News

• 2026-05-13 stng v1.3.1, litmus v1.2.1, cleave v1.4.0

  Three pre-CackalackyCon releases: stng tightens mixed binary/script decoding, litmus improves worker reporting and model bundle handling, and cleave deepens PDF and LNK analysis.

• 2026-05-10 litmus v1.2.0

  Preview support for the azoth ensemble. Multi-seed averaging, per-route isotonic calibration, LightGBM alongside XGBoost. Models route per file from a top-level config.

• 2026-05-08 cleave v1.3

  cleave diff is the signal we have been building toward: a structured, scoped delta between two versions of the same software, with an estimated rate of change that nobody else is measuring. kv now covers PE/ELF/Mach-O along with Office, PDF, PyInstaller, CHM, and a long tail of source and archive formats, with much deeper binary provenance.

• 2026-05-07 Lab outage: btrfs cannot delete its way out of a full disk

  The lab's PostgreSQL master is offline: btrfs filled up and now refuses to delete files — or even snapshots — because it is out of space. No data was lost, thanks to our distributed replica architecture. We are moving the master to ZFS on OmniOS and teaching the lab to fail over to a replica. ETA back online: today.

• 2026-05-07 stng v1.3.0

  Go and Rust PE recovery, multi-key XOR via lea-near-xor analysis, and a pile of fixes for things that were quietly wrong.

• 2026-04-28 Release Mania: stng v1.2.1, cleave v1.2.0, litmus v1.1.0

  cleave fixes a class of rayon deadlocks, parses Python pickle and MSI-embedded PE, and skips rizin on Go binaries for a real speedup; litmus gains worker-mode fleet scanning behind a hardened HTTP server; stng stops mis-flagging Kotlin as Python.

• 2026-04-21 stng v1.2.0

  Preserve Telegram bot tokens, JWTs, and Swift mangled symbols that the chaos filter was dropping; cut XOR IP false positives inside binary data tables.

• 2026-04-10 stng v1.1.8

  Aho-Corasick rewrite of XOR/string classification and parallel disassembly via iced-x86; fixes a PE/XOR bug that was missing office_update-style samples.

• 2026-04-10 cleave v1.1.0

  PE Authenticode chain extraction and ~100 new ELF/Mach-O fields; archive scanning raised from 1K to 100K members; breaking V4 output schema.

• 2026-03-26 litmus v1.0.0

  First tagged release. Open-source malware classifier with TreeSHAP-explained verdicts; CPU-only, offline, no telemetry. Default model is beta — not production-ready yet.

• 2026-03-26 Atomdrift is here!

  Atomdrift launches: an open-source pipeline for catching supply-chain attacks the static-binary tools miss. First piece is litmus.