Mythos found a 17-year-old FreeBSD RCE; AISLE reproduced it with gpt-5.4-nano via their nano-analyzer pipeline. I ran the pipeline on two local open-weight models, gpt-oss-20b and gemma-4-31b-it. The misses recovered on re-run. The real problem was the false-positive rate, and one extra system stage cut it from 30 to 5 with the CVE still standing.

pyghidra-mcp v0.2.0 ships a GUI-backed mode that lets a local LLM drive a live Ghidra CodeBrowser at full project scope. Renames, plate comments, and cross-binary pivots land in real time, with every edit tagged in Ghidra's undo history while the session is alive.

Dive into how LLMs and pyghidra-mcp accelerate reverse engineering by tracing a UAF vulnerability in CLFS through a patch diff.

Unlock project-wide, multi-binary analysis with pyghidra-mcp, a headless Ghidra MCP server for automated, LLM-assisted reverse engineering.

Reverse engineering binaries often resembles digital archaeology: excavating layers of compiled code, interpreting obscured logic, and painstakingly naming countless functions and variables.

This post, another lesson from the “Everyday Ghidra” series, walks through the process of configuring Ghidra to automatically download symbols from well known public symbol servers

In reverse engineering a closed-source binary using Ghidra or other software reverse engineering frameworks, a key objective is to retrieve information that clarifies the disassembled code. This involves identifying function names, prototypes, data types, constants, and enums. These elements, symbolized as human-readable identifiers, simplify both programming and reverse engineering by providing a more intuitive representation of the program’s state, akin to using a high level language versus assembly code. Leveraging these symbols within Ghidra can significantly aid in understanding the program’s behavior.

Patch Diffing CVE-2024-20696 Windows Libarchive Remote Code Execution Vulnerability

As seen in most security blog posts today, binary diffing tools are essential for reverse engineering, vulnerability research, and malware analysis. Patch diffing is a technique widely used to identify changes across versions of binaries as related to security patches. By diffing two binaries, a security researcher can dig deeper into the latest CVEs and patched vulnerabilities to understand their root cause. This post presents Ghidriff, a new open-source Python package that offers a command-line binary diffing capability leveraging the power of the Ghidra Software Reverse Engineering (SRE) Framework with a fresh take on the standard patch diffing workflow.

Debugging an application can provide the insight needed troubleshoot a subtle bug in your software. Normally, when debugging, you have source code and data type information (aka symbols) to help navigate your application. In the world of Reverse Engineering closed source applications, you won’t have the needed information to debug your application. Don’t worry, Ghidra has you. **Decompilation debugging lets you pretend like every program comes with source.** In this post, we will see how the Ghidra Debugger integrates with the Ghidra Code Browser, allowing you to step through the pseudo-code of the program you are debugging.