Collaborate Disseminate
In this blog series, I will be putting the spotlight on useful Ghidra features that you may have missed. Each post will look at a different feature and show how it helps you save time and be more effective while reverse engineering. Ghidra is an incred… Continue reading Ghidra 101: Cursor Text Highlighting
Running the IoT Hack Lab at SecTor has been a highlight of my year since 2015. Although we won’t be back this year to fill our corner of the MTCC, I’m happy to be teaching A Beginner’s Guide to Reversing with Ghidra as part of the SecTor 2020 virtual c… Continue reading Learn Ghidra From Home at SecTor 2020
Amateur radio operators have always been at the top of their game when they’ve been hacking radios. A ham license gives you permission to open up a radio and modify it, or even to build a radio from scratch. True, as technology has advanced the opportunities for old school radio …read more
Continue reading High-End Ham Radio Gives Up Its Firmware Secrets
The National Security Agency’s open source reverse engineering tool, Ghidra, is impacted by a vulnerability, but security experts — including those at the NSA familiar with Ghidra — tell CyberScoop it would be pretty difficult to be attacked via the vulnerability if you know how to reverse engineer malware. The vulnerability, CVE-2019-16941, would allow hackers to compromise exposed systems when Ghidra’s experimental mode is running, according to the bug announcement from the National Institute of Standards and Technology. In theory, this vulnerability would allow arbitrary code to be executed against a Ghidra user if a malicious XML document — a plain text file often used to store data — is introduced. But that introduction is unlikely to happen because running these kinds of files through Ghidra would be pretty unusual, researchers told CyberScoop. “These files are not normally shared among users and not normally part of the distribution,” the NSA […]
The post NSA’s reverse engineering tool Ghidra impacted by a bug — but there’s no need to panic appeared first on CyberScoop.
Flaw in National Security Agency’s Ghidra reverse-engineering tools allows hackers to execute code in vulnerable systems. Continue reading New Bug Found in NSA’s Ghidra Tool
A years-long project from researchers at the National Security Agency that could better protect machines from firmware attacks will soon be available to the public, the lead NSA researcher on the project tells CyberScoop. The project will increase security in machines essentially by placing a machine’s firmware in a container to isolate it from would-be attackers. A layer of protection is being added to the System Management Interrupt (SMI) handler — code that allows a machine to make adjustments on the hardware level — as part of the open source firmware platform Coreboot. Eugene Myers, who works in the National Security Agency’s Trusted Systems Research Group, told CyberScoop that the end product — known as an SMI Transfer Monitor with protected execution (STM-PE) — will work with x86 processors that run Coreboot. Attackers are increasingly targeting firmware in order to run malicious attacks. Just last year, the first-ever documented UEFI rootkit was deployed in the wild, according […]
The post How an NSA researcher plans to allow everyone to guard against firmware attacks appeared first on CyberScoop.
Continue reading How an NSA researcher plans to allow everyone to guard against firmware attacks
Just five months ago at the RSA conference, the NSA released Ghidra, a piece of open source software for reverse-engineering malware. It was an unusual move for the spy agency, and it’s sticking to its plan for regular updates — including some based on requests from the public. In the coming months, Ghidra will get support for Android binaries, according to Brian Knighton, a senior researcher for the NSA, and Chris Delikat, a cyber team lead in its Research Directorate, who previewed details of the upcoming release with CyberScoop. Knighton and Delikat are discussing their plans at a session of the Black Hat security conference in Las Vegas Thursday. Before the Android support arrives, a version 9.1 will include new features intended to save time for users and boost accuracy in reverse-engineering malware — enhancements that will come from features such as processor modules, new support for system calls and the ability to conduct additional editing, known as sleigh editing, in the Eclipse […]
The post NSA’s reverse-engineering malware tool, Ghidra, to get new features to save time, boost accuracy appeared first on CyberScoop.
Let’s get caught up on computer security news! The big news is Shadowhammer — The Asus Live Update Utility prompted users to download an update that lacked any description or changelog. People thought it was odd, but the update was properly signed by Asus, and antivirus scans reported it as …read more
Continue reading Shadowhammer, WPA3, and Alexa is Listening: This Week in Computer Security
When Pano Logic went out of business in 2012, their line of unique FPGA-based thin clients suddenly became a burden that IT departments didn’t want anything to do with. New and used units flooded the second-hand market, and for a while you could pick these interesting gadgets up for not …read more
White hat hacker reverse engineers financial apps and finds a treasure trove of security issues. Continue reading Financial Apps are Ripe for Exploit via Reverse Engineering