Wednesday, May 7, 2025
Homecyber securityGhidra 11.3 Released – A Major Update to NSA’s Open-Source Tool

Ghidra 11.3 Released – A Major Update to NSA’s Open-Source Tool

Published on

SIEM as a Service

Follow Us on Google News

The National Security Agency (NSA) has officially released Ghidra 11.3, the latest iteration of its open-source software reverse engineering (SRE) framework.

Known for its robust capabilities in analyzing compiled code across multiple platforms, including Windows, macOS, and Linux, this release introduces significant enhancements aimed at improving performance and usability for cybersecurity professionals.

One of the most notable updates is the enhanced debugging functionality.

- Advertisement - Google News

Ghidra 11.3 now supports macOS kernel debugging via LLDB and Windows kernel debugging in virtual machines using eXDI.

The outdated “IN-VM” connectors have been replaced with the more efficient TraceRMI-based implementation, streamlining debugging across diverse environments.

Additionally, a new Just-in-Time (JIT) p-code emulator has been introduced, delivering accelerated emulation performance for scripting and plugin development.

Integration with Modern Development Tools

Another major highlight of this release is its integration with Visual Studio Code (VS Code), offering users a modern alternative to Eclipse for development tasks.

With this update, users can create module projects or edit scripts directly within VS Code, benefiting from advanced features like autocomplete and navigation.

This integration simplifies the workflow for developers building custom plugins or analyzers for Ghidra.

Ghidra 11.3 also introduces improved visualization tools, including new “Flow Chart” layouts in the function graph interface.

These layouts enhance code block organization and readability, making it easier for analysts to navigate complex functions.

Expanded Functionality and Scripting Enhancements

The update brings several new features tailored to streamline reverse engineering tasks.

A LibreTranslate plugin enables offline string translation of binary data, while a new search feature allows users to query decompiled text across all functions in a binary.

Furthermore, the PyGhidra library is now fully integrated into the framework, providing native CPython 3 access to Ghidra’s API and significantly expanding scripting capabilities.

Processor support has also been enhanced with updates for x86 AVX-512 instructions, ARM VFPv2 disassembly, and Golang 1.23 binaries.

These improvements ensure compatibility with a broader range of architectures and programming languages.

Ghidra 11.3 maintains backward compatibility with project data from earlier versions but introduces features that are not compatible with older releases of the software.

To use the debugger or perform source builds, users must install Java Development Kit (JDK) 21 (64-bit) and Python 3 (versions 3.9–3.13).

The National Security Agency (NSA) release addresses numerous bugs, including issues with recursive structures in the decompiler and breakpoint toggling in LLDB.

Documentation has also been modernized to Markdown format for easier navigation.

With these advancements, Ghidra 11.3 continues to solidify its position as an indispensable tool for reverse engineering and cybersecurity analysis worldwide.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Researchers Simulate DPRK’s Largest Cryptocurrency Heist Through Compromised macOS Developer and AWS Pivoting

Security researchers at Elastic have recreated the intricate details of the February 21, 2025,...

Lampion Banking Malware Uses ClickFix Lures to Steal Banking Credentials

Unit 42 researchers at Palo Alto Networks, a highly targeted malicious campaign orchestrated by...

DragonForce: Emerging Hybrid Cyber Threat in the 2025 Ransomware Landscape

DragonForce has swiftly risen as a formidable player in 2025, embodying a hybrid threat...

Mirai Botnet Actively Targeting GeoVision IoT Devices for Command Injection Exploits

The Akamai Security Intelligence and Response Team (SIRT) has identified active exploitation of command...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Researchers Simulate DPRK’s Largest Cryptocurrency Heist Through Compromised macOS Developer and AWS Pivoting

Security researchers at Elastic have recreated the intricate details of the February 21, 2025,...

Lampion Banking Malware Uses ClickFix Lures to Steal Banking Credentials

Unit 42 researchers at Palo Alto Networks, a highly targeted malicious campaign orchestrated by...

DragonForce: Emerging Hybrid Cyber Threat in the 2025 Ransomware Landscape

DragonForce has swiftly risen as a formidable player in 2025, embodying a hybrid threat...