Introducing CERT Kaiju: Malware Analysis Tools for Ghidra

Since the National Security Agency publicly released the software reverse engineering (SRE) tool suite, we have been working to integrate Ghidra into our Pharos malware analysis tool. Ghidra provides many useful reverse engineering services including disassembly, function partitioning, decompilation, and various other types of program analyses. As this post details, we have been developing a new suite of tools, known as Kaiju, for malware analysis and reverse engineering to take advantage of Ghidra’s capabilities and interface. Ghidra provides a compelling environment for reverse engineering tools that are relatively easy to use during malware analysis. The tools included with Kaiju give malware analysts many advantages as they are faced with increasingly diverse and complex malware threats.