National Security Agency (NSA) advisor Rob Joyce demonstrated at the RSA conference, Ghidra, an internal NSA software reverse engineering (SRE) suite of tools that it has chosen to open source.
Ghidra is designed to take “compiled,” deployed software and “decompile” it, namely turning binary code into human-readable structure.
Reverse engineering is an important tool for security and malware researchers because it allows them to work backward from software they discover in the wild.
Joyce said that the NSA has been developing Ghidra for years, with its own real-world priorities and needs in mind.
The tool was already known to the security community via WikiLeaks’ March 2017 “Vault 7” disclosure, but Joyce’s release of Ghidra is the first time the code became public.
NSA has made the Ghidra toolkit available to researchers in a free download.