Here’s a kick in the head. Your tax dollars at work in a way that may save you a bunch of money. The National Security Agency has voluntarily released a software reverse engineering tool called Ghidra at the RSA security conference. The NSA has been using this tool internally to take apart and analyze malicious code, and to find vulnerabilities in commercial software applications. (What could that mean?)
The reason they released this tool to the public was to allow security researchers that they might someday hire an opportunity to learn and use the tool. The goal is to create a pool of talent that already is familiar with the product.
Ghidra is currently available from the NSA site, but will be available soon on Git-Hub as an open source software product.
Early users found it comparable to professional tool IDA-Pro. IDA-Pro is an expensive proprietary tool that costs several thousand dollars a year to license. Early reviews have been overwhelmingly positive. Some of the features include a decompiler that appears to work on virtually any software, and supports multiple binaries projects with version control. The package is slickly integrated, and even has UNDO capabilities.
If your career involves code analysis, software vulnerability testing, or other reverse engineering activities, you should probably check this out.
In a related story, the NSA also said they are getting out of the (illegal?) telephone call metadata collection business, pinky-swear!
Share
MAR
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com