NSA Releases Ghidra The Cybersecurity Reverse Engineering Toolkit
In a surprise move at the RSA security convention, the National Security Agency announced the release of Ghidra, a free open source free software engineering toolkit. NSA has been using Ghidra for years, and it is not clear if the public release is different or the same version that is used by the NSA.
So, why release like to the public? NSA director Rob Joyce said “he hopes it will lead to better research in software security. He also assured attendees that there is nothing sinister going on, and specifically said Ghidra does not contain a backdoor.” He was trying to say that it is not to encourage black hat hacking.
“There is no backdoor in Ghidra. This is the last community you want to release something out to with a backdoor installed, to people who hunt for this stuff to tear apart,” Joyce said, according to The Register.
This was a clear message though it was understood and makes sense when you have people out there being skeptical of the NSA’s intentions. The world has seen how a few years ago one of the NSA contractor Edward Snowden blew the whistle on the organization’s PRISM program and revealed how it spies on people. In addition, Wikileaks has made available numerous documents of the tools the NSA uses, a collection that is known as Vault 7.
It is important to note that Ghidra is not itself a hacking tool, but a reverse engineering platform, which allows users to decompile software. This is helpful when it comes to evaluating malware and other cybersecurity intelligence research, such as know the capabilities of a malware sample and from where it originated.
“Ghidra is a software reverse engineering tool built for our internal use at NSA. We’re not claiming that this is the one that’s going to be replacing everything out there—it’s not. But it helped us address some things in our workflow.”If you’ve done software reverse engineering what you’ve found out is it’s both art and science, there’s not a hard path from the beginning to the end,” Joyce said.
Ghidra is made available through a dedicated website. The NSA has It is also planning to dump the source code on GitHub and has set up a placeholder on the open source repository.
Cybersecurity: What We Think We Know Is Too Little