3-6 August 2019, Excalibur, Las Vegas

Jeremy Blackthorne & Evan Jensen


This is a majority hands-on course on using Ghidra for reverse-engineering and vulnerability research. Exercises will include PE and ELF files and will be in a variety of architectures, to include x86, x86-64, PowerPC, MIPS, and ARM. This course balances fundamentals with modern applications. After completing this course, students will have the ability to perform analysis of real-world binaries in Ghidra with both manual and automated techniques. Students will know how to leverage Ghidra's strengths and how to complement its weaknesses.

Course Topics

  • Common Reversing Tasks in Ghidra
    • Overview
    • Code navigation, manipulation
    • Symbols, labels, bookmarks, searching
    • Disassembler-decompiler interaction
    • Patching
  • Unique Ghidra Features
    • Decompiler deep dive
    • Program flow
    • Setting Registers
    • P-code
    • Ghidra Tools
  • Basic Automation
    • Quick Java refresher
    • Existing Ghidra scripts
    • Eclipse/GhidraDev Plugins
    • Basic Scripting
    • Ghidra FlatAPI
    • Python Scripting
  • Advanced Automation
    • The rest of the API
    • Advanced scripting
    • Advanced extensions: Loaders, Extensions, Plugins
    • Ghidra Tools in depth
    • Headless scripting
  • Comprehensive Exercises
    • VR for Embedded Device


Students are expected to have experience with static and dynamic analysis, Linux, Windows, command line tools, shell scripting, C, and Python.

Hardware Requirements

Computer capable of running at least 2 virtual machines and Ghidra simultaneously. Recommended 16GB RAM with quad-core processor.

Software Requirements

  • VMware Workstation or Fusion to import and run multiple VMs
  • Ghidra installed
  • Eclipse IDE with Python and GhidraDev Plugins on same system as Ghidra