SECURITY
SECURITY
SECURITY
NSA open-sources Ghidra, a tool for reverse-engineering malware
The annual RSA Conference in San Francisco draws thousands of cybersecurity experts from around the world, along with numerous corporate exhibitors that use the opportunity to spotlight their newest products. This year’s event, which kicked off on Wednesday, saw the National Security Agency join the chorus by open-sourcing an internal software analysis tool called Ghidra.
Ghidra provides a workbench for reverse engineering programs to expose their source code. Specifically, the system is geared toward security researchers whose work consists of analyzing newly discovered malware strands to understand how they propagate and who created them.
Ghidra boasts an expansive feature set. The system, which is made up of no less than 1.2 million lines of code, can run on Windows, Linux and macOS with support for more than a dozen processor architectures. This broad hardware compatibility enables researchers to analyze many different kinds of malware, including payloads targeted at specialized systems such as mainframes.
Another standout capability is Ghidra’s focus on collaboration. The system enables several researchers to work on a program at once, as well as share the results of their reverse-engineering efforts with one another directly though the native interface.
Particularly savvy security teams can customize Ghidra using plugins to adapt it to their specific workflows. The system provides a mechanism for creating extensions that, among other things, makes it possible to add compatibility with additional processor architectures beyond the ones supported out of the box.
Ghidra could emerge as a serious contender to the commercial reverse-engineering tools that currently dominate the market. The most popular product, an application called IDA Pro, costs thousands of dollars per license and doesn’t support as many processor types.
Ghidra is the latest in a series of internal technologies that the NSA has released as part of a long-running initiative known as the Technology Transfer Program. The agency’s previous open-source contributions include SELinux, a widely used Linux module that adds access control features to the operating system.
Photo: Wikimedia
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
