Jesko Hüttenhain's Avatar

Jesko Hüttenhain

@rattle.im

Too much technology, in too little time.

19
Followers 14
Following 7
Posts 31.03.2025
Joined
Posts Following

Latest posts by Jesko Hüttenhain @rattle.im

Preview
GitHub - binref/refinery: High Octane Triage Analysis High Octane Triage Analysis. Contribute to binref/refinery development by creating an account on GitHub.

Announcing #BinaryRefinery 0.10.0 [BR]. Includes some (hopefully) notable performance improvements and quite a few bug fixes. It also adds a prototype batch parser/emulator which aspires to become a proper batch deobfuscator in future releases.

[BR] github.com/binref/refin...

23.02.2026 19:35 👍 0 🔁 0 💬 0 📌 0
Post image

If you like binary refinery, check out this sample
It's also mostly undetected yet on VT:
samplepedia.cc/sample/361f2...

23.01.2026 19:13 👍 4 🔁 1 💬 0 📌 1
Preview
Security Researcher, Malware Triage (Remote) As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, ...

There is an open position on my team:
crowdstrike.wd5.myworkdayjobs.com/en-CA/crowds...
While this is not currently listed here, I am certain that U.S. remote is an option and if you're in Canada, I strongly expect that this would work as well.

24.01.2026 17:25 👍 0 🔁 0 💬 0 📌 0
Post image Post image

I have created a website, where you can share your sample analysis (via links or posts) and search samples for training based on tags and difficulty.

If you write analysis blogs, you can share them there.
samplepedia.cc

04.01.2026 05:53 👍 14 🔁 7 💬 0 📌 1

Let's talk #windows #registry.
⚠️ HKLM\Reg\Key\Value
Value could be a subkey 😭
⚠️ HKLM\Reg\Key:Value
Key names can contain colons 😭
💎 HKLM\Reg\Key\\Value
This works unambiguously 🤩
(not the first to realize)
BUT WHY ISN'T THIS STANDARD NOTATION 😭

25.11.2025 19:56 👍 0 🔁 0 💬 0 📌 0
Preview
Decoder Loop | Reverse Engineering Training Decoder Loop | Reverse Engineering Training

The amazing @cxiao.net is offering training at decoderloop.com for
#Rust #Malware #ReverseEngineering 😱
Her insight is absolutely priceless, she's taught me all I know about this. If you are organizing an event: This is the state-of-the-art training you are looking for.

17.10.2025 06:32 👍 6 🔁 3 💬 1 📌 0

Good news, the intermediate malware analysis course is almost finished.

I have currently a test student working through the course to get rid of mistakes that I do not notice.

04.08.2025 03:56 👍 6 🔁 1 💬 1 📌 0

Tips for newcomers to malware blog articles:

➡️You don't need to document every malware function. Focus on key areas
➡️Your text must be factually correct and it is okay to skip those details you are unsure about
➡️When you are done, just stop writing

29.06.2025 06:35 👍 5 🔁 1 💬 1 📌 0

Finally, I have finally fixed the annoying issue that I ran into on the stream with passing arguments to path extractor units that match a file on disk. Starting with v0.8.24, these arguments will no longer read file contents by default.

20.06.2025 13:03 👍 0 🔁 0 💬 0 📌 0

The main problems were caused by running an old version of pip in WSL, which caused an old version of LIEF to be installed, hence failing to parse executable formats. The 'solution' is to add a stricter version requirement for LIEF and improve the documentation to include a pip update.

20.06.2025 13:03 👍 0 🔁 0 💬 1 📌 0

I just pushed out #BinaryRefinery v0.8.24 which fixes all the issues I encountered during my recent live stream =D.

20.06.2025 13:02 👍 1 🔁 0 💬 1 📌 0