Video: First Look at Ghidra (NSA Reverse Engineering Tool)

Today during RSA Conference, the National Security Agency release their much hyped Ghidra reverse engineering toolkit. Described as  “A software reverse engineering (SRE) suite of tools”, Ghidra sounded like some kind of disassembler framework.Prior to release, my expectation was something more than Binary Ninja, but lacking debugger integration. I figured the toolkit would be ideal for those interested in reversing, but who lack the funding for an IDA licence.

Obviously, there are going to be many conspiracies surrounding the released. I’ve already seen many unsubstantiated claims Ghidra is an NSA backdoor. My thoughts are that this tool is simply an investment in the future generation. By providing the tools & knowledge required to further people’s interest, you improve overall talent. More talent will lead to higher quality job applicants, potentially reducing the NSA’s skill shortage down the line; GCHQ has been using similar techniques for a while now.

Download Link: https://ghidra-sre.org/ghidra_9.0_PUBLIC_20190228.zip

Gallery

Malware Analysis
How Cerber’s Hash Factory Works

Recently I saw a story on SecurityWeek about how the Cerber ransomware morphs every 15 seconds (each download results in a file with a new hash), which I then tracked back to the source, this article by Invincea. The various news articles made some dubious claims which can be put down …

Malware Analysis
Let’s Analyze: Dridex (Part 3)

Sorry for the longer than expected delay, occasionally the Dridex group will take the servers offline during the weekend and resume normal operations on Monday; however, it appears they decided to take an extended break as the network went offline at some point a week ago, preventing me from fetching …

Malware Analysis
Let’s Analyze: Dridex (Part 2)

In the previous article we went over how to dump the names of the majority of functions dridex resolves dynamically to complicate analysis. Today we will be using some similar methods to get the other main piece of the puzzle (encrypted string). Encrypted Strings As we’ve already got a nice list …