Ghidra is here! - New NSA reverse engineering tool now available

[exile360]

Ghidra has arrived; and no, I don't mean the infamous three-headed monster (AKA "Monster Zero") that Godzilla has fought on many occasions; this Ghidra is a reverse engineering tool developed by the NSA, and its code has been made available to the public free of charge with source code to be made available soon (yes, it's going to be open source!).

While this may not be exciting news for most of us, threat researchers should be very interested in this new suite of tools as it could greatly aid their efforts in reverse-engineering malware to develop countermeasures and signatures (most RE tools tend to be rather expensive (i.e. not free) and closed-source).

You can read more about this exciting development here at BleepingComputer.

Just be aware that before you decide to give this new tool a try, that there has been a remote code execution vulnerability reported in the tool, but mitigation for this vulnerability is included in the article so be sure to mod the code in your favorite editor before you take it for a spin.

[Amaroq_Starwind]

I can't believe that the NSA would just open-source one of their tools.

[exile360]

8 hours ago, Amaroq_Starwind said:

I can't believe that the NSA would just open-source one of their tools.

I was dubious as well, but I suspect their reasoning for doing so is twofold; first, they probably already have something in-house that they have developed that is superior and renders Ghidrah obsolete; second, it's likely that given their no doubt massive workload just dealing with hack attempts from hostile governments, organized crime and independent blackhats and blackhat organizations (not to mention all the mass surveillance operations they're always managing; something I'm not a great fan of being an advocate for privacy), they probably figured it would be good to put a tool like this into the hands of the public/whitehats/malware researchers to help discover and mitigate vulnerabilities in the code of commonly used tools/applications/systems/devices etc. and to better stay on top of the rather devastating, run-of-the-mill threats like ransomware that always have the potential to bring any business or government systems/organizations to a screeching halt should they evade detection, and I suspect they have more important (to them at least) things to do with their time than spend all day analyzing malware to develop their own in-house AV signatures and detection/mitigation tools, so they pass this off to the public in the hopes that the off-the-shelf malware defense solutions they use will do a better job at keeping their networks secure.