In this blog post we share some brief insights into the code produced three popular binary-to-llvm translators. We do so through an empirical comparison between the LLVM code created by the three different translators when matched with the same binary code samples. ...

In the last few years there has been a significant interest in code injection techniques from both attackers and defenders. These techniques enable the attacker to execute arbitrary code within the address space of some target process (which is why code injections are also called process injections often). The attacker uses code injections to improve stealth and evade anti-malware products, and sometimes even to achieve persistence. Attackers, both malware and red teamers, increasingly use these techniques to bypass anti-malware systems and endpoint protection systems in order to execute their payloads...

In the last decade there has been many improvements in fine-grained analysis techniques that focus on automating reverse engineering. The PANDA reverse engineering framework is particularly interesting in this context, as it is a mature framework that offers the foundation needed to develop fine-grained dynamic analysis tools, which has a large number of applications such as malware analysis, vulnerability discovery and root-cause analysis. In this blogpost series we will introduce the reader how to get started with the PANDA reverse engineering framework in order to create sophisticated dynamic program analysis tools....