Reverse engineering already sounds like black magic, when in reality it simply entails lots of practice and strong foundations in computer science concepts. Think of it like learning a new language. First, you must know the building blocks to a sentence, and then keep practicing until you can speak fluently. Reverse engineering works the same way. Malware analysts and researchers use reverse engineering as a tool to understand the behavior of the malware sample in order to detect, prevent, or get rid of it.
March 23, 2017
Protecting Against Shamoon 2 and Stonedrill: In the Crossfire of Geopolitics and Wiper Malware
At the end of January, Saudi Arabia’s telecom authority issued an alert warning about Shamoon 2, a wiper malware that hit several organizations, including three government agencies and four private sector companies.
March 06, 2017
Dropping AtomBombs: Detecting DridexV4 in the Wild
Banking trojans have been around for years, but gained greater visibility in 2015 and into 2016 as they moved from targeting European banks to American banks. We previously discussed the Odinaff banking trojan, which was responsible for the SWIFT attacks, and the theft of close to $1 billion.
You’ve used them for directions, to order pizza, to ask about the weather. You’ve called them by their names Siri, Alexa, Cortana... You speak to them like you know them, like they can understand you. Why? Because they usually can. Intelligent assistants are on the rise and increasingly supporting our lives. In large part, this is driven by the user’s desire for ever more efficient querying and frictionless action. Instead of muddling through bloated interfaces, simply speaking or typing your queries or commands through a bot is often easier, faster, and seamless.
January 17, 2017
Dude! Where's my Ransomware?: A Flare-On Challenge
There are many tricks to the tradecraft when analyzing unknown binaries, and it requires constant honing of skills to stay on top of the latest malware and campaigns. Solving reverse-engineering challenges is one way to keep your skills sharp. In our previous post, we discussed some tips from the Flare-On Challenge.
On December 29, 2016, the United States Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) released a joint analysis report (JAR) detailing, in their words, “tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities”.
Long Short-Term Memory networks - a form of deep learning - are a basic yet powerful approach for detecting domain generation algorithms. We introduce this machine learning approach and how we implement it to detect DGAs at scale.
November 09, 2016
0 to 31337 Real Quick: Lessons Learned by Reversing the FLARE-On Challenge