Blog Posts
The Great Fuzzy Hashing Debate
This post details a debate among two researchers over whether there is utility in applying fuzzy hashes to instruction bytes.
• By Edward J. Schwartz
In Reverse Engineering for Malware Analysis
Comparing the Performance of Hashing Techniques for Similar Function Detection
This blog post explores the challenges of code comparison and presents a solution to the problem.
• By Edward J. Schwartz
In Reverse Engineering for Malware Analysis
Detecting and Grouping Malware Using Section Hashes
Current malware detection systems evaluate elements in a file or evaluate the file as a whole. New research shows other avenues for malware detection exist, specifically, breaking up the file …
• By Timur D. Snoke, Michael Jacobs
In Reverse Engineering for Malware Analysis
Two Tools for Malware Analysis and Reverse Engineering in Ghidra
This post presents two tools for malware analysis and reverse engineering in Ghidra, the National Security Agency’s software reverse engineering tool suite.
• By Jeff Gennari
In Reverse Engineering for Malware Analysis
GhiHorn: Path Analysis in Ghidra Using SMT Solvers
We believe that many common challenges in malware analysis and reverse engineering can be framed in terms of finding a path to a specific point in a program.
• By Jeff Gennari
In Reverse Engineering for Malware Analysis
Introducing CERT Kaiju: Malware Analysis Tools for Ghidra
Ghidra provides a compelling environment for reverse engineering tools that are relatively easy to use during malware analysis. Our latest blog post highlights a new suite of tools, known as …
• By Garret Wassermann, Jeff Gennari
In Reverse Engineering for Malware Analysis
3 Ransomware Defense Strategies
This SEI Blog post covers strategies to mitigate RDP attacks & software vulnerabilities, and how to protect against data exfiltration after phishing defense.
• By Marisa Midler
In Reverse Engineering for Malware Analysis
Using OOAnalyzer to Reverse Engineer Object Oriented Code with Ghidra
This post explores how to use the new OOAnalyzer Ghidra Plugin to import C++ class information into the NSA's Ghidra tool and interpret results in the Ghidra SRE framework.
• By Jeff Gennari
In Reverse Engineering for Malware Analysis
Business Email Compromise: Operation Wire Wire and New Attack Vectors
In June 2018, Federal authorities announced a significant coordinated effort to disrupt business email compromise (BEC) schemes that are designed to intercept and hijack wire transfers from businesses and individuals....
• By Anne Connell
In Reverse Engineering for Malware Analysis
Path Finding in Malicious Binaries: First in a Series
In a previous post, I discussed the Pharos Binary Analysis Framework and tools to support reverse engineering of binaries with a focus on malicious code analysis. Recall that Pharos is....
• By Jeff Gennari
In Reverse Engineering for Malware Analysis