NSA's Free Malware Research Tool Gains Traction, 6 Months On (axios.com) 18

Posted by msmash on Friday August 09, 2019 @04:30PM from the marching-along dept.

In March the National Security Agency released an internal malware research tool for free to the public, a first for the secretive agency. Six months later, by most indications, the release is an even bigger event than the NSA thought. From a report: Some aspects of researching malware have long required expensive software. The release of Ghidra, the NSA tool, has profoundly changed the field, opening it up to students, part-timers and hobbyists who otherwise couldn't afford to participate. It's been a good six months for Ghidra. The software has been downloaded more than 500,000 times from GitHub. "We had a bet on how many downloads it would be," Brian Knighton, senior researcher at the NSA, told Axios. "We were off by quite a factor."

Ghidra also netted the NSA two nominations for "Pwnie" awards at the typically NSA-adverse DEF CON hacker conference this week. The NSA was also pleasantly surprised with the number of outside developers modifying code and creating new features for the now open-source program. The toolkit is popular enough that the NSA now offers touring classes on Ghidra for colleges and universities.

NSA's Free Malware Research Tool Gains Traction, 6 Months On

This discussion has been archived. No new comments can be posted.

Load All Comments

Search 18 Comments Log In/Create an Account

Comments Filter:

- Re: Translation: (Score:2)
  
  by Zero__Kelvin ( 151819 ) writes:
  
  Right, because if the NSA wanted to do that they wouldn't create an alias github account that couldn't be tracked to them. They would want to release it under the NSA name to be sure it would be scrutinized, and we can be sure none of those downloads were done by security professionals doing exactly that. They would also want the fact that they did release a trojan to github to be easily and irrefutably tied to them. You are the idiot here I'm afraid.
Not surprising its become so popular (Score:4, Informative)

by jonwil ( 467024 ) writes: on Friday August 09, 2019 @04:55PM (#59071934)

Its not surprising it became so popular given how powerful it is and how great it is as an alternative to spending thousands of dollars on IDA Pro and the HexRays decompiler suite.

- - Re: (Score:3)
    
    by Bite The Pillow ( 3087109 ) writes:
    
    Decompilation is really well done, it does a better job than IDA pro at identifying function names (mine is pretty old and doesn't recognize variable length noop instructions). It's basically feature equivalent to IDA, which is expensive. Note "basically" and "equivalent" do not mean feature parity.
    But others can add to it, and I expect it to be better than IDA soon. I use both side by side, ghidra to supplement IDA. I'm pretty sure it is Java, which essentially gives you the source code if you're paranoid
- Re: (Score:1)
  
  by Khyber ( 864651 ) writes:
  
  I'm sure the paranoid are downloading from a library or some unsecured wifi point.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

NSA's Free Malware Research Tool Gains Traction, 6 Months On (axios.com) 18

NSA's Free Malware Research Tool Gains Traction, 6 Months On More Login

NSA's Free Malware Research Tool Gains Traction, 6 Months On

Re: Translation: (Score:2)

Not surprising its become so popular (Score:4, Informative)

Re: (Score:3)

Re: (Score:1)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot