Ghidra: NSA’s Refined Powerful Free Cyber Security Tool
Reviews, Tech

Ghidra: NSA’s Refined Powerful Free Cyber Security Tool 

Hacking and cyber security are ongoing problems, for individuals, corporate and governments. The National Security Agency develops advanced hacking tools for offensive and defensive use to fight against cyber terrorism.

On Tuesday, at the RSA security conference in San Francisco, NSA revealed its latest and most advanced hacking tool Ghidra, an internal tool that the company chose to open source. NSA cyber security adviser Rob Joyce said the NSA is offering the tool for everyone to use in the fight against cybersecurity. It is the NSA’s “contribution to the nation’s cybersecurity community”..

The NSA has made it clear that Ghidra is not a hacking tool. It is a reverse engineering platform, one that deploys software to compile and decompile. The software or reverse engineering process is able to transform the numbers 0 and 1 read by computers, back into humanly understandable logic and structure. 

Reverse engineering is vital for malware specialists and analysts to understand cyber attacks, how they work, what damages they can cause and to analyse and understand every part of them. Reverse engineering also means that an individual, company or government can defend itself from such attacks by checking their code for any weak links.

“If you’ve done software reverse engineering, what you’ve found out is it’s both art and science; there’s not a hard path from the beginning to the end,” Joyce said. “Ghidra is a software reverse-engineering tool built for our internal use at NSA. We’re not claiming that this is the one that’s going to be replacing everything out there—it’s not. But it helped us address some things in our workflow.”

IDA is a similar reverse engineering product available in the market, but it is not open source for users. NSA would like to train the new and rising community of cybersecurity defenders and are hoping to do this by making Ghidra available.

The tool doesn’t come as a surprise to those involved in cybersecurity. News of the tool came out in 2017, in the Wikileaks Vault 7 disclosure. Ghidra runs on macOS, Windows and Linux and is designed in such a way that many people can collaborate and work on the same reversing project, via one platform.

The refined tool is said to be easy to use and has user-interface touches and features. It has an undo/redo mechanism, allows users to try out different theories when they are analysing code and to go back when they need to.

However, not everyone is excited with the availability of Ghidra, Dave Aitel, an ex National Security Agency advisor, said “Malware analysts have seen this all before. There’s really no downside”.

Related posts