UPDATED 14:33 EST / MARCH 07 2019

SECURITY

NSA open-sources Ghidra, a tool for reverse-engineering malware

The annual RSA Conference in San Francisco draws thousands of cybersecurity experts from around the world, along with numerous corporate exhibitors that use the opportunity to spotlight their newest products. This year’s event, which kicked off on Wednesday, saw the National Security Agency join the chorus by open-sourcing an internal software analysis tool called Ghidra.

Ghidra provides a workbench for reverse engineering programs to expose their source code. Specifically, the system is geared toward security researchers whose work consists of analyzing newly discovered malware strands to understand how they propagate and who created them.

Ghidra boasts an expansive feature set. The system, which is made up of no less than 1.2 million lines of code, can run on Windows, Linux and macOS with support for more than a dozen processor architectures. This broad hardware compatibility enables researchers to analyze many different kinds of malware, including payloads targeted at specialized systems such as mainframes.

Another standout capability is Ghidra’s focus on collaboration. The system enables several researchers to work on a program at once, as well as share the results of their reverse-engineering efforts with one another directly though the native interface.

Particularly savvy security teams can customize Ghidra using plugins to adapt it to their specific workflows. The system provides a mechanism for creating extensions that, among other things, makes it possible to add compatibility with additional processor architectures beyond the ones supported out of the box.

Ghidra could emerge as a serious contender to the commercial reverse-engineering tools that currently dominate the market. The most popular product, an application called IDA Pro, costs thousands of dollars per license and doesn’t support as many processor types.

Ghidra is the latest in a series of internal technologies that the NSA has released as part of a long-running initiative known as the Technology Transfer Program. The agency’s previous open-source contributions include SELinux, a widely used Linux module that adds access control features to the operating system.

Photo: Wikimedia

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU