Find out about Ghidra - NSA's powerful cybersecurity tool

Cyber ​​security is always an urgent issue, headache for network security professionals not only in every business, organization, but at the national level is even more difficult. As the organization responsible for the safety of US government communications channels - the world's most cyber-attacked nation, the NSA (US National Security Agency) is always the agency. First in research and development of large-scale security tools, plays a particularly important role in ensuring the overall safety situation of the country on cyberspace. Ghidra is such a tool. Rob Joyce, NSA's network security advisor, once called Ghidra a "great contribution to the US cyber security community." So what kind of tool is Ghidra really? How does it work and how does it contribute to network security? We will find out later.

Find out about Ghidra - NSA's powerful cybersecurity tool Picture 1

1. The cybersecurity tools that every business should know

Reverse engineering platform - Reverse engineering platform

First of all, it must be stated that Ghidra is not a tool designed to help you hack other devices. It is a reverse engineering platform - the RE (method of reverse engineering) - a method of extracting knowledge or design plans from anything (we will follow the aspect of product soft) that humans create. In this case, RE is used to compile (compile), deploy (implement) and translate recovery (decompile). In other words, Ghidra allows experts to convert sequences of numbers 1 and 0 into a format that we can read, and makes it easy to grasp some of the core information like the software is doing. What and how it works.

Find out about Ghidra - NSA's powerful cybersecurity tool Picture 2

1. Deep Learning - new cybersecurity tool?

RE is an extremely important process for malware analysts as well as cyber-threatening intelligence experts, serving as a bridge to help them work directly with the suspicious software, such as malware used to perform attacks, to understand how the software works, what specific functions it has, who wrote it, or it where. At the same time, RE is also an important method to allow supporters to check their code to find vulnerabilities and ensure the software works in accordance with the intended function. In summary, the application of RE in the field of network security and security covers the following main aspects:

1. Malware analysis: RE helps network security experts identify security vulnerabilities, as well as search, analyze and assess the level of vulnerability and potential damage of malicious programs or sections. Different malware if they are deployed successfully.
2. Determine the encryption algorithm: Basically, it is difficult for you to read the content information about a program by the encryption algorithms they use, and you can only 'process' encrypted when hold the decryption key (absolute success). The second option, you can try all possible scenarios when grasping the coding information (this approach usually does not bring high feasibility because it is almost exclusively applicable to single algorithms. simple). The third option, you can detect and analyze some of the algorithm's vulnerabilities to extract the necessary information, this is the time RE takes its role.
3. Testing and evaluating software programs: As mentioned above, RE helps analysts as well as checks software programs according to the 'black box' mechanism (black box).

Find out about Ghidra - NSA's powerful cybersecurity tool Picture 3

1. Endpoint Detection and Response threats, an emerging security technology

Ghidra becomes an open source tool

'By using RE, what you find can be wonders of art and science, and you'll find that everything has a solution. Ghidra is an RE tool originally built for internal use in the NSA network of engineers. "We dare not claim that Ghidra can replace all previous data research options, but this tool has really helped the NSA in solving complex and orange tasks. the best, 'said Rob Joyce.

It must be said that RE-related products have actually been around for a long time in the market, such as the famous IDA debugging and debugging. However, Dr Joyce said the NSA has also developed Ghidra for many years, taking into account the actual priorities and needs, thus turning it into a powerful and particularly useful tool. Even products like IDA are not free, while the NSA decided to turn Ghidra Open Source into the first free RE tool. Thus it can be affirmed that this is an extremely important contribution to the formation of the community of supporters of new generation network security solutions. Of course, like many other open source software, experts hope the community will join hands to discover errors as well as contribute ideas so that this tool becomes more and more complete. In addition, Joyce noted that the NSA considers the introduction of Ghidra an open recruitment strategy to facilitate the working environment for new employees entering NSA, or allowing authorized employers. Share your experiences without knowing this tool.

Find out about Ghidra - NSA's powerful cybersecurity tool Picture 4

1. McAfee expert explained how deepfake and AI are drilling through the cyber security wall

NSA recently announced the speech of cyber security adviser Rob Joyce, and said it had released Ghidra in early January. However, in fact, knowledge and information about this tool has been publicly available through the 'Vault 7' release of WikiLeaks in March 2017, which analyzes some of the hacked tools used by the CIA. use and constantly call Ghidra a reverse engineering tool created by NSA. Ghidra runs on Windows, MacOS and Linux and includes all the security components provided by researchers. But perhaps this program will focus more on tuning tools. It has also been developed to facilitate collaboration among different people involved in a RE project - the concept is not common on other platforms.

In addition, Ghidra also has a user interface and features to conduct an easy security investigation, significantly reducing complexity and saving time. In particular, the undo / redo mechanism is the most favorite feature of Rob Joyce, allowing users to test the theory of function of the analyzed code more flexibly. If the idea doesn't work as intended, you can easily go back to the previous few steps.

Over the years, NSA has developed many other open source code, such as Security-Enhanced Linux or Security-Enhanced Android. But Ghidra still seems to be the most directly related tool to the unpredictable situation of cyber security. Now available and free, Ghidra has the potential to be widely used and makes an important contribution to the solidity of digital space defense systems. Many argue that Ghidra's release as a free source will give hackers a chance to find a way to respond to the NSA itself. However, Dave Aitel, a veteran security researcher who once worked for NSA and is currently the director of the Cyxtera infrastructure security technology project, thinks this is not a worrying case. . The release of open source Ghidra will not be detrimental to the NSA.

Find out about Ghidra - NSA's powerful cybersecurity tool Picture 5

1. Supercomputers can completely detect cyber threats

In the speech about the release of the open source Ghidra tool, Rob Joyce stressed that no matter what happens next to this NSA's powerful RE tool, it is still a serious contribution to Network security community, and conspiracy theorists can be assured of this issue. 'There won't be any backdoor for Ghidra,' he said.