals how organizations can finally verify the integrity of #software from outside vendors—without relying on blind trust.
The game-changer: Comprehensive binary analysis that deconstructs any file into its components to:
• Detect malware, tampering, and embedded secrets
• Identify #vulnerabilities and insecure practices
• Uncover undocumented network connections
• Flag #compliance risks from restricted regions
This isn't just another policy checkbox—it's a true technical control that inspects the software itself, regardless of size or complexity.
Real-world applications:
• Procurement: Auto-scan all software before deployment
• Version Monitoring: Detect unexpected behavior changes between releases
• Critical Environments: Verify integrity before software enters OT, ICS, or financial systems
• Risk Management: Assess COTS software as part of ongoing vendor reviews
With regulations like EO 14028 and the EU's #CyberResilience Act demanding transparency, the ability to technically validate every application delivers both strategic protection and measurable benefits.
📺 Watch the video: https://youtu.be/pU9bHYFND7c
➤ Learn more about ReversingLabs: https://itspm.ag/reversinglabs-v57b
✦ Catch more stories from #ReversingLabs: https://www.itspmagazine.com/directory/reversinglabs
🎪 Follow all of our #BHUSA 2025 coverage: https://www.itspmagazine.com/bhusa25
#Cybersecurity #SupplyChainSecurity #SoftwareIntegrity #BlackHatUSA #BHUSA25 #ThirdPartyRisk #SBOM #BinaryAnalysis #Compliance #ZeroTrust
-
Legacy security testing leaves mobile apps vulnerable to third-party risks. Without deeper binary analysis, attackers can exploit blind spots in the software supply chain. https://jpmellojr.blogspot.com/2025/05/mobile-and-third-party-risk-how-legacy.html #AppSec #MobileSecurity #BinaryAnalysis #SecurityTesting
-
HEX.DANCE - Client-side binary/file analysis, hex dump viewer & editor.
-
Want to learn more about ELF files? 🧝♂️
My new blog post "Wherein We Look At An ELF".
In this post we will explore:
🖥️ The anatomy of ELF files—what makes them tick
🔍 Relocatable but not yet Executable—more compilation shenanigans
🧩 To Strip or not to Strip—is that the question?
🔐 Some ELF tools—readelf, objdump, gdb, ...https://dreaming-of-dragons.blogspot.com/2024/12/wherein-we-look-at-elf-executable-and.html
#ReverseEngineering #BinaryAnalysis #MalwareAnalysis #Cybersecurity #Programming #Debugging #InfoSec #CProgramming #GDB #objdump #Assembly
-
❄️Ready for the Advent of Radare? ❄️
--> https://radare.org/advent #aor24
Starting tomorrow, December 1st we will release every day a new article with general knowledge, tricks, scripts and challenges to solve with radare2 covering topics from #reverseengineering #forensics #firmwareanalysis #debugging #exploiting #binaryanalysis #lowlevel #assembly -
JFrog prevents massive Python supply chain attack with timely discovery
https://stackdiary.com/jfrog-prevents-massive-python-supply-chain-attack-with-timely-discovery/
#Python #JFrog #Security #TokenLeak #GitHub #Docker #SupplyChain #CodeSafety #Cybersecurity #DevOps #BinaryAnalysis #PyPI #SoftwareSecurity #TechAlert #DataProtection #CodingMishap #InfoSec #DeveloperTools #CloudSecurity #EthicalHacking #APISecrets #ContainerSecurity #BugBounty #WhiteHat #SecretScanning #PythonDev #IncidentResponse #ThreatPrevention #SecurityResearch #CyberVigilance
-
JFrog prevents massive Python supply chain attack with timely discovery
https://stackdiary.com/jfrog-prevents-massive-python-supply-chain-attack-with-timely-discovery/
#Python #JFrog #Security #TokenLeak #GitHub #Docker #SupplyChain #CodeSafety #Cybersecurity #DevOps #BinaryAnalysis #PyPI #SoftwareSecurity #TechAlert #DataProtection #CodingMishap #InfoSec #DeveloperTools #CloudSecurity #EthicalHacking #APISecrets #ContainerSecurity #BugBounty #WhiteHat #SecretScanning #PythonDev #IncidentResponse #ThreatPrevention #SecurityResearch #CyberVigilance
-
JFrog prevents massive Python supply chain attack with timely discovery
https://stackdiary.com/jfrog-prevents-massive-python-supply-chain-attack-with-timely-discovery/
#Python #JFrog #Security #TokenLeak #GitHub #Docker #SupplyChain #CodeSafety #Cybersecurity #DevOps #BinaryAnalysis #PyPI #SoftwareSecurity #TechAlert #DataProtection #CodingMishap #InfoSec #DeveloperTools #CloudSecurity #EthicalHacking #APISecrets #ContainerSecurity #BugBounty #WhiteHat #SecretScanning #PythonDev #IncidentResponse #ThreatPrevention #SecurityResearch #CyberVigilance
-
JFrog prevents massive Python supply chain attack with timely discovery
https://stackdiary.com/jfrog-prevents-massive-python-supply-chain-attack-with-timely-discovery/
#Python #JFrog #Security #TokenLeak #GitHub #Docker #SupplyChain #CodeSafety #Cybersecurity #DevOps #BinaryAnalysis #PyPI #SoftwareSecurity #TechAlert #DataProtection #CodingMishap #InfoSec #DeveloperTools #CloudSecurity #EthicalHacking #APISecrets #ContainerSecurity #BugBounty #WhiteHat #SecretScanning #PythonDev #IncidentResponse #ThreatPrevention #SecurityResearch #CyberVigilance
-
JFrog prevents massive Python supply chain attack with timely discovery
https://stackdiary.com/jfrog-prevents-massive-python-supply-chain-attack-with-timely-discovery/
#Python #JFrog #Security #TokenLeak #GitHub #Docker #SupplyChain #CodeSafety #Cybersecurity #DevOps #BinaryAnalysis #PyPI #SoftwareSecurity #TechAlert #DataProtection #CodingMishap #InfoSec #DeveloperTools #CloudSecurity #EthicalHacking #APISecrets #ContainerSecurity #BugBounty #WhiteHat #SecretScanning #PythonDev #IncidentResponse #ThreatPrevention #SecurityResearch #CyberVigilance
-
What are you using for #reverseengineering #reversing #binaryanalysis #malwareanalysis ?
(Boosts welcome)
-
[New Blog Post] DWARF Verification via Ghidra and CBMC #ghidra #verification #binaryanalysis #compiler https://www.philipzucker.com/pcode2c-dwarf/
-
Wow, we’ve just created our Mastodon account, and it is time for a short #introduction…
Hex-Rays is a hi-tech company focusing on #binaryanalysis software. Our main products are #IDAPro, #IDATeams, #IDAFree, and the #hexraysdecompiler.
We are excited to be here, and our intention is to publish valuable and practical resources/information that could help you in your daily work. Feel free to follow us and say “hello”!
-
Explore binaries using this full-featured Linux tool
#Linux
#Radare #Radare2
#BinaryAnalysis
#GapryBlogReadingList