[Talk::Overflow #19] RE//verse 2025 Tech Talks
Reverse Engineering at the Intersection of Hardware, Software, and Security
RE//verse 2025 took place February 28 - March 1 in Orlando, Florida, marking the inaugural reverse engineering conference organized by Vector 35 (creators of Binary Ninja). The conference brought together nearly 250 reverse engineers, vulnerability researchers, and malware analysts for two days of technical talks spanning hardware hacking, firmware analysis, vulnerability discovery, and advanced decompilation techniques. This wasn’t a conference about theoretical security—it was about the practical, often painstaking work of understanding systems at the binary level.
As software complexity grows and supply chain attacks increase, understanding how systems actually work—not how they’re documented—becomes essential. RE//verse 2025 reflected this reality: talks covered everything from automotive firmware to Xbox hardware, from Rust type reconstruction to JVM dynamic analysis. The conference showed where the reverse engineering community is investing: automation tooling, hardware/software co-analysis, and techniques for handling modern languages and architectures that traditional RE tools struggle with.
The talks weren’t about proving concepts—they were about shipping tools, publishing findings, and solving real problems. Whether it’s analyzing malware, finding vulnerabilities, or understanding proprietary systems, reverse engineers need practical techniques that work at scale. RE//verse 2025 delivered exactly that.
Top 5 Talks
There & Back Again: Full-stack Reverse Engineering of the Original Microsoft Xbox — Markus Gaasedelen
Markus Gaasedelen delivers the highest-rated talk at RE//verse 2025, chronicling a three-year journey reverse engineering the original 2001 Microsoft Xbox. This isn’t just software RE—it’s a masterclass in full-stack analysis combining hardware techniques (PCB interposers, X-rays, bond wire manipulation) with software exploitation and emulation. Gaasedelen shows how modern reverse engineering requires interdisciplinary expertise, moving beyond traditional disassembly into hardware engineering, signal analysis, and silicon-level attacks. For reverse engineers working on embedded systems or proprietary hardware, this talk demonstrates what’s possible when you expand beyond software-only analysis. The techniques shown here—CPU interposers, signal tuning, emulation strategies—apply directly to modern IoT, automotive, and embedded device analysis.
How to Find Fully-Remote Bugs (with Reverse Engineering) — Natalie Silvanovich
Natalie Silvanovich, Google Project Zero researcher, delivers a keynote on vulnerability discovery workflows. The talk covers her systematic approach to finding fully-remote bugs through reverse engineering, focusing on understanding attack surfaces and mining zero-days. Silvanovich warns against the lure of “cool” findings while acknowledging their appeal—a pragmatic perspective that resonates with vulnerability researchers balancing discovery with impact. For security researchers and bug hunters, this talk provides a rare look into the methodology behind Project Zero’s success. The workflow insights—how to prioritize targets, what to look for, how to validate findings—are directly applicable to any vulnerability research program.
What 20 Years of RE Practice and Tool Research Feels Like It’s Done — Andrew Ruef
Andrew Ruef’s keynote spans 20 years of reverse engineering practice, beginning with neuroscience and concluding with a challenge directed at reverse engineering tool developers. This isn’t a technical deep-dive—it’s a reflection on how RE tooling has evolved, what’s worked, and where the field needs to go. For tool developers and framework authors, this talk provides perspective on the long-term challenges of building RE infrastructure. The neuroscience connection isn’t just a hook—it reveals how understanding complex systems (biological or digital) requires similar analytical approaches. If you’re building RE tools, contributing to open-source frameworks, or thinking about the future of decompilation, this talk offers essential context on what the community needs.
