You weren't able to make it to Las Vegas this year? Check out these ten short reviews of useful tools for threat intelligence researchers and threat hunters presented at Black Hat USA 2018:
Xori: Automated Disassembly
Malware disassembly can be quite tedious, even with a bells-and-whistles IDA Pro license. If only there was a way to automate all of it. That’s where Xori comes in.
Amanda Rousseau and Rich Seymour created a new automated disassembly platform that’s not only free, but fast. Reverse engineers often come across dozens of sample variants from the same family of malware. Having the ability to dissect all the assembly code and tell the results apart, automated and at a fast pace is something need in their arsenal of tools.
There are two modes in Xori, light and full emulation. Light emulation enumerates all the paths in CPU registers, the stack, and you’ll see some instructions. Full emulation follows the code’s path (shows