Skip to main content

GHIDRA




Well, well, isn't this one for the books: the NSA have released GHIDRA, their reverse engineering tool. Yes, you read that correctly, the NSA have released something. Not The Shadow Brokers or any other APT, it hasn't been leaked or nabbed and let into the wild, this is a deliberate sharing of technology by the Puzzle Palace. Not what you'd expect, is it?

Announced at this years RSA conference (already controversial this year as Adi Shamir, the 'S' in RSA, was unable to obtain a visa to attend), this reverse engineering tool seems primed to shake things up a bit, as many RE tools cost a fair bit of money. It also seems to be free of backdoors, and although one bug has been found, it can be remedied was reasonable ease.

I've not really done much RE myself, but with a powerful, military-grade tool such as this, it might be a whole lot easier to get into. I'll let you know more when I've had a chance to play around with it.

If you are interested, GHIDRA (gee-dra) can be found here: https://ghidra-sre.org/ and at the NSA GitHub.
Labels:

Comments

Post a Comment

Popular posts from this blog

The Alphabet Soup: A Quick Guide to Post-Nominals

This week, I’ll walk you through the ever-growing list of post-nominal letters you can add to your name through qualifications and certifications. Being a student myself, I’ll start with exploring the academic route, then go through the more popular, and best recognised, vendor and standards organisations’ certifications, highlighting their worth for your CV and career development. It’s not a comprehensive list, by any stretch of the imagination, and is geared towards a more general CyberSec professional, rather than focusing on any one aspect of the industry. I’ll try and shy away from too much debate by running away very quickly to avoid the one about CEH vs. OSCP, and leave it to you instead. *Disclaimer* I am a university student, and haven’t actually done any of the following certifications, at least not to completion. I have explored each in a reasonable amount of depth to see their benefits and worth and consulted with holders of a few to gain their insider opinions. I a...
Post a Comment
Read more

Multidisciplinarianism

Nice, long, big word there as a title. I'll shorten it for you: polymath. A person of wide knowledge or expertise. The desired human state. I have long been an advocate for something I call wide-spectrum literacy: competence in reading, writing, arithmetic, science, technology, politics, philosophy, economics, to say the least. I have what you could mildly call a vehement dislike of ignorance, particularly wilful ignorance: I find little to no excuse for it, especially in developed nations where access to technological marvels which act as gateways to endless learning and knowledge, most of it free, is commonplace to the point of being carried around in pockets. You can imagine, then, my sickening disgust at the state of the world, and the horror of facing an international society in which ignorance, bigotry, and mendacity don't just roam freely, but are actively pursued as if they were the highest virtues.  Now, I'm not going to lay the blame entirely at the feet of...
Post a Comment
Read more

Jumping the Pond: Making the sideways move into CyberSec

So far, a large portion of this blog has been dedicated to helping people begin their careers within the Cyber Security sector from the beginning, i.e. straight from college or university. This week, I’d like to explore the options for those looking to make the move from other career paths, specifically with an eye to those looking at managerial positions. If you are already coming from an IT background, this post might have one or two things you might find useful, but you’ll probably have access to other resources that might be better suited to your needs. I want to note here that while this will guide you through some of the options and a few certifications that will help move into CyberSec, some technical competency is a must. A good level of understanding of the technologies and principles underlying those technologies is unavoidable in this field, as you’ll see below. My suggestion would be to look at my earlier blogs and some looking around, as I won’t go into depth about t...
Post a Comment
Read more