Reconstructing Rust Types: A Practical Guide for Reverse Engineers — Cindy Xiao
Cindy Xiao provides a practical guide for reverse engineers facing Rust binaries—a growing challenge as Rust adoption increases. The talk covers the Rust type system, standard library types, and techniques for recovering type information from compiled binaries. Xiao demonstrates how Rust’s zero-cost abstractions and ownership model create unique challenges for decompilation, then shows practical approaches for reconstructing types using source code, disassembly, and compiler optimization patterns. For reverse engineers encountering Rust in malware, firmware, or proprietary software, this talk is essential viewing. The techniques shown—identifying Rust-specific patterns, recovering type layouts, handling compiler optimizations—are directly applicable to real-world analysis.
Dynamic Analysis of JVM processes — Marc Schoenefeld
Marc Schoenefeld presents techniques for dynamically analyzing Java bytecode programs on the JVM, addressing limitations of static decompilation. The talk covers custom event recording, ClassFile API agent hooks, and approaches for overcoming the challenges of analyzing Java applications at runtime. For reverse engineers working with Java malware, enterprise applications, or Android apps, static analysis often isn’t enough—you need dynamic techniques to understand control flow, data structures, and runtime behavior. Schoenefeld’s approach shows how to instrument JVM processes effectively, providing a blueprint for building custom analysis tools. The techniques apply directly to any scenario where static decompilation falls short.
TL;DR — All Remaining Talks
Rethinking Emulation for Fu(zzi)n(g) and Profit: Near-Native Rehosting for Embedded ARM Firmware — Lukas Seidel
Lukas Seidel introduces SAFIREFUZZ, a framework for near-native rehosting of embedded ARM firmware that achieves 690x throughput increase during fuzzing campaigns. The talk demonstrates how to run embedded firmware as a Linux userspace process, bypassing traditional emulation overhead. Seidel argues that traditional emulation solutions like QEMU weren’t designed with fuzzing performance in mind, leading to significant bottlenecks when analyzing embedded systems at scale. The near-native rehosting approach involves lifting and rewriting ARM instructions to run directly on high-performance systems sharing the same instruction set family. This methodology enables security researchers to achieve dramatically higher fuzzing throughput while maintaining compatibility with existing analysis tools. For reverse engineers working on embedded firmware security, SAFIREFUZZ provides a practical path to scaling fuzzing campaigns beyond what traditional emulation allows. The framework’s performance gains make it feasible to discover vulnerabilities in embedded systems that would otherwise be impractical to analyze.
Making sense of your car: Reverse engineering AUTOSAR Classic firmware — Martin Petran
Martin Petran guides viewers through reverse engineering automotive ECU firmware built with the AUTOSAR Classic standard, demonstrating both manual approaches and automated techniques. The talk includes the release of a Binary Ninja plugin for automating AUTOSAR firmware analysis. Petran addresses the challenge of navigating the large number of functions in seemingly simple automotive devices, showing how the AUTOSAR platform’s standardized architecture can be leveraged for systematic analysis. The presentation covers both manual reverse engineering techniques for understanding ECU behavior and automated approaches for identifying points of interest at scale. For security researchers working on automotive systems, this talk provides essential context on how AUTOSAR’s structure differs from traditional embedded firmware and how to adapt analysis workflows accordingly. The Binary Ninja plugin release makes it practical for reverse engineers to apply these techniques without building custom tooling from scratch. The talk demonstrates real-world firmware examples, showing how to reduce complexity when analyzing modern automotive software.
Buccaneers of the Binary: Plundering Compiler Optimizations for Decompilation Treasure — Zion Leonahenahe Basque
Zion Basque discusses compiler optimizations in decompilation and techniques to reverse their effects, based on research on the SAILR algorithm presented at USENIX 2024. The talk covers practical approaches for handling optimized binaries in decompilation workflows. Basque explains how modern compilers apply aggressive optimizations that transform code in ways that make traditional decompilation techniques struggle to produce readable output. The SAILR algorithm research demonstrates how to identify and reverse these optimization patterns, enabling decompilers to produce more accurate and understandable code. For reverse engineers working with optimized binaries, this talk provides concrete techniques for understanding what optimizations have been applied and how to account for them during analysis. The practical approaches shown here apply directly to real-world scenarios where decompilation quality matters—malware analysis, vulnerability research, and understanding proprietary software. The talk bridges the gap between compiler theory and practical reverse engineering, showing how understanding optimization passes can improve decompilation results.
Pyda: Write dynamic binary analysis tools in Python — Andrew Haberlandt
Andrew Haberlandt introduces Pyda, a framework that simplifies writing dynamic instrumentation tools in Python, built on top of DynamoRIO. The talk demonstrates how to replace traditional debugging workflows with Python-based instrumentation, making dynamic binary analysis accessible to non-experts. Pyda extends a pwntools-style interface with runtime “hooks” that can modify registers and memory or redirect execution, supporting both X86 and ARM64 architectures. The framework includes a built-in compiler for inlining complex, performance-sensitive instrumentation, addressing the performance concerns that often limit Python-based analysis tools. For reverse engineers who find frameworks like Frida, Intel PIN, and DynamoRIO too complex, Pyda provides a more approachable entry point to dynamic instrumentation. The talk shows practical examples of using Pyda to solve CTF challenges and replace traditional GDB scripting workflows. This makes dynamic analysis accessible to engineers who might otherwise stick to static techniques due to tooling complexity.
Standing on the Shoulders of Giants: De-Obfuscating WebAssembly using LLVM — Vikas Gupta & Peter Garba
Vikas Gupta and Peter Garba present a methodology for de-obfuscating WebAssembly code by leveraging LLVM’s code optimization infrastructure. The approach is language and platform agnostic, applicable to any obfuscated code beyond just Wasm. The talk covers essential Wasm internals from a reverse engineering perspective, introducing obfuscation techniques commonly used to protect WebAssembly code. Gupta and Garba demonstrate how LLVM’s extensive code optimization techniques can be harnessed to simplify diverse obfuscation methods, progressing from simple to complex obfuscation scenarios. For reverse engineers encountering obfuscated Wasm in malware or web applications, this talk provides a systematic approach that doesn’t rely on pattern-based simplification rules. The methodology shows how compiler infrastructure designed for optimization can be repurposed for de-obfuscation, making it applicable to any obfuscated code that can be lifted to LLVM IR. The techniques presented here are directly applicable to real-world scenarios where obfuscated Wasm is used to hide malicious behavior or protect intellectual property.
UEFI Bootkit Hunting: In-Depth Search for Unique Code Behavior — Takahiro Haruyama
Takahiro Haruyama presents a novel methodology for detecting UEFI bootkits by analyzing their unique code behaviors. The research examined existing bootkits to identify common characteristics and developed generic detection techniques using Yara and FwHunt rules, discovering six previously unidentified bootkit samples. The study conducted an in-depth analysis of known bootkits including Lojax, MosaicRegressor, MoonBounce, CosmicStrand, ESPecter, and BlackLotus, identifying common code characteristics such as hook chains and persistence mechanisms. Haruyama’s approach focuses on code similarity and generic detection techniques rather than signature-based methods, making it effective against previously unknown threats. The research used VirusTotal retrohunts and Binarly Risk Hunt telemetry data to validate the detection methodology, demonstrating its effectiveness at scale. For security researchers and incident responders, this talk provides practical techniques for detecting firmware-level threats that traditional endpoint security often misses. The discovery of six previously unidentified bootkit samples highlights the gap in existing security solutions and demonstrates the value of behavioral analysis for firmware threats.
