Today, at RSA security conference, NSA has released a free software reverse engineering tool named 'Ghidra'. This tool is mainly for software engineers but can also be used for malware analysis.
Ghidra is now available for download from its website, and further details about the tool can be found on its Wiki Page or on GitHub.
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, Mac OS, and Linux.Ghidra is coded in Java, has a graphical user interface (GUI), and works on Windows, Mac, and Linux. NSA also plans to release its source code under an open source license on GitHub in the coming future.
Intro to Ghidra
Here is the video demonstration of Ghidra which also explains its installation and features.
After some minutes of releasing the tool, all people form security domain started checking it. One user going with the twitter handle @hackerfantastic claims that he had found a security issue on Ghidra.
Ghidra opens up JDWP in debug mode listening on port 18001, you can use it to execute code remotely 🤦♂️.. to fix change line 150 of support/launch.sh from * to 127.0.0.1 https://t.co/J3E8q5edC7— Hacker Fantastic (@hackerfantastic) March 6, 2019
Here's another video from security researcher Marcus 'MalwareTech' taking the first look at Ghidra and its features.