Let Me Cook You a Vulnerability: Exploiting the Thermomix TM5 Related Work The Thermomix TM5 has previously drawn the attention of the security community, notably through research presented by Jean-Michel Besnard at SSTIC 2019 [1], which described a code execut

I love this kind of analysis 😍 Well done!
Exploiting the Thermomix.

Hey @synacktiv.com can you cook me a chocolate cake? ;-)

www.synacktiv.com/en/publicati...

My blog post on how AI is reshaping malware and malware analysis is out: www.fortinet.com/blog/threat-...

Examples on Linux/Trigona, Linux/Prometei, Linux/Ladvix and Android/SpyLoan.

Enjoy.

#malware #r2ai #r2 #claude #delphi #trigona #rust #flutter

New Malware Embeds Prompt Injection to Evade AI Detection - Check Point Research Detected for the first time, malware attempts AI evasion by injecting a prompt to tell the LLM to label the file as benign

Normally, I don't do Windows malware ;P
This blog post sparked special interest research.checkpoint.com/2025/ai-evas...

Although after this interesting read, I still wondered how the prompt was launched, exactly what for, and also what the malware did globally. So, did my own research.

YouTube video by aafortinet Reverse engineering W32/SkyAI with r2ai

If you want to follow (part) of the live reversing I did with r2ai, head here: youtu.be/o47QNN2Udto

W32/SkyAI uses AI? So do I. A new sample, named W32/SkyAI (or Topozuy, or Skynet), has recently emerged, showing use of a AI prompt bypass attempt. Perfect occasion to…

W32/SkyAI uses AI? So do I.

cryptax.medium.com/w32-skyai-us...

- Where the malware loads the AI prompt, what for, why it fails.
- How to find the encryption key with AI
- Extract & decrypt the embedded PE
- How the malware checks if it's on a VM
- R2ai tips when curl argument is too long

table des matières

Le nouveau zine de @b0rk.jvns.ca : Les règles secrètes du terminal

👉 jvns.ca/blog/2025/06...

GitHub - cryptax/pico-controller: A web server that animates Pico le Croco A web server that animates Pico le Croco. Contribute to cryptax/pico-controller development by creating an account on GitHub.

Mon code github.com/cryptax/pico...

Je contrôle les yeux et les sourcils de Pico + il peut parler avec une bulle de BD.
Rien de plus. Le contrôle via une manette n'est pas implémenté. Chez @tixlegeek.bsky.social, c'est bien plus avancé (synchro bouche par ex), j'en suis loin.

YouTube video by Laluka EP 193 | IOT & RADIO-HACKING Ft. @tixlegeek @FlUxIuS @virtualabsTechno-Watch

L'épisode 193 www.youtube.com/watch?v=B7oR... vers 1h40 (mais tout est intéressant dans cet épisode, une pépite !)

J'ai repris l'idée d'utiliser un serveur web et de mettre ça en source dans OBS. Après l'implémentation même du serveur est sans doute différente, chez moi en Python (Flask)

Vous connaissez les vidéos de @tixlegeek.bsky.social ? Avec cet adorable Tux animé ? Ben, ça me faisait trop envie. Alors j'ai fait pareil avec Pico le Croco ! J'ai repris les explications de
@tixlegeek.bsky.social dans le Twitch @laluka.bsky.social EP 193, et j'ai codé pour Pico :)

Today!

Très intéressant, notamment le freinage régénératif.
Je suis plus mitigée sur le "pas de transmission". Certes, la chaine ne peut plus rouiller, ou déraillement, mais l'électronique dure moins que la mécanique pour l'instant...
Enfin, hum le poids et le prix ;) Mais c'est un début !

🧪 ph0wn Lab #3 : Dynamic Binary Emulation with Qiling présenté par Nicolas Rouviere, Cyber Threat Hunter | SHL (Sophia Hack Lab) 🧪 ph0wn Lab #3 : Dynamic Binary Emulation with Qiling présenté par Nicolas Rouviere, Cyber Threat Hunter 💻 Vous en avez assez de devoir monter des machines virtuelles à chaque analyse dynamique ? Vou...

