SentinelOne® and Intezer Team to Simplify Reverse Engineering of Rust Malware
07 August 2024 - 11:00PM
Business Wire
Companies developing methodology and
open-source tools to tame complexities of complex language,
empowering organizations to get and stay ahead of attackers
SentinelOne (NYSE: S), a global leader in AI-powered security,
and Intezer, a leader in AI-powered technology for autonomous
security operations, today launched a project aimed at illuminating
the blind spot surrounding Rust malware so that threat researchers
can better understand and accurately characterize the complex
malware ecosystem before it reaches critical mass and blindsides
the industry. As part of the initiative, researchers from
SentinelLabs and Intezer have teamed to develop a methodology to
make reverse engineering Rust malware more approachable and engage
the security community to create and release tools to tackle the
problem head on. Details of the project, known as OxA11C, will be
unveiled today at Black Hat 2024.
“In malware analysis, the arrival of a new programming language
introduces an entirely new set of challenges that obstruct our
ability to quickly grasp the malicious intent of a threat actor,”
said Juan Andrés Guerrero-Saade, AVP of Research, SentinelLabs.
“With the current state of our tooling, Rust is practically
impossible to reverse engineer, and as a result, many analysts are
shying away from researching the Rust malware ecosystem. Together
with Intezer, we aim to change this.”
In 2021, SentinelLabs researchers took a similar approach to
address the rise of Go malware, developing a Go malware analysis
methodology dubbed ‘AlphaGolang.’ Their efforts revealed that once
underlying data is put back in its rightful context, reversing
engineering Golang malware can often be easier than malware written
with traditional programming languages.
“We've observed a similar trend with Rust malware,” said Nicole
Fishbein, Security Researcher, Intezer. “The same features of Rust
that engineers love, such as memory safety, aggressive compiler
optimizations, borrowing, intricate types and traits, translate
into a perplexing tangle of code that surpasses even C++ in the
complexity of its abstractions. Drawing on insights derived from
the development of AlphaGolang, we can gain additional clarity,
into the true size of the Rust malware ecosystem and arm reverse
engineers with tools to take it head on.”
To learn more about and contribute to Project OxA11C, visit
www.sentinelone.com/labs
About SentinelLabs
InfoSec works on a rapid iterative cycle where new discoveries
occur daily and authoritative sources are easily drowned in the
noise of partial information. SentinelLabs is an open venue for our
threat researchers and vetted contributors to reliably share their
latest findings with a wider community of defenders. No sales
pitches, no nonsense. We are hunters, reversers, exploit
developers, and tinkerers shedding light on the world of malware,
exploits, APTs, and cybercrime across all platforms. SentinelLabs
embodies our commitment to sharing openly –providing tools,
context, and insights to strengthen our collective mission of a
safer digital life for all.
About SentinelOne
SentinelOne is a leading AI-powered cybersecurity platform.
Built on the first unified Data Lake, SentinelOne empowers the
world to run securely by creating intelligent, data-driven systems
that think for themselves, stay ahead of complexity and risk, and
evolve on their own. Leading organizations—including Fortune 10,
Fortune 500, and Global 2000 companies, as well as prominent
governments—all trust SentinelOne to Secure Tomorrow™. Learn more
at sentinelone.com.
About Intezer
Intezer is a leading provider of AI-powered technology for
autonomous security operations. With a focus on innovation and
quality, its Autonomous SOC Platform is designed to investigate
incidents, make triage decisions, and escalate findings about
serious threats like an expert Tier 1 SOC analyst (but without the
burnout, skill gaps, and alert fatigue). For more information about
Intezer for SIEM alert triage and how it can transform your
security operations, please visit
https://intezer.com/autonomous-soc-siem-triage-solution/.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240807898720/en/
Karen Master SentinelOne karen.master@sentinelone.com
SentinelOne (NYSE:S)
Historical Stock Chart
From Sep 2024 to Oct 2024
SentinelOne (NYSE:S)
Historical Stock Chart
From Oct 2023 to Oct 2024