THE NSA HAS RELEASED GHIDRA, an advanced cybersecurity tool to the open source world.
Unlike the tools previously nicked from the NSA, Ghidra is a more benevolent tool. It's designed to effectively reverse engineer so-called compiled and deployed code and then decompile it into logic that code-savvy humans can understand.
Such reverse engineering is a major part of the process of figuring out how malware and other malicious code works and then devise ways to defend against such threats out in the wild.
There's no shortage of reverse engineering tools in the cybersecurity world, but these often require researchers to shell out for them. By making Ghidra open source, the NSA is providing a tool its worked on for years for free.
As a result, Ghidra comes with a neat user interface and features that have thus far been well received by the security community. And with the open source community behind it, Ghidra could be packaged into other software to build upon its capabilities.
One might wonder why the NSA is being so generous, given it must still be a bit annoyed at having the tools it wanted to keep under wraps nicked from it. But the US agency seems to be feeling generous at the moment.
"We're doing this because we firmly believe Ghidra is a great addition to a net defender's toolbox. It will make the software reverse engineering process more efficient. It will help to level the playing field for cybersecurity professionals, especially those that are just starting out," the NSA said.
"We expect the tool will enhance cybersecurity education from capture-the-flag competitions, to school curriculums and cybersecurity training. Releasing Ghidra also benefits NSA because we will be able to hire folks who know the tool. When they're coming through our doors, they'll be able to be impactful faster."
Ah-ha, so the NSA does get some benefits from plonking its tool out in the wild; ain't no such thing as a free lunch.
But it's still offering cybersecurity researchers a capable tool that can be downloaded directly from the Ghidra official site or grabbed on GitHub through an open source licence, so we don't expect many will complain if the NSA comes calling for their talents. µ
Some deliberately, others through stupidity
Quite the business expense
It's another quantum leap camera
Evolution, not revolution, but that's just fine