📢 Incoming release: pyghidra‑mcp 🛠️ Meet your new RE best friend. Harness frontier models or a local gpt-oss-20b llm brain to power Ghidra multi‑binary, project‑wide analysis. You’ll be slicing through code like butter 🧈😆 ETA: imminent. Keep your shells warm 🔥🐙⚡🐉

Recon https://t.co/UdlFWJkDYg Conference: June 19 to 21 2026. More announcements coming soon.

PSA: If your #BinDiff workflow relies on a working BinExport for Ghidra, check https://t.co/MK5ycu7DW4.

If you're excited to see the WhatsApp bug thrown @thezdi - free to watch my talk from @reconmtl 2025 on 4 remote bugs I discovered last year! While they're not 0-click RCE - there are some remote corruption and funny logic bugs in there. https://t.co/N78H5QeNNZ

The #OBTS community is simply incredible!! 😍 From trainers & speakers to students & attendees, you made this the best #OBTS yet 🙏🏽 Photos, recordings & slides coming soon!

#OBTS was such a blast. It’s so fun meeting all the newcomers and hanging out with all the people I’ve met at previous ones. Big mahalo to my adoptive parents, the OG mum & dad, @patrickwardle and @andyrozen for putting on an incredible conference, year after year.

Another awesome #OBTS 🌴🏖️☀️in the books. It was an honor to speak again this year and share my research with this incredible community 🍎. Such a blast spending time with newcomers and old friends. There is truly no other conference like it. Huge shout out and thank you to both

Slides from my #OBTS v8 talk "Dylib Hijacking on macOS: Dead or Alive?" 🍎☠️🤔 https://t.co/57Pjtvlnzt Turns out that dylib hijacking is (still) alive and well on macOS (26 included) due to three issues/flaws in Apple's mitigations

We released part of Recon 2025 Video on youtube https://t.co/AR0vzkkVUP. We are getting ready to announce Recon 2026 https://t.co/WxAPSuMXrH.

Really impressive work from @clearbluejar, an agent-assisted, automated pipeline for root-causing Apple security updates! Appreciated the shoutout on CVE-2025-31235 ( https://t.co/q6OO3LlIwS) as well, and the analysis was spot on :)

At #OBTS John McIntosh (@clearbluejar) from @clearseclabs demo’d his pipeline that uses AI, ipsw and ghidriff to auto-extract and diff Apple firmware — rapidly reveals real code changes behind Apple security fixes and to get actionable root-cause intel. Super clever stuff!

https://t.co/1mMaSjQ0DK

pyghidra-mcp v0.1.11 “Reading Glasses” is here! Unlock raw memory reads with our new `read_bytes` tool, translate hex to ASCII instantly and extract strings or data directly from the address space. Thanks to Heino for the contribution! Evidence of this feature's utility:

🩻 Radiology report — After-talk: Reverse Engineering Apple Security Updates At #OBTS 🍏, @clearbluejar turned Apple’s updates from mystery to body scan. AI agents played the radiology techs:l. What took days of manual diffing now lands in minutes, and you leave with a

🩻 Patch Radiology — last talk before the break @ #OBTS 🍏 by @clearbluejar Apple’s security updates used to be a black box; today we ran imaging on them. Procedure: ipsw fetch → surgical extract of target binaries → ghidriff (Ghidra-powered) auto-diff → deltas mapped to

Off to catch a plane to #OBTS v8 ✈️😍 ...but first, just released some @objective_see tool updates with a myriad of (#OBTS relevant 👀) features: 1️⃣ LuLu: https://t.co/wGByHVHDqS 2️⃣ Dylib Hijack Scanner: https://t.co/3Qr4iKuOwh 3️⃣ What's Your Sign:

Paper: https://t.co/kG7sJcQEcH The field is moving fast and it’s fun to see open‑source tools like ghidriff shaping the research frontier. Come to #OBTS and see how this all comes together. https://t.co/yM0wid0mph #ReverseEngineering #AppleSecurity #BinaryTruth

Next week at #OBTS v8, I’ll take this one step further in my talk: “Reverse Engineering Apple Security Updates” - Automating patch triage with agentic diffing - Case studies like CVE‑2025‑43400 (FontParser) - Compressing analysis from days → minutes

Results? ✅ High‑precision malware detection ✅ Real‑world case studies (incl. XZ utils supply chain attack) ✅ Validation of a growing trend: diffs + reasoning agents = actionable insight

Their framework combines: 🔹 Binary diffing (via ghidriff) → isolate changed functions 🔹 LLM summarization → explain what those changes mean 🔹 Functional Sensitivity Score (FSS) → triage risky functions

New paper just dropped on arXiv featuring my open‑source tool #ghidriff 👀 "Binary Diff Summarization using Large Language Models" The authors show how patch diffing provides the perfect context for LLMs that turn raw binary changes into structured, explainable insights. 🧵