Instructor: Jeremy Blackthorne
Dates: June 5 to 8 2023
Capacity: 30 Seats
This is a hands-on course on using Ghidra for reverse engineering and vulnerability research. Exercises include Windows binaries, Linux binaries, and device firmware. Binaries will also be in a variety of architectures, including ARM, PowerPC, MIPS, x86, and x64. After completing this course, students will have the practical skills to use Ghidra in their day-to-day reversing tasks.
- Students will have the ability to perform static and dynamic analysis of real-world binaries in Ghidra
- Students will have the ability to use manual and automated techniques in Ghidra
- Students will know how to leverage Ghidra’s strengths and how to complement its weaknesses
Introduction
- Ghidra overview
- Project management
- Code navigation, manipulation
- Symbols, labels, bookmarks, searching
- Disassembler-decompiler interaction
- Patching
Ghidra expert Tools
- Decompiler deep dive
- Datatype management
- Memory management
- P-code
- Program flow
- Ghidra tools
- Plugin groups
Automation with Ghidra
- Java/Jython refresher
- The Ghidra FlatAPI
- Development with Eclipse and the GhidraDev plugin
- Analysis in Ghidra headless mode
- Java-Jython interop
People should attend this course if they are looking to:
1-migrate their reversing workflow from other tools
2-integrate Ghidra into their reversing workflow
3-or improve their reversing skills overall
Students are expected to have some experience with static and dynamic analysis, Linux, Windows, command line tools, shell scripting, C, and Python. Students should have the ability to do the following:
- Declare an array pointer in C
- Write a python script to XOR an encoded string
- Perform a function trace using a debugger
- Identify dead code using a disassembler
Students are expected to have their own computers which can run a 30GB virtual machine. A recommended hardware configuration is the following:
- 50 GB of free hard disk space
- 16 Gb of RAM
- 4 Prosessor cores
- VMWare Player/Workstation/Fusion to import an ova file
Jeremy Blackthorne (0xJeremy) is co-founder and lead instructor of the Boston Cybernetics Institute (@BosCybernetics). He is a former researcher of MIT Lincoln Laboratory, specifically the Cyber System Assessments group, where his research focused on building and breaking cybersecurity solutions for the military. Before that, Jeremy served in the United States Marine Corps and completed three tours in Iraq. He is currently a PhD candidate in computer science at RPI focusing on anti-analysis techniques in computer programs and is a proud alumnus of RPISEC.
Click here to register.