Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

SentinelOne and Intezer team to simplify reverse engineering of Rust malware

August 2024 by Valentin Jangwa, Global Security Mag

SentinelOne and Intezer Companies developing methodology and open-source tools to tame complexities of complex language, empowering organisations to get and stay ahead of attackers

SentinelOne and Intezer launched a project aimed at illuminating the blind spot surrounding Rust malware so that threat researchers can better understand and accurately characterise the complex malware ecosystem before it reaches critical mass and blindsides the industry. As part of the initiative, researchers from SentinelLabs and Intezer have teamed up to develop a methodology to make reverse engineering Rust malware more approachable and engage the security community to create and release tools to tackle the problem head on. Details of the project, known as 0xA11C, will be unveiled today at Black Hat 2024.

“In malware analysis, the arrival of a new programming language introduces an entirely new set of challenges that obstruct our ability to quickly grasp the malicious intent of a threat actor,” said Juan Andrés Guerrero-Saade, AVP of Research, SentinelLabs. “With the current state of our tooling, Rust is practically impossible to reverse engineer, and as a result, many analysts are shying away from researching the Rust malware ecosystem. Together with Intezer, we aim to change this.”

In 2021, SentinelLabs researchers took a similar approach to address the rise of Go malware, developing a Go malware analysis methodology dubbed ‘AlphaGolang.’ Their efforts revealed that once underlying data is put back in its rightful context, reversing engineering Golang malware can often be easier than malware written with traditional programming languages.

“We’ve observed a similar trend with Rust malware,” said Nicole Fishbein, Security Researcher, Intezer. “The same features of Rust that engineers love, such as memory safety, aggressive compiler optimisations, borrowing, intricate types and traits, translate into a perplexing tangle of code that surpasses even C++ in the complexity of its abstractions. Drawing on insights derived from the development of AlphaGolang, we can gain additional clarity into the true size of the Rust malware ecosystem and arm reverse engineers with tools to take it head on.”


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts