Using NSA's Ghidra to automatically build out yara signatures for a binary's odd behaviors; I love it. Currently running it against a backdoored qbittorrent. Ghidra's server is able to automatically identify the subtle, hidden callbacks and exfiltration assembly. Then construct an efficient yara rule on the fly. Impressive. You should give it a try once you figure out how to trust running their software on your system. Not clear what is reverse engineering?