Domain Registration

BlackBerry releases new security tool for reverse-engineering PE files

  • August 03, 2020
PE Tree


Image: BlackBerry

TechRepublic


Cheat sheet: TensorFlow, an open source software library for machine learning


Cheat sheet: TensorFlow, an open source software library for machine learning

Read More

Today, at the Black Hat USA 2020 security conference, BlackBerry released a new tool for the cyber-security community.

Named PE Tree, this is a new Python-based app for Linux, Mac, and Windows that can be used to reverse-engineer and analyze the internal structure of Portable Executable (PE) files — a common file that malware authors have used to hide malicious payloads.

The tool has been open-sourced on GitHub since last week, but today marks its official release.

“Reverse engineering of malware is an extremely time- and labor-intensive process, which can involve hours of disassembling and sometimes deconstructing a software program,” the company said in a press release today.

“The BlackBerry Research and Intelligence team initially developed this open source tool for internal use and is now making it available to the malware reverse engineering community,” it added.

According to BlackBerry, PE Tree’s benefits include:

  • Listing PE file content in an easy-to-navigate tree view
  • Integration with the IDA Pro decompiler (easy navigation of PE structures, dumping in-memory PE files, performing import reconstruction)
  • VirusTotal search integration
  • Can send data to CyberChef
  • Can run as either a standalone application or an IDAPython plugin
  • Open source license allows community contributions

The tool is an alternative to PE-bear, a similar app developed by Malwarebytes malware analyst Aleksandra “Hasherezade” Doniec.

Cyber-security vendors embracing the open-source space

PE Tree also marks the release of yet another useful cyber-security tool into the open source space. This is a major change in approach for cyber-security firms, which have historically kept their internal tools out of the public eye, or closed-source and under expensive commercial licenses.

Over the past two years, we’ve seen:



















Article source: https://www.zdnet.com/article/blackberry-releases-new-security-tool-for-reverse-engineering-pe-files/#ftag=RSSbaffb68

Related News

%d bloggers like this: