logo
allArticlesConferencesPresentations

Ghidra - Journey from Classified NSA Tool to Open Source

Conference:  BlackHat USA 2019

2019-08-08

Summary

Ghidorah is a project-based cybersecurity framework that combines scaling, teaming, and extendibility into one environment. It includes features such as project creation, listing view, function graph, D compiler, and script manager.
  • Ghidorah is a project-based cybersecurity framework that combines scaling, teaming, and extendibility into one environment
  • It includes features such as project creation, listing view, function graph, D compiler, and script manager
  • The listing view is where annotation and mark up of the binary takes place
  • The function graph breaks up the binary by control flow and is organized by dominance
  • The D compiler works on any architecture that is supported by the slay processor definition
  • The script manager includes examples of how to customize the framework
Ghidorah was created to solve the issues of scaling and teaming in cybersecurity. It brings together three key features into one framework, which are scaling, teaming, and extendibility. The project-based approach allows for multiple binaries to be brought into one project, and the listing view is where annotation and mark up of the binary takes place. The function graph breaks up the binary by control flow and is organized by dominance. The D compiler works on any architecture that is supported by the slay processor definition, and the script manager includes examples of how to customize the framework.

Abstract

This year was a momentous one for the National Security Agency (NSA) as we released our game-changing software reverse engineering (SRE) framework to the open source community: Ghidra. This was a long and arduous process and we want to give Black Hat attendees a chance to hear from two of our experts on how we developed Ghidra, what the tool does, and the process to release it to the public. We will also share some of the insight into what it is like for NSA researchers to interact with the dynamic nature of an open source tool… and the social media attention that it attracts.
Materials:
Tags:

Post a comment

Related work

Beyond the Lulz: Black-Hat Trolling, White-Hat Trolling, Attacking and Defending Our Attention Landscape

Conference:  Defcon 26
Authors:
2018-08-01

Decisions and Revisions - The Ever Evolving Face of the Black Hat NOC

Conference:  BlackHat EU 2019
Authors:
2019-12-05

Decisions and Revisions - The Ever Evolving Face of the Black Hat NOC

Conference:  BlackHat EU 2018
Authors:
2018-12-06

FPs are Cheap. Show me the CVEs!

Conference:  BlackHat EU 2020
Authors:
2020-12-09

What We've Learned from Scanning 10K+ Kubernetes Clusters

Conference:  Global AppSec Dublin 2023
Authors: Ben Hirschberg
2023-02-16

Finding Xori: Malware Analysis Triage with Automated Disassembly

Conference:  BlackHat USA 2018
Authors:
2018-08-08