Ghidra is a free and open source reverse engineering tool developed by the NSA. The plugin reduces the burden on the analyst by accelerating the reverse engineering process and spotlighting the most relevant part of the disassembled code.
The plugin immediately filters out common functions, allowing the reverse engineer to focus on the file’s malicious and unique code. The plugin also detects similar functions or parts of a function which have been seen before in other malware.
When analyzing a Windows executable file and running the plugin, for example, the reverse engineer can immediately recognize if a function has been seen before in trusted code such as C library, or, if the function has appeared in an executable file that belongs to Lazarus.
Follow these two steps to get started:
- Make sure you have an Intezer Analyze community account. Register for free here
- Get the plugin from our GitHub repository
A few weeks ago we released the Intezer Analyze community IDA Pro plugin, which is similar to the Ghidra plugin. Both plugins provide the same benefit of accelerating the reverse engineering process. To get started, choose your preferred reverse engineering software and run our plugin!