BlackBerry launches free tool for reverse engineering to fight cybersecurity attacks

One of the first announcements at BlackHat USA 2020 is an open-source tool to fight malware that BlackBerry first used internally and is now making available to everyone.

Malware Detected Warning Screen

Image: iStockphoto/solarseven

At BlackHat USA 2020, BlackBerry announced on Monday that its open-source internal tool PE Tree is now available for all security professionals to use for reverse engineering malware. 

This tool allows reverse engineers to view Portable Executable (PE) files in a tree view using pefile and PyQt5. This makes it easier to dump and reconstruct malware from memory while providing an open-source PE viewer code-base. The tool integrates with Hex-Rays' IDA Pro decompiler to allow for easy navigation of PE structures, as well as dumping in-memory PE files and performing import reconstruction. 

SEE: Black Hat 2020: Cybersecurity trends, tools, and threats (free PDF) (TechRepublic)

PE Tree was developed in Python and supports the Windows, Linux, and Mac operating systems. It can be installed and run as a standalone application or an IDAPython plugin, allowing users to examine any executable Windows file and see what its composition is. 

Eric Milam, vice president of research operations for BlackBerry, said in a press release, "As cybercriminals up their game, the cybersecurity community needs new tools in their arsenal to defend and protect organizations and people. We've created this solution to help the cybersecurity community in this fight, where there are now more than one billion pieces of malware with that number continuing to grow by upwards of 100 million pieces each year."

SEE: SSL Certificate Best Practices Policy (TechRepublic Premium)

Reverse engineers use several tools to deconstruct malware, including disassemblers, debuggers, PE viewers, and network analyzers.  

Later this week at  Black Hat USA 2020, Kevin Livelli, BlackBerry's director of threat intelligence, will be presenting on Decade of the RATs on August 5 at 11-11:40 am PT. BlackBerry will also be presenting a sponsored webinar about its partnership with Intel to stop cryptojacking malware, and this session will drill down into BlackBerry Optics AI-based EDR technology for Linux.

Also see

By Veronica Combs

Veronica Combs is a senior writer at TechRepublic. For more than 10 years, she has covered technology, healthcare, and business strategy. In addition to her writing and editing expertise, she has managed small and large teams at startups and establis...