capa 2.0: Better, Stronger, Faster

We are excited to announce version 2.0 of our open-source tool called capa. capa automatically identifies capabilities in programs using an extensible rule set. The tool supports both malware triage and deep dive reverse engineering. If you haven’t heard of capa before, or need a refresher, check...

YARASAFE - Automatic Binary Function Similarity Checks with Yara

SAFE is a tool developed to create Binary Functions Embedding developed by Massarelli L., Di Luna G.A., Petroni F., Querzoni L. and Baldoni R. You can use SAFE to create your function embedding to use inside yara rules. If you are interested take a look at our research paper:...

Defeating Compiler-Level Obfuscations Used in APT10 Malware

Summary The Carbon Black Threat Analysis Unit TAU recently analyzed a series of malware samples that utilized compiler-level obfuscations. For example, opaque predicates were applied to Turla mosquito and APT10 ANEL. Another obfuscation, control flow flattening, was applied to APT10 ANEL and Dhar...

[CrowdRE] Reverse Engineering Tool

A new project called CrowdRE aims to make it easy for the reverse engineering of complex applications working in collaboration with other users. Normally, the process reversing software from a complicated binary can consume much time, CrowdRE will help accelerate this process through teamwork...