GHIDRA

Hey, everyone NSA recently announced the release of a new open source reverse engineering tool called GHIDRA. When the comparison was made with already established tools like IDA Pro, Radare2 etc, GHIDRA stands out as the favourite. I would like to get a comprehensive analysis from anyone who has access to it before and how it is better.

3zCulprit

Comments

  • edited April 20

    @3zculprit said:
    Hey, everyone NSA recently announced the release of a new open source reverse engineering tool called GHIDRA. When the comparison was made with already established tools like IDA Pro, Radare2 etc, GHIDRA stands out as the favourite. I would like to get a comprehensive analysis from anyone who has access to it before and how it is better.

    . . . NSA . . .

    Nahhh. Not even curious. Not worth it.

  • edited April 21

    Well here is my 2 sense.

    IT was released and was found to be vulnerable to at least 1 major flaw out the gate.

    https://threatpost.com/nsa-ghidra-bug-rce/142937/

    One needs to ask themselves did they mean to do that
    ٩(๏̯͡๏)ゞ?

    IF you wish I or anyone here can probably explain to you a little about what they mean about stealing SMB hashes via XXE attacks and what have You or at least point you to the correct places for research. They may also be able to crack Your password if they grab it, as well as use the hash if you use something like outlook or something like that or office 365 they may be able to use tools like mailsniper or ruler to get a shell on the network by just grabbing a users hash so the implications of them hoping to get this on an adversary computer is pretty big to me. But hey I am no conspiracy theorist but how does the reverse engineering hacker group not know to have proper XML parser or know that could be attacked that's like medium level challenge here does that mean some of us are better than them or are we expected to think this was an accident.

    Either way keep your PC safe write your own stuff or use something safe. like the others You mentioned.

  • How to use Ghidra problem free:
    1. Download .exe
    2. Turn off internet
    3. Do the shit you want to do
    4. Uninstall

    !!!!!!!

    Fear no more of NSA spying.

Sign In to comment.