Workshop: Offensive Security Tool Development with Ghidra

JOHN MCINTOSH

Abstract

Unlock the power of automated reverse engineering with Ghidra’s command line tools in this hands-on workshop. Designed for developers and security analysts, this session will guide you through the process of setting up a productive development environment using the Ghidra Python VSCode Devcontainer Skeleton. You’ll learn how to automate tasks, script analyses, and integrate Ghidra’s powerful decompilation and disassembly features into your workflow, all from the command line.

REGISTER NOW

Workshop Outline

I. Introduction

  • Overview of Ghidra and its capabilities
  • Importance of command line tools in reverse engineering
  • Introduction to the Ghidra Python VSCode Devcontainer Skeleton

II. Setting Up the Environment

  • Cloning the repository and exploring its structure
  • Setting up VSCode and the devcontainer for Ghidra scripting
  • Understanding the Ghidra headless analyzer

III. Basic Ghidra Command Line Operations

  • Navigating Ghidra’s command line interface
  • Importing and analyzing a binary
  • Learning the various ways to script Ghidra in Python
  • Learning the best way

IV. Scripting with Ghidra

  • Writing basic scripts to automate tasks in Ghidra
  • Utilizing the Ghidra API for advanced scripting
  • Debugging and optimizing scripts
  • Hands-on challenge: Write a script to automate a call graph analysis

V. Advanced Techniques

  • Integrating external tools and libraries with Ghidra scripts
  • Customizing the devcontainer for specific use cases

VI. Q&A and Practical Session

  • Open floor for participant questions

BOOTSTRAP25's Workshop rooms

John's BOOTSTRAP25 Trainings

All trainings come with complimentary access to our BOOTSTRAP25 event! Book a virtual or in-person training and get a taste of the others at BOOTSTRAP25!

Patch Diffing In The Dark: Reverse Engineering Modern CVEs
This course teaches patch diffing to analyze real-world Windows and Android vulnerabilities. Students use open-source tools like Ghidra to reverse engineer recent CVEs, gaining the skills and confidence to discover complex vulnerabilities with tools they already have.
Ringzer0Ringzer0

In-Person Training | March 18-21

Everyday Ghidra: Practical Windows Reverse Engineering
A comprehensive guide to using Ghidra, covering fundamental operations to advanced techniques, with hands-on exercises on real-world Windows applications.
Ringzer0Ringzer0

Virtual Training | March 9-15

REGISTER NOW

John McIntosh

John McIntosh @clearbluejar, is a security researcher at Clearseclabs. His area of expertise lies within reverse engineering and offensive security, where he demonstrates proficiency in binary analysis, patch diffing, and vulnerability discovery. Notably, John has developed multiple open-source security tools for vulnerability research, all of which are accessible on his GitHub page.

Additionally, his website, https://clearbluejar.github.io/, features detailed write-ups on reversing recent CVEs and building RE tooling with Ghidra. Boasting over a decade of experience in offensive security, John is a distinguished presenter and educator at prominent security conferences internationally. He maintains a fervent commitment to sharing his latest research, acquiring fresh perspectives on binary analysis, and engaging in collaborative efforts with fellow security enthusiasts.

REGISTER NOW
Great! Next, complete checkout for full access to Ringzer0
Welcome back! You've successfully signed in
You've successfully subscribed to Ringzer0
Success! Your account is fully activated, you now have access to all content
Success! Your billing info has been updated
Your billing was not updated