Reverse Engineering with Ghidra

4 Day u_long 32 CPE Hour Training: August 2020 * AUG 1-7

Jeremy Blackthorne & Evan Jensen

Abstract

This is a majority hands-on course on using Ghidra for reverse-engineering. Exercises will include PE and ELF files and will be in a variety of architectures, to include x86, x86-64, PowerPC, MIPS, and ARM. This course balances fundamentals with modern applications. After completing this course, students will have the ability to perform analysis of real-world binaries in Ghidra with both manual and automated techniques. Students will know how to leverage Ghidra’s strengths and how to complement its weaknesses.

Course Topics

  • Common Reversing Tasks in Ghidra
    • Code navigation, manipulation
    • Symbols, labels, bookmarks, searching
    • Type manipulation and management
    • Disassembler-decompiler interaction
    • Patching
    • Reversing programs and firmware
  • Unique Ghidra Features
    • Decompiler deep dive
    • Program flow
    • Setting Registers
    • P-code
    • Ghidra Tools
  • Automation
    • Python scripting
    • Java refresher
    • Existing Ghidra scripts
    • Eclipse/GhidraDev Plugins
    • Ghidra FlatAPI
    • Advanced extensions: Loaders, Extensions, Plugins
    • Headless Scripting

Pre-Requisites

Students are expected to have experience with static and dynamic analysis, Linux, Windows, command line tools, shell scripting, C, and Python.

Hardware Requirements

Computer capable of running a virtual machine. Recommended minimum 8GB RAM with quad-core processor.

Software Requirements

VMware Workstation or Fusion to import and run a virtual machine