We dissect opaque digital artifacts and turn them into defensible security decisions.

Binautopsy is a specialist cybersecurity research and forensic engineering lab. We work with binaries, malware, firmware, exploited vulnerabilities, and incident artifacts — turning each one into a defensible technical report tied to risk, exploitability, and action.

• detection-rules — curated YARA and Sigma rules tied to our published autopsies. Apache-2.0; safe to integrate into MDR/MSSP tooling.
• research-labs — reproducer labs for the CVEs we analyze. Clone, run npm install, walk the reach map yourself. Defender-utility only.

• Long-form analyses live at binautopsy.com/research.
• Detection rules + reproducer labs live here. Every rule references the analysis it came from; every lab pairs with a published brief.
• Where our analysis surfaces details a vendor hasn't disclosed, we follow a vendor-first workflow (14-day acknowledgment, 90-day publication).

• Scoping a real engagement? Use the intake form at binautopsy.com — we triage within one business day.
• Found a bug in a rule or lab? Open an issue on the relevant repo, or email research@binautopsy.com.
• Following our work? The autopsy archive is at binautopsy.com/research. LinkedIn (personal account of the founder) carries shorter-form callouts of new pieces.