Home Security Binary Ninja speeds malware analysis

While IDA Pro has been one of the main tools for reverse engineering malware samples, the relatively new Binary Ninja makes a "huge difference" to productivity, according to LogRhythm Threat Research Group senior malware analyst and reverse engineer Erika Noerenberg.

"Automation is very important... because there is so much malware out there," she told iTWire.

Binary Ninja has an API that makes it possible to automate common tasks, such as extracting and decrypting strings from malware.

She demonstrated this capability at the ACSC 2018 conference held last week in Canberra by extracting the strings from the widely-distributed PlugX malware.

This type of automation can help reduce the time needed to create signatures for new pieces of malware from several hours — perhaps even a day — to a matter of minutes or possibly an hour, she said.

Noerenberg said she could format the output of the process so it could be fed into LogRhythm's SIEM and other products.

While SIEM, antivirus and other tools play a part in preventing malware outbreaks and other intrusions, maintaining a good security posture is important, she said.

Keeping systems patched could be a problem because not all patches could be applied while systems were running, but it should not be ignored. The patch for the Eternal Blue exploit was available a month before the emergence of WannaCry, which caused "massively widespread damage", she said.

Applying the principle of "least privileges" is another significant defence. Administrator and domain administrator privileges should be limited to those whose jobs really require them.

Allowing ordinary users to install software is asking for trouble. Noerenberg pointed to the trojanised version of the Handbrake video converter that appeared last year.

Users should also be educated not to blindly click on links or open attachments in emails.

"he human element is going to be a major element in your exposure," she said.

Other issues include establishing good back-up and disaster recovery procedures (taking into consideration the way ransomware can encrypt back-ups on mounted volumes), turning off unused services, and making sure that SMB servers aren't exposed to the Internet.


It's YOW's 10th anniversary this year and we would like to celebrate with you. YOW! proudly invites you to join us at Celebrating 10 years of YOW! – Dinner with Speakers.

An intimate networking experience, YOW! Dinner with Speakers offers attendees the opportunity to gain industry and career insights on a more personal level with YOW! speakers from the 2018 conference.

An intimate networking experience, YOW! Dinner with Speakers offers attendees the opportunity to gain industry and career insights on a more personal level with YOW! speakers from the 2018 conference.

Book a table of 10, bring a friend, or come by yourself and make new friends!

Register now for YOW! Dinner with Speakers:

· Sydney on Thursday November 29
· Brisbane on Tuesday December 3
· Melbourne on Thursday December 6



Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



Ransomware attacks on businesses and institutions are now the most common type of malware breach, accounting for 39% of all IT security incidents, and they are still growing.

Criminal ransomware revenues are projected to reach $11.5B by 2019.

With a few simple policies and procedures, plus some cutting-edge endpoint countermeasures, you can effectively protect your business from the ransomware menace.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.


Popular News




Sponsored News