Carbon Black TAU unveils binary emulator Binee for Malware Researchers

	
The open source emulator is specifically designed for Malware Researchers
	
The product, also known as “Binee”, was unveiled at DEF CON 27 in Las Vegas


Carbon Black, a cybersecurity company based in Waltham, Massachusetts, reportedly announced the unveiling of “Binee”, a binary emulator that links the gap between dynamic and static real-world malware analysis. Binee supports researchers to retrieve run-time data out of binaries for a speed, cost and scale earlier only possible through static analysis tools.

Researchers at Carbon Black Threat Analysis Unit (TAU), John Holowczak and Kyle Gwinnup told about the tool with name being an abbreviation for “Binary Emulation Environment,” at their seminar “Next Generation Process Emulation with Binee” during DEF CON 27 on 10th August.

Malware detection by standard static analysis is getting difficult & researchers are turning towards dynamic analysis techniques for understanding the malware’s behavior they are studying. However, dynamic analysis is time-consuming and costly, so a very small portion could be assessed like this. Binee bridges this gap by using mock process emulation by providing runtime analysis at the cost and speed of static analysis.

The capability to emulate ×86 as well as other architectures has been around from a long time – malware analysts have many tools already available at public domain. A lot of tools are short of entire emulation, by system calls not getting implemented into emulator or by doing strange things while emulation of library functions or by halting.

Company has developed this tool keeping in mind two main use cases, first for malware analysts who require custom operating system & framework without dealing with the overhead of spinning number of virtual machine configurations, and second, for extracting data at scale with a speed and cost same as that of commonly-used static analysis tools.

Binee can be utilized as a crucial part for malware analysis funnel – enabling security professionals to analyze and identify malware’s behavioral attributes. This eventually would open huge data set for machine learning and behavioral analysis that would enhance detection capabilities.

Credit Source:

https://www.globenewswire.com/news-release/2019/08/10/1900195/0/en/Carbon-Black-Threat-Analysis-Unit-TAU-Launches-Binee-an-Open-Source-Binary-Emulator-for-Malware-Researchers-at-DEF-CON-27.html