Recon Training - Automated Analysis with Ghidra by Kayla Afanador

Automated Analysis with Ghidra

Instructor: Kayla Afanador
Dates: June 5 to 8 2023
Capacity: 30 Seats

This course teaches students methods to leverage Ghidra scripting in support of automated large-scale vulnerability analysis, similarity analysis, and general reverse engineering tasks. Students will develop scripts in Python, Kotlin, and Java to automate the extraction of data (e.g., strings, mnemonic frequency, function signatures, block sizes, cyclomatic complexity, etc.) from an arbitrary number of binaries across different architectures. After completing this course, students will have the practical skills to automate and extend Ghidra with scripts and modules.

KEY LEARNING OBJECTIVE

After completing this course, students will have the practical skills to automate and extend Ghidra with scripts and modules.

COURSE TOPICS

Introduction:

- Ghidra overview

- Reversing refresher

- Development environment

Automation Interfaces:

- Python prompt

- Script Manager

- Remote Ghidra+Python+Jupyter console

- Remote Ghidra+Kotlin+Jupyter console

- Eclipse GhidraDev Extension

- Headless mode

Automation Granularity:

- currentProgram object

- FlatAPI

- Modules

- Tools

- Extensions

Special Topics:

- Data extraction (e.g., strings, mnemonic frequency, function signatures, block sizes, cyclomatic complexity)

- Batch analysis

- Cross-architecture analysis

- Binary Similarity analysis

- Analysis and graphing of large datasets

WHO SHOULD ATTEND

- Reverse Engineers, security enthusiasts, vulnerability analysts, etc.

SOFTWARE REQUIREMENTS

Students are expected to have their own computers which can run a 30GB virtual machine. A recommended hardware configuration is the following:

- 50 GB of free hard disk space

- 16 GB of RAM

- 4 Processor cores

- VMWare or Virtual Box to import an ova file

BIO

Kayla Afanador is a senior technical staff member and lead instructor at the Boston Cybernetics Institute (BCI). Prior to BCI, Kayla was the Cyber Research & Development lead for the U.S. Naval Air Warfare Center Weapons Division. Kayla completed her PhD in computer science at the Naval Postgraduate School with a focus on automated vulnerability research.

To Register

Click here to register.