Dubai, United Arab Emirates - SentinelOne , a global leader in AI-powered security, and Intezer, a leader in AI-powered technology for autonomous security operations, have launched a project aimed at illuminating the blind spot surrounding Rust malware so that threat researchers can better understand and accurately characterize the complex malware ecosystem before it reaches critical mass and blindsides the industry. As part of the initiative, researchers from SentinelLabs and Intezer have teamed to develop a methodology to make reverse engineering Rust malware more approachable and engage the security community to create and release tools to tackle the problem head on. The project is known as 0xA11C.

“In malware analysis, the arrival of a new programming language introduces an entirely new set of challenges that obstruct our ability to quickly grasp the malicious intent of a threat actor,” said Juan Andrés Guerrero-Saade, AVP of Research, SentinelLabs. “With the current state of our tooling, Rust is practically impossible to reverse engineer, and as a result, many analysts are shying away from researching the Rust malware ecosystem. Together with Intezer, we aim to change this.”

In 2021, SentinelLabs researchers took a similar approach to address the rise of Go malware, developing a Go malware analysis methodology dubbed ‘AlphaGolang.’ Their efforts revealed that once underlying data is put back in its rightful context, reversing engineering Golang malware can often be easier than malware written with traditional programming languages.

“We've observed a similar trend with Rust malware,” said Nicole Fishbein, Security Researcher, Intezer. “The same features of Rust that engineers love, such as memory safety, aggressive compiler optimizations, borrowing, intricate types and traits, translate into a perplexing tangle of code that surpasses even C++ in the complexity of its abstractions. Drawing on insights derived from the development of AlphaGolang, we can gain additional clarity, into the true size of the Rust malware ecosystem and arm reverse engineers with tools to take it head on.”

To learn more about and contribute to Project OxA11C, visit www.sentinelone.com/labs

About SentinelLabs
InfoSec works on a rapid iterative cycle where new discoveries occur daily and authoritative sources are easily drowned in the noise of partial information. SentinelLabs is an open venue for our threat researchers and vetted contributors to reliably share their latest findings with a wider community of defenders. No sales pitches, no nonsense. We are hunters, reversers, exploit developers, and tinkerers shedding light on the world of malware, exploits, APTs, and cybercrime across all platforms. SentinelLabs embodies our commitment to sharing openly –providing tools, context, and insights to strengthen our collective mission of a safer digital life for all.

About SentinelOne
SentinelOne is  a leading AI-powered cybersecurity platform. Built on the first unified Data Lake, SentinelOne empowers the world to run securely by creating intelligent, data-driven systems that think for themselves, stay ahead of complexity and risk, and evolve on their own. Leading organizations—including Fortune 10, Fortune 500, and Global 2000 companies, as well as prominent governments—all trust SentinelOne to Secure Tomorrow™. Learn more at sentinelone.com.

About Intezer
Intezer is a leading provider of AI-powered technology for autonomous security operations. With a focus on innovation and quality, its Autonomous SOC Platform is designed to investigate incidents, make triage decisions, and escalate findings about serious threats like an expert Tier 1 SOC analyst (but without the burnout, skill gaps, and alert fatigue). For more information about Intezer for SIEM alert triage and how it can transform your security operations, please visit https://intezer.com/autonomous-soc-siem-triage-solution/.