SentinelOne & Intezer collaborate on decoding Rust malware

SentinelOne and Intezer have announced a collaborative initiative aimed at simplifying the reverse engineering of Rust malware. The project, known as 0xA11C, will provide a methodology and open-source tools designed to address the complexities associated with this newer programming language, which has gained popularity among cyber attackers.

The details of the initiative were presented at the Black Hat 2024 conference. "In malware analysis, the arrival of a new programming language introduces an entirely new set of challenges that obstruct our ability to quickly grasp the malicious intent of a threat actor," stated Juan Andrés Guerrero-Saade, the Associate Vice President of Research at SentinelLabs. He expressed that the difficulties with the current tooling make Rust practically impossible to reverse engineer, which has led many analysts to avoid researching Rust malware. He added, "Together with Intezer, we aim to change this."

SentinelLabs, the research arm of SentinelOne, previously tackled a similar challenge in 2021 with its AlphaGolang project, which addressed the rise of Go malware. By contextualising the underlying data, they found that Golang malware could sometimes be easier to reverse engineer than malware written in traditional languages. This successful approach serves as a foundation for their efforts with Rust.

Nicole Fishbein, a Security Researcher at Intezer, noted that Rust's popularity among engineers for features such as memory safety, aggressive compiler optimisations, and intricate types and traits has presented new challenges for cybersecurity experts. "The same features of Rust that engineers love, such as memory safety, aggressive compiler optimisations, borrowing, intricate types and traits, translate into a perplexing tangle of code that surpasses even C++ in the complexity of its abstractions," Fishbein stated. She believes that by drawing on insights from the AlphaGolang project, the security community can better understand the Rust malware ecosystem and equip reverse engineers with the necessary tools to confront it.

The initiative seeks to engage the broader security community by providing and promoting the use of the developed methodology and tools. By doing so, researchers hope to shed light on Rust malware before its impact becomes more substantial and more challenging to mitigate.

Details about Project 0xA11C, including how to contribute, will be accessible through SentinelOne's resources. This initiative underscores the ongoing efforts of SentinelOne and Intezer to address the evolving challenges within the cybersecurity landscape through collaborative research and innovative solutions.

SentinelLabs emphasises that the rapid progression of information security requires constant updates and reliable sources to counteract the high volume of partial information that can overshadow new discoveries. By creating an open venue for sharing findings, SentinelLabs aims to empower the cybersecurity community with the tools, context, and insights necessary for maintaining a safer digital environment.

Both SentinelOne and Intezer are recognised for their contributions to AI-powered cybersecurity solutions. SentinelOne's platform focuses on creating data-driven systems that autonomously evolve to stay ahead of threats. In contrast, Intezer specialises in autonomous security operations designed to handle incident investigations, triage decisions, and threat escalations without succumbing to the usual skill gaps and alert fatigue faced by human analysts.