Streamlining Firmware Analysis with Inter-Image Call Graphs and Decompilation — Robin David
Robin David introduces “inter-image” call graphs that represent call relationships across an entire filesystem as a single graph. The talk demonstrates how to use Quokka and Numbat to create a “fractal firmware analysis” methodology that bridges the gap between binary/assembly and source code tools. The approach maps which functions call others across binaries using disassembly data rather than relying on import/export relationships in dynamically linked binaries, making it effective for embedded firmware analysis. David addresses scalability limitations with traditional SQLite databases by presenting a fractal analysis methodology that enables traversing the inter-image call graph across all binaries while zooming into specific executables for detailed decompiled code exploration. For reverse engineers working on firmware analysis, this talk provides a systematic approach to understanding complex embedded systems where traditional single-binary analysis falls short. The open-source tools Quokka and Numbat interface with Sourcetrail’s graph database for visualization, making it practical to apply these techniques without building custom infrastructure. The methodology enables more advanced analyses and data representations that improve reverse engineering workflows for embedded systems.
Code reuse and attribution: best friends and worst enemies — Max Kersten
Max Kersten discusses the challenges and opportunities of code reuse in reverse engineering, exploring how code attribution can be both a powerful tool for understanding software relationships and a source of complexity when tracing code origins across projects. The talk addresses how code copying and reuse patterns in software development create both opportunities for analysis and challenges for accurate attribution. Kersten explores techniques for detecting code reuse at scale, showing how understanding software relationships can reveal important insights about code origins, dependencies, and potential security implications. For reverse engineers analyzing malware or proprietary software, code attribution provides a way to understand where code comes from and how different projects relate to each other. However, the talk also acknowledges the complexity that arises when code has been copied, modified, or evolved across multiple projects, making accurate attribution difficult. The presentation provides practical guidance on when code attribution helps analysis and when it introduces unnecessary complexity, helping reverse engineers make informed decisions about when to invest in attribution efforts.
SIMsalabim - Blitz and tricks with SIM cards — Marius Muench & Tomasz Lisowski
Marius Muench and Tomasz Lisowski present techniques for reverse engineering and analyzing SIM cards, covering hardware interfaces, protocol analysis, and practical tricks for security researchers working with cellular infrastructure and embedded SIM systems. The talk demonstrates how to interface with SIM cards at the hardware level, covering the physical connections and electrical signaling required to communicate with these embedded systems. Muench and Lisowski explore protocol analysis techniques for understanding the communication protocols used by SIM cards, showing how to decode and analyze the data exchanged between SIM cards and cellular infrastructure. For security researchers working on mobile security, IoT devices, or cellular infrastructure analysis, this talk provides essential techniques for understanding how SIM cards function and how to analyze them. The practical tricks presented here are directly applicable to scenarios where understanding SIM card behavior is necessary for security research or vulnerability discovery. The talk bridges the gap between hardware-level analysis and protocol understanding, providing a comprehensive approach to SIM card reverse engineering.
Langs Beyond The C — Florian Magin & Angelo DeLuca
Florian Magin and Angelo DeLuca explore reverse engineering challenges and techniques for modern programming languages beyond C and C++, addressing how decompilation and analysis approaches must adapt to handle languages with different memory models, type systems, and compilation strategies. The talk covers how languages like Rust, Go, Swift, and modern JVM languages present unique challenges for reverse engineers accustomed to analyzing C and C++ binaries. Magin and DeLuca demonstrate how different memory models—from Rust’s ownership system to Go’s garbage-collected heap—affect how code is compiled and how it must be analyzed. The presentation shows how type systems in modern languages create different artifacts in compiled binaries, requiring reverse engineers to understand language-specific patterns and conventions. For reverse engineers encountering modern language binaries in malware, firmware, or proprietary software, this talk provides essential context on how to adapt traditional analysis techniques. The talk addresses compilation strategies that differ from traditional C/C++ compilation, showing how understanding these differences is crucial for effective reverse engineering. The techniques presented here are directly applicable to real-world scenarios where modern language binaries are increasingly common.
💬 Like what you read?
You’re reading [Talk::Overflow #19] RE//verse 2025 Tech Talks — the weekly digest for developers who want to stay sharp and skip the noise.
→ Browse past issues
→ Suggest a talk
→ Share it with the friends
Stay curious. Stay kind.
— Talk::Overflow