CrowdRE: Alpha++ Release

Blue

Since CrowdStrike released our free Crowdsourced Reverse Engineering (CrowdRE) service in June, the team has been hard at work building new features that we were very excited to unveil at Black Hat USA 2012.  The new features are a direct result of some of the great feedback that the community provided and we encourage more feedback on these new features.  In an effort to lead by example the CrowdStrike Intelligence Team has committed nearly all of our current annotations to CrowdRE, you can immediately benefit from our reverse engineering efforts.  We just created and posted the video below that demonstrates some of the latest features and how to set up the CrowdRE environment.

Mac/Linux Versions

When CrowdRE was released at REcon in June the immediate feedback was to provide a Linux and Mac versions of the plugin, Jason Geffner during the presentation surveyed the audience and it was a mixed result of what version to focus on. Since there was interest for Mac and Linux, we decided to release both versions!  To access the newest plugin visit http://crowd.re and you will see the following page:

Groups

The other feedback we received was that users did not want to share their annotations with everyone, and while CrowdRE was built to share reversing intelligence with as many people as possible, we understand that sometimes this data does need to be compartmentalized.  The group feature is a way to limit the distribution of your annotations to a limited subset of CrowdRE users.  This feature is simple to use and you may have seen the place holder for it in the CrowdRE UI over the last few weeks. The way this works is to:

  1. Create a group
  2. Add/invite friends to the group to share annotations with
  3. Crowd Reverse annotations with your group

CrowdRE users can create different groups for different projects and share annotations to those groups; this allows for example the formulation of working groups for particular malware families.  An example might be to create a Zeus working group, in this situation members of that group may share annotations exclusively amongst themselves from Zeus reverse engineering projects to ensure all participants have the latest analysis.  

Private Commits

CrowdStrike built CrowdRE to encourage sharing in the reverse engineering community, however we understand that sometimes the annotations or functions we are reversing are something that users do not wish to share.  As a result of lots of feedback about the usefulness of fuzzy hashing but the reluctance to share this sensitive data to the community, we are also introducing private commits in this version.  Private commits can be useful both for sharing annotations between different machines, or to take advantage of fuzzy hashing without publicizing what is being reversed.  Using private commits the user can keep annotated functions to themselves and not share them into the CrowdRE community.

Karma

The new release of CrowdRE also introduces what we have dubbed a ‘Karma’ rating.  Historically the problem with sharing in a community setting is that people will take without giving.  With this release of CrowdRE we set out to recognize those members of the community who are contributing the greatest and most usable annotations.  We chose Karma based on the concepts associated with Karma in eastern philosophies, typically deed or action – committing annotations is a good action in CrowdRE and quality annotations are even better.  As such users will build a Karma score based on their commits and as we progress as a community we will look at interesting ways to award and recognize high Karma scores.  Personally I was just unseated as the highest Karma score and I am working on some new annotations to reclaim the crown!

CrowdStrike would like to pay special thanks to Ilfak Guilfanov and his Hex-Rays team for all the support they provided to the CrowdRE team to help navigate some of the unique challenges of building a portable IDA Pro plugin.

Please provide feedback, we are still really excited about CrowdRE and looking to build in the features that the community requests.  We loved all the feedback we have received already and can’t wait to start working on new features!  Join the CrowdRE community here, and we look forward to sharing with you!  Please see this helpful video to get started with CrowdRE.

Adam Meyers

Adam Meyers has authored numerous papers for peer-reviewed industry venues and has received awards for his dedication to the information security industry. As Vice President of Intelligence for Crowdstrike, Meyers oversees all of CrowdStrike’s intelligence gathering and cyber-adversarial monitoring activities. Previously, Meyers was the Director of Cyber Security Intelligence with the National Products and Offerings Division of SRA International where he provided technical expertise at the tactical level and strategic guidance on overall security program objectives.

 

Stop Breaches with CrowdStrike Falcon request a live demo