http://www.sei.cmu.edu/feeds/topic/Updates on changes and additions to the SEI Blog for posts matching Reverse Engineering for Malware Analysisen-usThu, 22 Jan 2026 00:00:00 -0500https://www.sei.cmu.edu/blog/an-open-source-tool-to-unravel-uefi-and-its-vulnerabilities/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post introduces CERT UEFI Parser, a new, open source tool that uses program analysis to reveal the architecture of UEFI software, and explore this veiled source of vulnerabilities.Vijay Sarvepalli, Renae Metcalf, Cory CohenThu, 22 Jan 2026 00:00:00 -0500https://www.sei.cmu.edu/blog/an-open-source-tool-to-unravel-uefi-and-its-vulnerabilities/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/the-great-fuzzy-hashing-debate/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post details a debate among two researchers over whether there is utility in applying fuzzy hashes to instruction bytes.Edward SchwartzMon, 22 Apr 2024 00:00:00 -0400https://www.sei.cmu.edu/blog/the-great-fuzzy-hashing-debate/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/comparing-the-performance-of-hashing-techniques-for-similar-function-detection/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post explores the challenges of code comparison and presents a solution to the problem.Edward SchwartzMon, 15 Apr 2024 00:00:00 -0400https://www.sei.cmu.edu/blog/comparing-the-performance-of-hashing-techniques-for-similar-function-detection/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesFuzzy Hashinghttps://www.sei.cmu.edu/blog/detecting-and-grouping-malware-using-section-hashes/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCurrent malware detection systems evaluate elements in a file or evaluate the file as a whole. New research shows other avenues for malware detection exist, specifically, breaking up the file into sections and then comparing the resulting parts.Timur Snoke, Michael JacobsMon, 05 Jun 2023 00:00:00 -0400https://www.sei.cmu.edu/blog/detecting-and-grouping-malware-using-section-hashes/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/two-tools-for-malware-analysis-and-reverse-engineering-in-ghidra/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post presents two tools for malware analysis and reverse engineering in Ghidra, the National Security Agency’s software reverse engineering tool suite.Jeff GennariMon, 01 Nov 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/two-tools-for-malware-analysis-and-reverse-engineering-in-ghidra/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/ghihorn-path-analysis-in-ghidra-using-smt-solvers/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesWe believe that many common challenges in malware analysis and reverse engineering can be framed in terms of finding a path to a specific point in a program.Jeff GennariMon, 18 Oct 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/ghihorn-path-analysis-in-ghidra-using-smt-solvers/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/introducing-cert-kaiju-malware-analysis-tools-for-ghidra/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesGhidra provides a compelling environment for reverse engineering tools that are relatively easy to use during malware analysis. Our latest blog post highlights a new suite of tools, known as Kaiju, for malware analysis and reverse engineering to take advantage of Ghidra’s capabilities and interface.Garret Wassermann, Jeff GennariMon, 13 Sep 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/introducing-cert-kaiju-malware-analysis-tools-for-ghidra/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesReverse Engineering for Malware Analysishttps://www.sei.cmu.edu/blog/3-ransomware-defense-strategies/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post covers strategies to mitigate RDP attacks & software vulnerabilities, and how to protect against data exfiltration after phishing defense.Marisa MidlerMon, 09 Nov 2020 00:00:00 -0500https://www.sei.cmu.edu/blog/3-ransomware-defense-strategies/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesRansomwarehttps://www.sei.cmu.edu/blog/using-ooanalyzer-to-reverse-engineer-object-oriented-code-with-ghidra/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post explores how to use the new OOAnalyzer Ghidra Plugin to import C++ class information into the NSA's Ghidra tool and interpret results in the Ghidra SRE framework.Jeff GennariMon, 15 Jul 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/using-ooanalyzer-to-reverse-engineer-object-oriented-code-with-ghidra/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesReverse Engineering for Malware Analysishttps://www.sei.cmu.edu/blog/business-email-compromise-operation-wire-wire-and-new-attack-vectors/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn June 2018, Federal authorities announced a significant coordinated effort to disrupt business email compromise (BEC) schemes that are designed to intercept and hijack wire transfers from businesses and individuals....Anne ConnellMon, 08 Apr 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/business-email-compromise-operation-wire-wire-and-new-attack-vectors/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMalwareCyber MissionsBest Practices in Network SecuritySocial