Instructor: Kayla Afanador
Dates: June 5 to 8 2023
Capacity: 30 Seats
This course teaches students methods to leverage Ghidra scripting in support of automated large-scale vulnerability analysis, similarity analysis, and general reverse engineering tasks. Students will develop scripts in Python, Kotlin, and Java to automate the extraction of data (e.g., strings, mnemonic frequency, function signatures, block sizes, cyclomatic complexity, etc.) from an arbitrary number of binaries across different architectures. After completing this course, students will have the practical skills to automate and extend Ghidra with scripts and modules.
After completing this course, students will have the practical skills to automate and extend Ghidra with scripts and modules.
Introduction:
- Ghidra overview
- Reversing refresher
- Development environment
Automation Interfaces:
- Python prompt
- Script Manager
- Remote Ghidra+Python+Jupyter console
- Remote Ghidra+Kotlin+Jupyter console
- Eclipse GhidraDev Extension
- Headless mode
Automation Granularity:
- currentProgram object
- FlatAPI
- Modules
- Tools
- Extensions
Special Topics:
- Data extraction (e.g., strings, mnemonic frequency, function signatures, block sizes, cyclomatic complexity)
- Batch analysis
- Cross-architecture analysis
- Binary Similarity analysis
- Analysis and graphing of large datasets
- Reverse Engineers, security enthusiasts, vulnerability analysts, etc.
Students are expected to have their own computers which can run a 30GB virtual machine. A recommended hardware configuration is the following:
- 50 GB of free hard disk space
- 16 GB of RAM
- 4 Processor cores
- VMWare or Virtual Box to import an ova file
Kayla Afanador is a senior technical staff member and lead instructor at the Boston Cybernetics Institute (BCI). Prior to BCI, Kayla was the Cyber Research & Development lead for the U.S. Naval Air Warfare Center Weapons Division. Kayla completed her PhD in computer science at the Naval Postgraduate School with a focus on automated vulnerability research.
Click here to register.