Abstract
This is a majority hands-on course on using Ghidra for reverse-engineering and vulnerability research. Exercises will include PE and ELF files and will be in a variety of architectures, to include x86, x86-64, PowerPC, MIPS, and ARM. This course balances fundamentals with modern applications. After completing this course, students will have the ability to perform analysis of real-world binaries in Ghidra with both manual and automated techniques. Students will know how to leverage Ghidra's strengths and how to complement its weaknesses.
Course Topics
- Common Reversing Tasks in Ghidra
- Overview
- Code navigation, manipulation
- Symbols, labels, bookmarks, searching
- Disassembler-decompiler interaction
- Patching
- Unique Ghidra Features
- Decompiler deep dive
- Program flow
- Setting Registers
- P-code
- Ghidra Tools
- Basic Automation
- Quick Java refresher
- Existing Ghidra scripts
- Eclipse/GhidraDev Plugins
- Basic Scripting
- Ghidra FlatAPI
- Python Scripting
- Advanced Automation
- The rest of the API
- Advanced scripting
- Advanced extensions: Loaders, Extensions, Plugins
- Ghidra Tools in depth
- Headless scripting
- Comprehensive Exercises
- VR for Embedded Device
Pre-Requisites
Students are expected to have experience with static and dynamic analysis, Linux, Windows, command line tools, shell scripting, C, and Python.
Hardware Requirements
Computer capable of running at least 2 virtual machines and Ghidra simultaneously. Recommended 16GB RAM with quad-core processor.
Software Requirements
- VMware Workstation or Fusion to import and run multiple VMs
- Ghidra installed
- Eclipse IDE with Python and GhidraDev Plugins on same system as Ghidra