binautopsy · 0x00400420confidentialv24.04 · sha 9f4e…a2c1pgp 0x4E61 7574
LIVE · incident intake operational pgp 9F4E A2C1 42B0 7D88 lat EU-SW · 42ms tz UTC+01 · AD
uptime 99.98% queue 3 active · 2 pending last note · 2026-04-28
01 · binautopsy/main.c

security
below the
source code

Deep technical risk in binaries, firmware, malware and incidents — read carefully, then reported as evidence. Not opinion. Not screenshots. Not fear.

Request confidential scoping Submit a sample securely ↗
Status
intakeOPEN
emergency line24 / 7
retainersACCEPTING
Crypto
pgp0x4E61 7574
fpr9F4E…A2C1
tlsTLS 1.3 / X25519
Runtime
ip0x00400420
segment.text
buildv24.04 · glibc 2.39
00400420: 42 69 6e 61 75 74 6f 70 73 79 2e 73 65 63 73 65 63 75 72 69 74 79 20 62 65 6c 6f 77 20 74 Binautopsy.sec security below t  ·  00400440: 68 65 20 73 6f 75 72 63 65 20 63 6f 64 65 2e 0a he source code.  ·  00400450: 63 6f 6e 66 69 64 65 6e 74 69 61 6c 20 62 79 20 confidential by  ·  00400460: 64 65 73 69 67 6e 2e 20 70 67 70 20 6f 6e 6c 79 design. pgp only
▣ referred by · under NDA
abreu & bronsgarriguesmunich re · cyberallianz cistüv süd · iot labscert.ad
02 · /usr/bin/services

seven deliverables · one discipline

0x01retainer

malware analysis & reverse engineering

Family classification, config extraction, IOCs, YARA / Sigma / Suricata rules, and a report your legal team can actually cite.

◆ ransomware · loaders · infostealers
0x02emergency

ransomware forensics / DFIR

First-48-hours engagement: evidence preservation, forensic timeline, scope of compromise, board- and legal-ready reporting.

◆ 24 / 7 intake
0x03product security

firmware security & CRA readiness

Extraction, SBOM, secure boot review, OTA update review, exploitability triage, regulator-ready evidence pack.

◆ EU Cyber Resilience Act
0x04supply chain

binary SBOM reconciliation

Compiled-artifact analysis, source SBOM ↔ binary comparison, dependency discovery, procurement-grade evidence.

◆ M&A · procurement
0x05same week

CVE impact & exploitability triage

Affected-version analysis, patch diffing, exploitability verdict, compensating controls, executive recommendation.

◆ emergency triage
0x06retainer

threat hunting & detection engineering

Pre-compromise hunts, MITRE ATT&CK coverage, SIEM / EDR rule creation, purple-team detection validation sprints.

◆ SOC · MDR
01· intake

encrypted scoping

PGP-only inbound. Authorization, scope, timeline, report audience confirmed in ≤4h.

02· custody

chain of custody

Isolated analysis network · SHA-256 sealed artefacts · NDA & DPA counter-signed.

03· work

deep technical work

Reversing, diffing, hunting. Daily written status. No screenshots treated as evidence.

04· deliver

evidentiary report

Legal, insurer, board & regulator-ready. Encrypted to your PGP. Samples returned or destroyed.

03 · /var/log/evidence

what a dossier looks like

218k
lines of reversed code · 2025
94%
incidents scoped within 4h
42
CVEs coordinated · since founding
0
reports ever leaked
Case BA-2026-0412 · excerpt
T+00:12first suspicious Entra ID sign-in · Kyiv exit nodeioc
T+00:47inbox rule “Bills → RSS Subscriptions” createdpersist
T+02:14loader aetna.b staged via OAuth consentloader
T+03:58exfil to 185.­nn.­nn.­nn · 2.4 GB / 11 mexfil
T+06:22containment · tokens revoked · imaging startscontain
T+48:00final report · 48 pp · legal + insurance + boardreport
$ xxd -s 0x400420 -l 128 aetna.b.sample
00400420: 89 e5 48 83 ec 20 48 8b 3d b1 04 00 00 e8 6b ff  ..H.. H.=.....k.
00400430: ff ff 48 89 45 f8 48 c7 45 f0 00 00 00 00 eb 26  ..H.E.H.E......&
00400440: 48 8b 45 f8 48 83 c0 01 e8 f0 fe ff ff 48 89  H.E.H.........H.
00400450: 45 e8 48 8b 45 f0 48 83 c0 01 48 89 45 f0 48 83  E.H.E.H...H.E.H.

$ binautopsy/yara aetna.yar sample.bin
aetna_loader_v2 sample.bin · confidence 0.94 · strings=12 imports=5

$ binautopsy/triage --verdict
verdict       : EXPLOITABLE
conditions    : write(uid=0), net.egress, config=present
reachable     : yes (4 call sites)
patch diff    : CVE-2026-11419 · ΔRVA 0x00041a · n=3 hunks
recommendation: escalate · rotate · isolate & contain
04 · /opt/research

writing · from the lab

0x · technical note

CVE-2026-40453 in Apache Camel: a case-variant header bypass and how to detect it

CVE-2026-40453 is the incomplete-fix follow-up to CVE-2025-27636. The 2025 setLowerCase(true) patch covered HttpHeaderFilterStrategy but skipped five non-HTTP filter strategies. The reach map across five wire protocols, three release lanes, and the JDK jspawnhelper EDR-rule trap — with the lab to reproduce.

28 APR 2026~11 min · read →
05 · /dev/tty · intake

how to start a conversation

confidential by design.

We take encrypted intake only. Expect a reply within 4 working hours — sooner for active incidents. All engagements under NDA. Authorized work only.

pgp0x4E61 7574 6F70 7379
fingerprint9F4E A2C1 42B0 7D88 · 11CE 55D3 0F62 8A94
TLS 1.3 · sealed handoff to encrypted mailbox
lab-03 · reversing aetna.b · 14:02:37 UTC
tweaks ×
live controls · state persists