Link to the event on LinkedIn: www.linkedin.com/feed/update/...

Nicolas Rouvière, of Ph0wn and SHL, will show you how to use Qiling in practice, for dynamic binary emulation. Don't miss it: on-site at SHL (Vallauris), June 19 at 7pm.

In 2024, Nicolas used Qiling to solve the Ph0wn CTF teaser. See how here: github.com/ph0wn/writeu...

#qiling #CTF #binary

Hey, I'd like to share the best talks/papers/videos/tools/CTF challenges I encountered in 2025 H1.

This is the official "Cryptax Award 2025 H1" (lol). Congrats!

cryptax.github.io/nomination-2...

cc: @elbsides.bsky.social @northsec.io @radareorg.bsky.social @bsideskrs.bsky.social

How many times will I have to say this?

Antivirus is not stupid and does NOT rely on fixed hashes or whatever to detect malware.
This is an outdated myth from prehistoric times.

Malware "signatures" understand binary formats + assembly and can easily dynamically detect variants.

Wow this time it went so fast I didn't even ser they Were out !!

Keynotes are a difficult exercises (for me). I'll be closing the @elbsides.bsky.social conference tomorrow with a *Quizz* keynote on how AI is used by malware authors (attack) and malware analysts (defense).

I even hope to have time for a short demo :)

#AI #malware #keynote #elbsides

📣 📣 Elbsides 2025 conference is fully booked 📣 📣

Really looking forward to seeing a full conference room on Friday and listening to our wonderful speakers presenting their latest insights.

#Elbsides2025 #Infosec #Cybersecurity #Hamburg

Ha ha 😂

r2ai does that in the automatic mode. It's tedious, I agree, to be asked for every single move, but if you're working on malware, it's the only way.

#radare2 #r2ai #mcp 2/2

MCP should ask for user approval for each of its steps. And I mean not just high level questions "are you ok that I rename this file?" but we need to see exactly what is going to run on our host: e.g. "mv file1 file2", and only that can get executed.

1/2

GitHub MCP Exploited: Accessing private repositories via MCP We showcase a critical vulnerability with the official GitHub MCP server, allowing attackers to access private repository data. The vulnerability is among the first discovered by Invariant's security ...

Interesting read: invariantlabs.ai/blog/mcp-git...

It shows how GitHub MCP can be exploited to leak private information. You create a dummy issue with a prompt that asks to leak the information, and there it goes.

📣 📝 We are proud to announce the #r2con2025 call for papers! Expect it online and around Nov/Dec! Submit your talk proposals and stay tuned for updates!
👉 radare.org/con/2025

Can't wait until next Friday for Elbsides 2025 to happen.
Don't miss this opportunity to get inspired, informed and connect.

We are nearly sold out - register now to be part of the #ITSecurity community in #Hamburg on June13th.

www.elbsides.eu/2025/registr...

#Elbsides2025 #Infosec #Cybersecurity

C'est plus compliqué que ça. Probablement il ne veut pas vraiment jouer aux playmobil, a du mal à socialiser avec les enfants de son âge, n'est pas super bien dans sa peau etc. Donc bref, je n'aimerais pas, mais je critique pas.

Cette semaine à #SSTIC2025, j’ai co-présenté notre talk la prise de contrôle à distance d’un système d’infodivertissement via Bluetooth 🚗📡 Slides & vidéo : www.sstic.org/2025/present...

Just captured all flags of the Badge CTF at @bsideskrs.bsky.social :)

A fun badge based on RP2040 :)

sauf que ce ne sont pas les memes skills. Il est possible que des juniors sachent mieux prompter que des seniors par ex... mais oui c'est complexe !

Je suis d'accord sur le point 1 et 2. Sur le 3 et 4, ça dépend de ton prompt... Et du dev junior :D

@uybhys.bsky.social j'ai eu peur unlockyourbrain.bzh/cfp/ : "Vous pouvez proposer des interventions jusqu’au 1er juin 2025 00:00 (Europe/Paris) !" mais heureusement ça semble être "You can enter proposals until 2025-06-30 00:00"