Reverse engineering already sounds like black magic, when in reality it simply entails lots of practice and strong foundations in computer science concepts. Think of it like learning a new language. First, you must know the building blocks to a sentence, and then keep practicing until you can speak fluently. Reverse engineering works the same way. Malware analysts and researchers use reverse engineering as a tool to understand the behavior of the malware sample in order to detect, prevent, or get rid of it.
March 23, 2017
Protecting Against Shamoon 2 and Stonedrill: In the Crossfire of Geopolitics and Wiper Malware
At the end of January, Saudi Arabia’s telecom authority issued an alert warning about Shamoon 2, a wiper malware that hit several organizations, including three government agencies and four private sector companies.
March 06, 2017
Dropping AtomBombs: Detecting DridexV4 in the Wild
Banking trojans have been around for years, but gained greater visibility in 2015 and into 2016 as they moved from targeting European banks to American banks. We previously discussed the Odinaff banking trojan, which was responsible for the SWIFT attacks, and the theft of close to $1 billion.
February 21, 2017
Lessons from the Trenches: Obfuscation and Pattern Recognition
In my recently released book Facing Cyber Threats Head On, I spend a lot of time discussing how contemporary cyber security is just as much about stopping people (the attackers) as it is about stopping malware. When you look at it, stopping people is a different problem and requires a different approach than stopping malware. At the end of the day, people create and adjust strategies based on what they experience. Computer programs do not.
There are many tricks to the tradecraft when analyzing unknown binaries, and it requires constant honing of skills to stay on top of the latest malware and campaigns. Solving reverse-engineering challenges is one way to keep your skills sharp. In our previous post, we discussed some tips from the Flare-On Challenge.