At the 2025 @ACSAC_Conf a subgroup of @shellphish from ASU and University of Hawaii at Manoa put together a banger CTF, themed after the legendary navigator Hawaiʻiloa, who found Hawaiʻi by following the stars. Play our CTF on pwn.college: pwn.college/acsac-ct...
BinSync has remained the main way to synchronize reversing across multiple people and decompilers (IDA, Binja, Ghidra, angr). It supports science, new plugins, and is active.
Show your love as we compete in @HexRaysSA plugin contest this year 👍 🔁.
Happy New Year's Eve! Our tool for placing decompilation (symbols, source, types) into the debugger (gdb) is now officially integrated into pwndbg! You will have access to it (decomp2dbg) in your next default install of pwndbg 🎉
Happy hacking:
Finally, I can't emphasize how much of a team effort this was! @packm4d @adamdoupe @Zardus @losiouk @cl4sm @AnantaSoneji Simone, and Fish made this possible.
We look forward to continuing to deeply understand RE and how LLMs may play a role in it.
If you care about RE, hacking, or human-AI teaming, go check out the full paper. Additionally, if you just want to mess with the same LLM interface participants had (DAILA), check the code below:
Paper: www.zionbasque.com/f...
Code: github.com/mahaloz/D...
Auto-generated names and comments didn’t improve understanding.
Only artifacts created by humans correlated with comprehension.
Sometimes, the act of naming matters more than the name itself. That is often mutually exclusive from MCP-based solutions in this space.
Even rare hallucinations were dangerous.
A few false vulnerability reports completely derailed participants, sending people chasing bugs that didn’t exist (for a while).
We emphasize that in RE, where you speculate often, an untrustworthy speculator can waste a lot of time
Experts got negligible gains.
They offloaded known algorithms, then spent more time on custom logic.
LLMs summarize. Humans still do the hard reasoning.
We speculate that to shift this dynamic and actually help experts, new LLM collaboration methods are needed (like better MCP)
Novices using LLMs reached expert-level reversing rates.
Not necessarily because they reasoned better, but because LLMs give fast semantic orientation “for free," which often only comes to experts.
But if people got better at that first glance, did experts really gain anything?
First, a lot of reverse engineering is front-loaded, and LLMs do well at that task.
The very first glance (a few seconds) at a function often played a large role in determining success in understanding it.
LLMs are very good at surfacing more information on that first visit.
We implemented an LLM plugin and instrumented a decompiler to track everything:
function visits, renames, types, comments, and every LLM interaction.
48 participants (experts + novices) solved 2 CTF binaries
-> 109 hours of recorded reversing, all in-browser via @pwncollege.
Do LLMs actually help hackers reverse engineer and understand the software they want to exploit?
We ran the first fine-grained human study of LLMs + reverse engineering.
To appear at NDSS 2026.
Interested? Some quick findings in 🧵👇
Paper: www.zionbasque.com/f...
If you're around at ACSAC today through Friday, come say hi, and we can yap about cool program analysis techniques. I'll also be around to host the 2nd ACSAC CTF, which we will announce more about tomorrow 🔥.
Pixel Zion
Zion
It's been quite some time since I've changed my profile picture, but it feels right. Ideally, it is now easier to recognize me at conferences. I'm no longer the pixel guy!
Looking forward to more changes as I move forward in my research and career.
You've seen the trends in AIxCC: LLMs can hack source, find vulns, and patch them. But what about on binaries without source? Do decompilers close the gap, or is there more to grow?
Come see my talk at DistrctCon where I merge and dissect these two fields: AI Hacking + Decomp.
It's been about a week since we completed DARPA's AIxCC, where we came in 5th and had the most accurate autonomous patching system in the competition. In the coming days, I'll be describing how we achieved it on the patching side. Stay tuned.
Our CRS:
It's hard to believe that AIxCC is coming to a close. For us, it can be summarized in $3 million in funding, 2 years of work, and 290k LoC.
Our system, Artiphishell, is a first step towards AI-driven software understanding and action. Excited to hear the results at DEFCON!
Almost out of time to submit! We're looking for all cutting-edge research in the area of reversing and understanding software. Join us in changing the status quo of understanding programs.
Photo credz @richinseattle
I am very grateful to have been part of the panel at REcon. Like last year, I find myself leaving @reconmtl inspired and motivated to keep pushing forward in my research. Thanks again for all the awesome conversations, everyone. Hope to see you all next year.
As is workshop tradition, we will be extending the deadline for our CFP until July 7th (hard deadline). We're excited to see the work you all have cooking 🧑🍳🔥
🔎🛠️ Calling all reverse engineers & code explorers! Bring the research that cracks open the secrets of programs to #SURE25. CFP closes in 3 weeks—submit now and help shape the future of Software Understanding & Reverse Engineering.
sure-workshop.org/
What does it mean to be a hacker? This semester, I taught a hacker history and culture class, which was a blast. In one assignment, my students paid tribute to the classic @phrack Pro-Phile -- a small bio on a famous hacker. Check out their pieces: cse194.mahaloz.re/pr...
If you follow me for my decompiler work, you'll know that I'm always trying to push the field forward. I see SURE as a perfect place for many diverse research topics, especially decompilation research. Please come and share your fantastic work.
I'm proud to announce that myself and @AtipriyaBajaj have created the Workshop on Software Understanding and Reverse Engineering (SURE), which will be co-located at CCS 2025. sure-workshop.org/
Please follow our workshop account @sureworkshop and RT it for visibility :).
New updates to the Decompilation Wiki by harpend (on GitHub). We have a new in-depth Switch structuring section and a new Loop Reduction section.
decompilation.wiki/f...
If you are looking for my slides from my Reverse talk, you can find it and useful artifacts here: github.com/mahaloz/t...
Heard a lot of people wondering how good RE//Verse
would be, and I can say...
It's been awesome.
Similar in vibe to Infiltrate and OffensiveCon, plus a super positive hosting crew.
Great talks so far, I'm biased but really liked @mahal0z.bsky.social 's on improving decompilation ⛵
2024 was a significant year for decompilation, constituting a possible resurgence in the field. Major talks, the thirty-year anniversary of research, movements in AI, and an all-time high for top publications in decompilation.
Join me for a retrospective:
mahaloz.re/dec-progr...
Set sail into the rocky seas of compiler optimizations! Zion Basque (@mahal0z.bsky.social) explores how optimizations wreak havoc on decompilers and how to reverse them. Learn about the new angr decompiler & innovations to tackle ugly decompilations! https://re-verse.sessionize.com/session/776160
