BlackBerry Highlights Will Make Available Free Open-Source Tool For Cybersecuritiy Professionals, PE
BlackBerry Highlights Will Make Available Free Open-Source Tool For Cybersecuritiy Professionals, PE
BlackBerry Limited (NYSE:BB, TSX:BB) today announced it is making available a free open-source tool for cybersecurity professionals, called PE Tree that significantly reduces the time and effort required to reverse engineer malware. Today's announcement demonstrates BlackBerry's continued commitment to the cybersecurity community in the fight against constantly evolving cyber threats.
Reverse engineering of malware is an extremely time- and labor-intensive process, which can involve hours of disassembling and sometimes deconstructing a software program. The BlackBerry Research and Intelligence team initially developed this open source tool for internal use and is now making it available to the malware reverse engineering community.
恶意软件的逆向工程是一个极其耗时和劳动力的过程,可能需要数小时的拆解,有时还需要解构软件程序。BlackBerry 研究和情报团队最初开发了这个开源工具供内部使用,现在正将其提供给恶意软件逆向工程社区。
"The cybersecurity threat landscape continues to evolve and cyberattacks are getting more sophisticated with potential to cause greater damage," said Eric Milam, Vice President of Research Operations, BlackBerry. "As cybercriminals up their game, the cybersecurity community needs new tools in their arsenal to defend and protect organizations and people. We've created this solution to help the cybersecurity community in this fight, where there are now more than 1 billion pieces of malware with that number continuing to grow by upwards of 100 million pieces each year."
黑莓研究运营副总裁埃里克·米拉姆说:“网络安全威胁格局持续演变,网络攻击变得越来越复杂,有可能造成更大的损害。”“随着网络犯罪分子的发展,网络安全社区需要在他们的武器库中使用新的工具来捍卫和保护组织和人员。我们创建这个解决方案是为了帮助网络安全界进行这场斗争,现在有超过10亿个恶意软件,而且这个数字每年继续增长超过1亿个。”
The PE Tree enables reverse engineers to view Portable Executable (PE) files in a tree-view using pefile and PyQt5, thereby lowering the bar for dumping and reconstructing malware from memory while providing an open-source PE viewer code-base that the community can build upon. The tool also integrates with Hex-Rays' IDA Pro decompiler to allow for easy navigation of PE structures, as well as dumping in-memory PE files and performing import reconstruction; critical in the fight to identify and stop various strains of malware. PE Tree was developed in Python and supports the Windows®, Linux®, and Mac® operating systems. It can be installed and run as either a standalone application or an IDAPython plugin, allowing users to examine any executable Windows file and see what its composition is.
PE Tree 使逆向工程师能够使用 pefile 和 PyQt5 在树视图中查看便携式可执行文件 (PE) 文件,从而降低了从内存中转储和重构恶意软件的门槛,同时提供了一个可供社区构建的开源 PE 查看器代码库。该工具还与 Hex-Rays 的 IDA Pro 反编译器集成,可以轻松导航 PE 结构,转储内存中的 PE 文件和执行导入重建;这对于识别和阻止各种恶意软件至关重要。PE Tree 是用 Python 开发的,支持 Windows®、Linux® 和 Mac® 操作系统。它可以作为独立应用程序或idaPython插件安装和运行,允许用户检查任何可执行的Windows文件并查看其组成。
Also this week at Black Hat USA 2020, Kevin Livelli, BlackBerry's Director of Threat Intelligence will be presenting on Decade of the RATs on August 5 at 11-11:40 am PT. BlackBerry will also be presenting a sponsored webinar about its partnership with Intel to stop cryptojacking malware, and drill down into BlackBerry® Optics AI-based EDR technology for Linux.
同样在本周的2020年美国黑帽会议上,黑莓威胁情报总监凯文·利维利将发表演讲 艺术十年 太平洋时间 8 月 5 日上午 11:11:40黑莓还将举办一场赞助的网络研讨会,介绍其与英特尔合作阻止加密劫持恶意软件,并深入探讨基于BlackBerry® Optics AI的Linux版EDR技术。
To learn more about the PE Tree, please visit https://blogs.blackberry.com/en/2020/08/blackberry-open-source-pe-tree-tool-for-malware-reverse-engineers.
译文内容由第三方软件翻译。