Engineeringhttps://www.sei.cmu.edu/blog/path-finding-in-malicious-binaries-first-in-a-series/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn a previous post, I discussed the Pharos Binary Analysis Framework and tools to support reverse engineering of binaries with a focus on malicious code analysis. Recall that Pharos is....Jeff GennariMon, 10 Dec 2018 00:00:00 -0500https://www.sei.cmu.edu/blog/path-finding-in-malicious-binaries-first-in-a-series/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesReverse Engineering for Malware AnalysisMalware AnalysisCyber MissionsMalwarehttps://www.sei.cmu.edu/blog/security-begins-at-the-home-router/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn recent days, the VPNFilter malware has attracted attention, much of it in the wake of a May 25 public service announcement from the FBI, as well as a number of announcements from vendors and security companies....Vijay SarvepalliMon, 30 Jul 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/security-begins-at-the-home-router/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber MissionsMalwarehttps://www.sei.cmu.edu/blog/big-data-malware-preparation-and-messaging/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesPart one of this series of blog posts on the collection and analysis of malware and storage of malware-related data in enterprise systems reviewed practices for collecting malware, storing it, and storing data about it....Brent FryeMon, 18 Jun 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/big-data-malware-preparation-and-messaging/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber MissionsMalwareData Modeling and Analyticshttps://www.sei.cmu.edu/blog/big-data-malware-collection-and-storage/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe growth of big data has affected many fields, including malware analysis. Increased computational power and storage capacities have made it possible for big-data processing systems to handle the increased volume of data being collected....Brent FryeMon, 04 Jun 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/big-data-malware-collection-and-storage/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber MissionsMalwareData Modeling and Analyticshttps://www.sei.cmu.edu/blog/data-science-blacklists-and-mixed-critical-software-the-latest-research-from-the-sei/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesDiscover recently released SEI publications in early lifecycle cost estimation, host protection strategies, AADL, and more in this SEI Blog post.Douglas SchmidtMon, 05 Sep 2016 00:00:00 -0400https://www.sei.cmu.edu/blog/data-science-blacklists-and-mixed-critical-software-the-latest-research-from-the-sei/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMalwareSoftware ArchitectureArchitecture Analysis and Design Language (AADL)https://www.sei.cmu.edu/blog/threat-analysis-mapping-connected-vehicles-emerging-technologies-and-cyber-foraging-the-latest-research-from-the-sei/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesRecently published SEI reports highlight the latest work of SEI technologists in estimating program costs early in the development lifecycle, threat analysis mapping, risks and vulnerabilities in connected vehicles, emerging technologies, and cyber-foraging.Douglas SchmidtMon, 02 May 2016 00:00:00 -0400https://www.sei.cmu.edu/blog/threat-analysis-mapping-connected-vehicles-emerging-technologies-and-cyber-foraging-the-latest-research-from-the-sei/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMalwarehttps://www.sei.cmu.edu/blog/static-identification-of-program-behavior-using-sequences-of-api-calls/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesLearn how to statically characterize program behavior using API calls and how the SEI automated this reasoning with the malware analysis tool ApiAnalyzer.Jeff GennariMon, 11 Apr 2016 00:00:00 -0400https://www.sei.cmu.edu/blog/static-identification-of-program-behavior-using-sequences-of-api-calls/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMalwarehttps://www.sei.cmu.edu/blog/the-sei-technical-strategic-plan/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post examines research undertaken by the SEI addressing key cybersecurity, software engineering, and related acquisition issues faced by DoD.Kevin FallMon, 24 Aug 2015 00:00:00 -0400https://www.sei.cmu.edu/blog/the-sei-technical-strategic-plan/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesBig DataMalwarehttps://www.sei.cmu.edu/blog/the-pharos-framework-binary-static-analysis-of-object-oriented-code/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post discusses tools developed by the SEI's CERT Division to support reverse engineering and malware analysis tasks on C++ programs.Jeff GennariTue, 18 Aug 2015 00:00:00 -0400https://www.sei.cmu.edu/blog/the-pharos-framework-binary-static-analysis-of-object-oriented-code/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMalwarehttps://www.sei.cmu.edu/blog/the-2014-year-in-review-top-10-blog-posts/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesDiscover the top 10 SEI Blog posts of 2014, and dive deeper into each area of research.Douglas SchmidtMon, 22 Dec 2014 00:00:00 -0500https://www.sei.cmu.edu/blog/the-2014-year-in-review-top-10-blog-posts/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesDevopsAndroidSecure CodingMalwareAgileBig Data