la-villa-hacker-logo-transparente
  • Nosotros
  • Conferencistas
  • Blog
  • Contacto
la-villa-hacker-logo-transparente
  • Nosotros
  • Conferencistas
  • Blog
  • Contacto
  • Nosotros
  • Conferencistas
  • Blog
  • Contacto
la-villa-hacker-logo-transparente
la-villa-hacker-logo-transparente
  • Nosotros
  • Conferencistas
  • Blog
  • Contacto
TEAM
HomeTeamLenin Alevski
Lenin-Alevski
Security Engineer at Google

Lenin Alevski

Lenin Alevski is a Full Stack Engineer and generalist with a lot of passion for Information Security. Currently working as a Security Engineer at Google. Lenin specializes in building and maintaining Distributed Systems, Application Security and Cloud Security in general. Lenin loves to play CTFs, contributing to open-source and writing about security and privacy on his personal blog https://www.alevsk.com.
EMAIL:
alevsk.8772@gmail.com

Resumen de la Charla

Malware analysts are wiring LLMs into their reversing workflows today. The MCP integrations for IDA Pro, Ghidra, radare2, and Binary Ninja are public, and analysts use them to rename functions, triage samples, and hunt vulnerabilities. Adoption has outpaced any measured account of where these tools hold up and where they mislead, and running an agent against one sample can burn an enormous number of tokens on work the model repeats for every binary.
We built an agentic malware analysis framework on ADK (Agent Development Kit) that connects LLMs to disassemblers through MCP, wrapped in per-language skills for C/C++, C#, Go, Android, etc. The ADK agent loop drives the analysis: pulling functions, following xrefs, reading decompiled output, making notes, and issuing disassembler commands on its own. Each skill supplies the runtime context once, so the model spends its budget on the sample. Everything runs in Docker containers for isolation and reproducibility.
We tested it across multiple models on real samples and scored every result against ground truth. Triage and function renaming on stripped binaries work well when the agent is steered. Crypto identification and CVE matching fail in ways that read as authoritative. The analyst is the captain, the model the crew. We ship the containers, skills, and prompt templates so attendees can reproduce similar workflows efortlessly.

charla

Sábado 8 de Agosto de 2026 14:00 a 14:30

Keep the Model on Course: Agentic LLM Workflows for Reversing

 

contacto@lavillahacker.com

Nevada, USA

X-twitterLinkedin-inInstagram

La Villa Hacker

Nosotros
Conferencistas
Blog
Contacto
la-villa-hacker-logo-transparente

Copyright © 2026 La Villa Hacker. Todos los derechos reservados