SEI Blog | Reverse Engineering for Malware Analysishttp://sei.cmu.edu/feeds/topic/reverse-engineering-for-malware-analysis/atom/?utm_source=blog&utm_medium=rss2026-01-22T00:00:00-05:00Updates on changes and additions to the SEI Blog for posts matching Reverse Engineering for Malware AnalysisAn Open Source Tool to Unravel UEFI and its Vulnerabilities2026-01-22T00:00:00-05:002026-01-22T00:00:00-05:00Vijay Sarvepalli, Renae Metcalf, Cory Cohenhttps://www.sei.cmu.edu/blog/an-open-source-tool-to-unravel-uefi-and-its-vulnerabilities/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post introduces CERT UEFI Parser, a new, open source tool that uses program analysis to reveal the architecture of UEFI software, and explore this veiled source of vulnerabilities.The Great Fuzzy Hashing Debate2024-04-22T00:00:00-04:002024-04-22T00:00:00-04:00Edward Schwartzhttps://www.sei.cmu.edu/blog/the-great-fuzzy-hashing-debate/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post details a debate among two researchers over whether there is utility in applying fuzzy hashes to instruction bytes.Comparing the Performance of Hashing Techniques for Similar Function Detection2024-04-15T00:00:00-04:002024-04-15T00:00:00-04:00Edward Schwartzhttps://www.sei.cmu.edu/blog/comparing-the-performance-of-hashing-techniques-for-similar-function-detection/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post explores the challenges of code comparison and presents a solution to the problem.Detecting and Grouping Malware Using Section Hashes2023-06-05T00:00:00-04:002023-06-05T00:00:00-04:00Timur Snoke, Michael Jacobshttps://www.sei.cmu.edu/blog/detecting-and-grouping-malware-using-section-hashes/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCurrent malware detection systems evaluate elements in a file or evaluate the file as a whole. New research shows other avenues for malware detection exist, specifically, breaking up the file into sections and then comparing the resulting parts.Two Tools for Malware Analysis and Reverse Engineering in Ghidra2021-11-01T00:00:00-04:002021-11-01T00:00:00-04:00Jeff Gennarihttps://www.sei.cmu.edu/blog/two-tools-for-malware-analysis-and-reverse-engineering-in-ghidra/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post presents two tools for malware analysis and reverse engineering in Ghidra, the National Security Agency’s software reverse engineering tool suite.GhiHorn: Path Analysis in Ghidra Using SMT Solvers2021-10-18T00:00:00-04:002021-10-18T00:00:00-04:00Jeff Gennarihttps://www.sei.cmu.edu/blog/ghihorn-path-analysis-in-ghidra-using-smt-solvers/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesWe believe that many common challenges in malware analysis and reverse engineering can be framed in terms of finding a path to a specific point in a program.Introducing CERT Kaiju: Malware Analysis Tools for Ghidra2021-09-13T00:00:00-04:002021-09-13T00:00:00-04:00Garret Wassermann, Jeff Gennarihttps://www.sei.cmu.edu/blog/introducing-cert-kaiju-malware-analysis-tools-for-ghidra/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesGhidra provides a compelling environment for reverse engineering tools that are relatively easy to use during malware analysis. Our latest blog post highlights a new suite of tools, known as Kaiju, for malware analysis and reverse engineering to take advantage of Ghidra’s capabilities and interface.3 Ransomware Defense Strategies2020-11-09T00:00:00-05:002020-11-09T00:00:00-05:00Marisa Midlerhttps://www.sei.cmu.edu/blog/3-ransomware-defense-strategies/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post covers strategies to mitigate RDP attacks & software vulnerabilities, and how to protect against data exfiltration after phishing defense.Using OOAnalyzer to Reverse Engineer Object Oriented Code with Ghidra2019-07-15T00:00:00-04:002019-07-15T00:00:00-04:00Jeff Gennarihttps://www.sei.cmu.edu/blog/using-ooanalyzer-to-reverse-engineer-object-oriented-code-with-ghidra/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post explores how to use the new OOAnalyzer Ghidra Plugin to import C++ class information into the NSA's Ghidra tool and interpret results in the Ghidra SRE framework.Business Email Compromise: Operation Wire Wire and New Attack Vectors2019-04-08T00:00:00-04:002019-04-08T00:00:00-04:00Anne Connellhttps://www.sei.cmu.edu/blog/business-email-compromise-operation-wire-wire-and-new-attack-vectors/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn June 2018, Federal authorities announced a significant coordinated effort