Reverse Engineering with Ghidra

Abstract

This is a majority hands-on course on using Ghidra for reverse-engineering and vulnerability research. Exercises will include PE and ELF files and will be in a variety of architectures, to include x86, x86-64, PowerPC, MIPS, and ARM. This course balances fundamentals with modern applications. After completing this course, students will have the ability to perform analysis of real-world binaries in Ghidra with both manual and automated techniques. Students will know how to leverage Ghidra's strengths and how to complement its weaknesses.

Course Topics

  • Common Reversing Tasks in Ghidra
    • Overview
    • Code navigation, manipulation
    • Symbols, labels, bookmarks, searching
    • Disassembler-decompiler interaction
    • Patching
  • Unique Ghidra Features
    • Decompiler deep dive
    • Program flow
    • Setting Registers
    • P-code
    • Ghidra Tools
  • Basic Automation
    • Quick Java refresher
    • Existing Ghidra scripts
    • Eclipse/GhidraDev Plugins
    • Basic Scripting
    • Ghidra FlatAPI
    • Python Scripting
  • Advanced Automation
    • The rest of the API
    • Advanced scripting
    • Advanced extensions: Loaders, Extensions, Plugins
    • Ghidra Tools in depth
    • Headless scripting
  • Comprehensive Exercises
    • VR for Embedded Device

Pre-Requisites

Students are expected to have experience with static and dynamic analysis, Linux, Windows, command line tools, shell scripting, C, and Python.

Hardware Requirements

Computer capable of running at least 2 virtual machines and Ghidra simultaneously. Recommended 16GB RAM with quad-core processor.

Software Requirements

  • VMware Workstation or Fusion to import and run multiple VMs
  • Ghidra installed
  • Eclipse IDE with Python and GhidraDev Plugins on same system as Ghidra
Jeremy Blackthorne, Evan Jensen

Jeremy Blackthorne &
Evan Jensen

Register Now >>

Jeremy Blackthorne is a co-founder and lead instructor of the Boston Cybernetics Institute (BCI). Before BCI, he was a researcher in the Cyber System Assessments group at MIT Lincoln Laboratory. He was the co-creator and instructor for the Rensselaer Polytechnic Institute courses: Modern Binary Exploitation and Malware Analysis. Jeremy has published research on anti-virus evasion and environmental keying in RAID, ACSAC, WOOT, ROOTS, and LatinCrypt. He served in the U.S. Marine Corps with three tours in Iraq. He is currently a PhD candidate in computer science at RPI focusing on anti-analysis techniques in computer programs. Jeremy is a proud alumnus of RPISEC.

Evan Jensen is the co-founder and CTO of BCI, where he splits his time between performing assessments and creating solutions for clients and teaching. He is an experienced instructor in reverse-engineering and exploitation. Evan has taught reverse-engineering at BU, RPI, NYU, MIT, the United States Military Academy at West Point and MIT Lincoln Laboratory. Before founding BCI, Evan worked for MIT Lincoln Laboratory's Cyber System Assessments Group and Facebook's redteam. He has a BS in computer science from NYU Tandon School of Engineering.