Venture funded startup CrowdStrike has launched a new platform that will allow security researchers to work collaboratively to reverse engineer and analyze malicious code.
The new platform, CrowdRE, was designed to resemble conventional software version control systems, with features that allow security researchers to work independently on a single piece of malicious software, then share their work.
CrowdRE is being offered as a free cloud service for the reverse engineering community and integrates with IDA Pro, the leading software disassembler and reverse engineering platform, as well as the Hex-Rays binary analysis tool. Google is also integrating the CrowdRE platform with its Bin Navi binary analysis tool, acquired with Zynamics in March, 2011.
Malware analysis involves reverse engineering – or taking apart – malicious programs in order to see how they work. It has, historically, been a solitary practice undertaken by security researchers working alone or in small teams. Malware authors often reuse snippets of code when building a new piece of malicious software, which makes the job of analyzing applications easier. Over time, however, malware authors have found ways to make the job harder: developing features to thwart dis-assemblers like IDA Pro and using code obfuscation to make it difficult to understand the operation of the resulting source code. CrowdRE is looking to leverage a global community of private and volunteer security experts to speed the process along.
It isn’t the first attempt at collaborative reverse engineering. Notably: the collabREate plug-in for IDA Pro allows groups of researchers using IDA Pro to work on the same binary: sharing event notifications and allowing developers to review snapshots of code updates. Zynamics’ BinCrowd was another effort to do crowdsourced binary analysis: offering a central repository of reverse engineered code and allowing reverse engineers to share it with members of a team and compare snippets of reverse engineered files with known functions from previous projects.
CrowdStrike said it will introduce the CrowdRE platform at Black Hat and has plans to continue developing the platform, including the addition of social ratings for source code commits and granular access control lists for projects, according to a presentation on the platform that was published online.
Correction: an earlier version of this story incorrectly referred to the company offering CrowdRE as CloudStrike. The story has been updated to use the correct company name. – PFR 7/7/2012