to disrupt business email compromise (BEC) schemes that are designed to intercept and hijack wire transfers from businesses and individuals....Path Finding in Malicious Binaries: First in a Series2018-12-10T00:00:00-05:002018-12-10T00:00:00-05:00Jeff Gennarihttps://www.sei.cmu.edu/blog/path-finding-in-malicious-binaries-first-in-a-series/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn a previous post, I discussed the Pharos Binary Analysis Framework and tools to support reverse engineering of binaries with a focus on malicious code analysis. Recall that Pharos is....Security Begins at the Home Router2018-07-30T00:00:00-04:002018-07-30T00:00:00-04:00Vijay Sarvepallihttps://www.sei.cmu.edu/blog/security-begins-at-the-home-router/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn recent days, the VPNFilter malware has attracted attention, much of it in the wake of a May 25 public service announcement from the FBI, as well as a number of announcements from vendors and security companies....Big-Data Malware: Preparation and Messaging2018-06-18T00:00:00-04:002018-06-18T00:00:00-04:00Brent Fryehttps://www.sei.cmu.edu/blog/big-data-malware-preparation-and-messaging/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesPart one of this series of blog posts on the collection and analysis of malware and storage of malware-related data in enterprise systems reviewed practices for collecting malware, storing it, and storing data about it....Big-Data Malware: Collection and Storage2018-06-04T00:00:00-04:002018-06-04T00:00:00-04:00Brent Fryehttps://www.sei.cmu.edu/blog/big-data-malware-collection-and-storage/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe growth of big data has affected many fields, including malware analysis. Increased computational power and storage capacities have made it possible for big-data processing systems to handle the increased volume of data being collected....Data Science, Blacklists, and Mixed-Critical Software: The Latest Research from the SEI2016-09-05T00:00:00-04:002016-09-05T00:00:00-04:00Douglas Schmidthttps://www.sei.cmu.edu/blog/data-science-blacklists-and-mixed-critical-software-the-latest-research-from-the-sei/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesDiscover recently released SEI publications in early lifecycle cost estimation, host protection strategies, AADL, and more in this SEI Blog post.Threat Analysis Mapping, Connected Vehicles, Emerging Technologies, and Cyber-Foraging: The Latest Research from the SEI2016-05-02T00:00:00-04:002016-05-02T00:00:00-04:00Douglas Schmidthttps://www.sei.cmu.edu/blog/threat-analysis-mapping-connected-vehicles-emerging-technologies-and-cyber-foraging-the-latest-research-from-the-sei/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesRecently published SEI reports highlight the latest work of SEI technologists in estimating program costs early in the development lifecycle, threat analysis mapping, risks and vulnerabilities in connected vehicles, emerging technologies, and cyber-foraging.Static Identification of Program Behavior using Sequences of API Calls2016-04-11T00:00:00-04:002016-04-11T00:00:00-04:00Jeff Gennarihttps://www.sei.cmu.edu/blog/static-identification-of-program-behavior-using-sequences-of-api-calls/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesLearn how to statically characterize program behavior using API calls and how the SEI automated this reasoning with the malware analysis tool ApiAnalyzer.The SEI Technical Strategic Plan2015-08-24T00:00:00-04:002015-08-24T00:00:00-04:00Kevin Fallhttps://www.sei.cmu.edu/blog/the-sei-technical-strategic-plan/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post examines research undertaken by the SEI addressing key cybersecurity, software engineering, and related acquisition issues faced by DoD.The Pharos Framework: Binary Static Analysis of Object Oriented Code2015-08-18T00:00:00-04:002015-08-18T00:00:00-04:00Jeff Gennarihttps://www.sei.cmu.edu/blog/the-pharos-framework-binary-static-analysis-of-object-oriented-code/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post discusses tools developed by the SEI's CERT Division to support reverse engineering and malware analysis tasks on C++ programs.The 2014 Year in Review: Top 10 Blog Posts2014-12-22T00:00:00-05:002014-12-22T00:00:00-05:00Douglas Schmidthttps://www.sei.cmu.edu/blog/the-2014-year-in-review-top-10-blog-posts/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesDiscover the top 10 SEI Blog posts of 2014, and dive deeper into each area of research.