Takahiro Haruyama
@cci_forensics
唇亡歯寒
Due to some missing links on the conference web pages, I uploaded my conference talk pdfs for 10 years. Time flies. speakerdeck.com/takahiro_haruy…
Why do attackers love bootkits? 🔗Persistence + ♻️stealth. At the @REverseConf, Binarly REsearcher @cci_forensics shows how mapping common hook chains & persistence logic led us to six brand-new bootkits, three with ZERO anti-malware detections. 📺youtube.com/watch?v=pMZqvv…
hyper-reV: A powerful memory introspection & reverse engineering hypervisor leveraging Hyper-V. Read/write guest memory, SLAT hooks, and hide pages, all while evading detection. Supports Intel/AMD, tested on Win10/11. Check it out: github.com/noahware/hyper… #HyperV…
I'm happy to finally release NovaHypervisor! NovaHypervisor is a defensive hypervisor with the goal of protecting AV/EDR vendors and crucial kernel structures that are currently uncovered by VBS and PatchGuard. Full explanation below 1/6. github.com/Idov31/NovaHyp…
🐳 𝗣𝘀𝘀𝘁, 𝘆𝗼𝘂𝗿 𝗰𝗼𝗻𝘁𝗮𝗶𝗻𝗲𝗿 𝗶𝘀 𝗹𝗲𝗮𝗸𝗶𝗻𝗴 𝘀𝗲𝗰𝗿𝗲𝘁𝘀 𝗴𝗮𝗹𝗼𝗿𝗲 The Binarly REsearch examine more than 𝟴𝟬,𝟬𝟬𝟬 popular Docker Hub images (𝟭𝟯 𝗧𝗕 𝗮𝗰𝗿𝗼𝘀𝘀 𝟱𝟰 𝗼𝗿𝗴𝘀) and 𝗳𝗹𝗮𝗴𝗴𝗲𝗱 𝟳𝟱𝟳 𝘂𝗻𝗶𝗾𝘂𝗲 𝘀𝗲𝗰𝗿𝗲𝘁𝘀 ranging from generic…
Nvidia OSR (@AlexTereshkin, @Adam_pi3) reveals high-impact Supermicro BMC vulnerabilities (CVE-2024-10237/38/39). Binarly REsearch documenting the details: 👻Ghost in the Controller: Abusing Supermicro BMC Firmware Verification. Read the full story: binarly.io/blog/ghost-in-…
My #idalib based tools are featured in the latest @HexRaysSA blog! hex-rays.com/blog/4-powerfu…
🔎From Hidden Semantics to Structured Insights✨ By combining static analysis techniques and tailored heuristic improvements, we've significantly enhanced the precision of type inference, enabling more effective vulnerability triage. @pr0me @xorpse 👏 binarly.io/blog/type-infe…
Our talk at #BHUSA @BlackHatEvents Briefings has been accepted! This is a presentation on an initiative to make the BIOS usable even after the OS has booted, enabling malbehavior to occur solely within the BIOS, independent of the OS. blackhat.com/us-25/briefing…
The embargo (12:00 UTC 2025-06-10) is over, let's start a thread on Hydroph0bia (CVE-2025-4275), a trivial SecureBoot and FW updater signature bypass in almost any Insyde H2O-based UEFI firmware used since 2012 and still in use today. English writeup: coderush.me/hydroph0bia-pa…
Our research on Secure Boot keeps on giving! Today we disclose CVE-2025-3052, a Secure Boot bypass that started with vulnerable signed module found on VirusTotal and ended with 14 hashes added to dbx by Microsoft in today’s Patch Tuesday 🔥
🚨Binarly is documenting the discovery of CVE-2025-3052, a memory-corruption flaw in a Microsoft-signed UEFI module that lets attackers bypass Secure Boot and run unsigned code before the OS starts. 🔗 Full details: binarly.io/blog/another-c… 🛡️ Advisory: binarly.io/advisories/brl…
🚨Binarly is documenting the discovery of CVE-2025-3052, a memory-corruption flaw in a Microsoft-signed UEFI module that lets attackers bypass Secure Boot and run unsigned code before the OS starts. 🔗 Full details: binarly.io/blog/another-c… 🛡️ Advisory: binarly.io/advisories/brl…
My former colleague @DanaBehling is seeking new opportunities. She has deep expertise in malware and threat research and is dedicated to supporting her teammates. Highly recommended—feel free to reach out to me. Conference Talk: youtube.com/watch?v=rkujwR… Her blog:…
Binarly REsearch is proud to build & support two @HexRaysSA IDA plugin contest winners: 🔬 efiXplorer by @yeggorv plugins.hex-rays.com/binarly-io/efi… github.com/binarly-io/efi… 🦀 idalib by @xorpse plugins.hex-rays.com/binarly-io/ida… github.com/binarly-io/ida…
👋 Please join us in welcoming @RolfRolles as Hex-Rays’ new Chief Scientist! Rolf brings decades of RE expertise, with standout work in obfuscation, decompilation, and software protection. At Hex-Rays, he’ll lead research into next-gen decompilation and automated program…
We're are happy to announce a new release of our #Rust bindings for @HexRaysSA idalib. What's new: - New APIs for working with IDBs, segments, and more - Rust 2024 support - New homepage: idalib.rs H/T to our contributors @yeggorv & @0xdea github.com/binarly-io/ida…
The RE//verse YouTube channel is packed with talks from RE//verse 2025! Catch Takahiro’s deep dive into UEFI Bootkit Hunting: In-Depth Search for Unique Code Behavior here: youtu.be/pMZqvv_tKDs?fe… and be sure to subscribe so you don’t miss more like this!
Have you ever wondered "How do I found out who owns an IP address?" or "Who is the owner of these IP addresses?" A new @CuratedIntel resource is available. Check it out 👇 github.com/curated-intel/…
Binarly REsearch: 🧨67% of 21,610 firmware images still ship with an expired Intel PPAM certificate. @matrosov and @pagabuc dive into why key-rollover keeps failing in UEFI land. Fresh off their #RSAC2025 and #QPSS25 talks. 🔗binarly.io/blog/repeatabl… youtube.com/watch?v=TnECRM…