REVERSE ENGINEERING WITH GHIDRA

3-6 August 2019, Excalibur, Las Vegas
Jeremy Blackthorne & Evan Jensen
Jeremy Blackthorne & Evan Jensen

Abstract

This is a majority hands-on course on using Ghidra for reverse-engineering and vulnerability research. Exercises will include PE and ELF files and will be in a variety of architectures, to include x86, x86-64, PowerPC, MIPS, and ARM. This course balances fundamentals with modern applications. After completing this course, students will have the ability to perform analysis of real-world binaries in Ghidra with both manual and automated techniques. Students will know how to leverage Ghidra's strengths and how to complement its weaknesses.

Course Topics

  • Common Reversing Tasks in Ghidra
    • Overview
    • Code navigation, manipulation
    • Symbols, labels, bookmarks, searching
    • Disassembler-decompiler interaction
    • Patching
  • Unique Ghidra Features
    • Decompiler deep dive
    • Program flow
    • Setting Registers
    • P-code
    • Ghidra Tools
  • Basic Automation
    • Quick Java refresher
    • Existing Ghidra scripts
    • Eclipse/GhidraDev Plugins
    • Basic Scripting
    • Ghidra FlatAPI
    • Python Scripting
  • Advanced Automation
    • The rest of the API
    • Advanced scripting
    • Advanced extensions: Loaders, Extensions, Plugins
    • Ghidra Tools in depth
    • Headless scripting
  • Comprehensive Exercises
    • VR for Embedded Device

Pre-Requisites

Students are expected to have experience with static and dynamic analysis, Linux, Windows, command line tools, shell scripting, C, and Python.

Hardware Requirements

Computer capable of running at least 2 virtual machines and Ghidra simultaneously. Recommended 16GB RAM with quad-core processor.

Software Requirements

  • VMware Workstation or Fusion to import and run multiple VMs
  • Ghidra installed
  • Eclipse IDE with Python and GhidraDev Plugins on same system as Ghidra
Great! Next, complete checkout for full access to Ringzer0
Welcome back! You've successfully signed in
You've successfully subscribed to Ringzer0
Success! Your account is fully activated, you now have access to all content
Success! Your billing info has been updated
Your billing was not updated