search menu icon-carat-right cmu-wordmark

Posts by Jeffrey Gennari

Path Finding in Malicious Binaries: First in a Series

Path Finding in Malicious Binaries: First in a Series

• Blog
Jeffrey Gennari

In a previous post, I discussed the Pharos Binary Analysis Framework and tools to support reverse engineering of binaries with a focus on malicious code analysis. Recall that Pharos is a framework created by our CERT team that builds upon the ROSE compiler infrastructure developed by Lawrence Livermore National Laboratory. ROSE provides a number of facilities for binary analysis including disassembly, control flow analysis, instruction semantics, and more. Pharos uses these features to automate common...

Read More
Pharos Binary Static Analysis Tools Released on GitHub

Pharos Binary Static Analysis Tools Released on GitHub

• Blog
Jeffrey Gennari

In a previous post, I discussed the Pharos Binary Analysis Framework and tools to support reverse engineering of binaries with a focus on malicious code analysis. Recall that Pharos is a CERT-created framework that builds upon the ROSE compiler infrastructure developed by Lawrence Livermore National Laboratory for disassembly, control flow analysis, instruction semantics, and more. Pharos uses these features to automate common reverse engineering tasks. I'm pleased to announce that we've updated our framework on...

Read More
Static Identification of Program Behavior using Sequences of API Calls

Static Identification of Program Behavior using Sequences of API Calls

• Blog
Jeffrey Gennari

Much of the malware that we analyze includes some type of remote access capability. Malware analysts broadly refer to this type of malware as a remote access tool (RAT). RAT-like capabilities are possessed by many well-known malware families, such as DarkComet. As described in this series of posts, CERT researchers are exploring ways to automate common malware analysis activities. In a previous post, I discussed the Pharos Binary Analysis Framework and tools to support reverse...

Read More
The Pharos Framework: Binary Static Analysis of Object Oriented Code

The Pharos Framework: Binary Static Analysis of Object Oriented Code

• Blog
Jeffrey Gennari

Object-oriented programs present considerable challenges to reverse engineers. For example, C++ classes are high-level structures that lead to complex arrangements of assembly instructions when compiled. These complexities are exacerbated for malware analysts because malware rarely has source code available; thus, analysts must grapple with sophisticated data structures exclusively at the machine code level. As more and more object-oriented malware is written in C++, analysts are increasingly faced with the challenges of reverse engineering C++ data...

Read More

Contact the Author

Jeffrey Gennari

SEI Digital Library

SEI Publications

Visit the SEI Digital Library to see other publications by Jeffrey Gennari

View publications