SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

SentinelOne & Intezer join forces to tackle Rust malware

Thu, 8th Aug 2024

SentinelOne and Intezer have announced a collaborative effort to address the challenges posed by Rust malware. The aim of the project is to help threat researchers better understand and accurately characterize the complex malware ecosystem associated with the Rust programming language.

The initiative was revealed during the Black Hat 2024 conference. Researchers from SentinelLabs, the research division of SentinelOne, and Intezer will develop methodologies and open-source tools to aid in the reverse engineering of Rust malware. The project, named 0xA11C, seeks to make reverse engineering more approachable for cybersecurity professionals.

Juan Andrés Guerrero-Saade, AVP of Research at SentinelLabs, commented on the challenges associated with reverse engineering Rust malware. "In malware analysis, the arrival of a new programming language introduces an entirely new set of challenges that obstruct our ability to quickly grasp the malicious intent of a threat actor," he said. "With the current state of our tooling, Rust is practically impossible to reverse engineer, and as a result, many analysts are shying away from researching the Rust malware ecosystem. Together with Intezer, we aim to change this."

SentinelLabs has previously tackled the complexities of another programming language, Go, through a methodology dubbed AlphaGolang. This approach addressed the rise in Go malware by putting underlying data back in its context, making it easier to reverse engineer than traditional programming languages.

Nicole Fishbein, a Security Researcher at Intezer, described some of the distinctive features of Rust that contribute to its complexity. "The same features of Rust that engineers love, such as memory safety, aggressive compiler optimisations, borrowing, intricate types and traits, translate into a perplexing tangle of code that surpasses even C++ in the complexity of its abstractions," she said. Fishbein added that insights from the development of AlphaGolang could provide additional clarity into the Rust malware ecosystem, and tools developed through Project 0xA11C would equip reverse engineers to tackle the issue head-on.

To learn more about and contribute to Project 0xA11C, researchers and interested parties are encouraged to visit SentinelOne's website for additional details. The collaborative effort between SentinelOne and Intezer aims to illuminate the blind spots surrounding Rust malware, allowing the cybersecurity community to stay ahead of potential threats.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X