Facebook-f Twitter Youtube Linkedin
Cart

Reverse Engineering with NSA’s Ghidra

USD $4,299.00

REGISTER
Attend In-person

Duration

4 days

Delivery Method

in-person

Level

beginner / intermediate

Seats Available

20

Duration

4 days

Delivery Method

in-person

Level

beginner / intermediate

ATTEND IN-PERSON: Onsite at Singapore

DATE: 20-23 November 2023

TIME: 09:00-17:00 SGT/GMT +8

Date Day Time Duration
16 Oct Monday 09:00-17:00 SGT/GMT +8 8 Hours
17 Oct Tuesday 09:00-17:00 SGT/GMT +8 8 Hours
18 Oct Wednesday 09:00-17:00 SGT/GMT +8 8 Hours
19 Oct Thursday 09:00-17:00 SGT/GMT +8 8 Hours
This is a hands-on course on using Ghidra for reverse engineering and vulnerability research. Exercises include Windows binaries, Linux binaries, and device firmware. Binaries will also be in a variety of architectures, including ARM, PowerPC, MIPS, x86, and x64. After completing this course, students will have the practical skills to use Ghidra in their day-to-day reversing tasks.

 

Agenda

  • Introduction

    - Ghidra overview
    - Project management
    - Code navigation, manipulation
    - Symbols, labels, bookmarks, searching
    - Disassembler-decompiler interaction
    - Patching

  • Ghidra expert Tools

    - Decompiler deep dive
    - Datatype management
    - Memory management
    - P-code
    - Program flow
    - Ghidra tools
    - Plugin groups

  • Automation with Ghidra

    - Java/Jython refresher
    - The Ghidra FlatAPI
    - Development with Eclipse and the GhidraDev plugin
    - Analysis in Ghidra headless mode
    - Java-Jython interop

Why You Should Take This Course

This is a hands-on course on using Ghidra for reverse engineering and vulnerability research. Exercises include Windows binaries, Linux binaries, and device firmware. Binaries will also be in a variety of architectures, including ARM, PowerPC, MIPS, x86, and x64. After completing this course, students will have the practical skills to use Ghidra in their day-to-day reversing tasks.

Who Should Attend

People should attend this course if they are looking to:
  • Migrate their reversing workflow from other tools
  • Integrate Ghidra into their reversing workflow
  • To improve their reversing skills overall

Key Learning Objectives

  • Students will have the ability to perform static and dynamic analysis of real-world binaries in Ghidra

  • Students will have the ability to use manual and automated techniques in Ghidra

  • Students will know how to leverage Ghidra’s strengths and how to complement its weaknesses

    • Prerequisite Knowledge

    Students are expected to have some experience with static and dynamic analysis, Linux, Windows, command line tools, shell scripting, C, and Python.
    Students should have the ability to do the following:
    • Declare an array pointer in C
    • Write a python script to XOR an encoded string
    • Perform a function trace using a debugger
    • Identify dead code using a disassembler

    Hardware / Software Requirements

    Students are expected to have their own computers which can run a 30GB virtual machine.
    A recommended hardware configuration is the following:
    • 50 GB of free hard disk space
    • 16 Gb of RAM
    • 4 Prosessor cores
    • VMWare Player/Workstation/Fusion to import an ova file

    Your Instructor

    Jeremy Blackthorne

    Jeremy Blackthorne is a co-founder and instructor at the Boston Cybernetics Institute. He was a researcher at MIT Lincoln Laboratory, where he focused on building and breaking cyber solutions for the U.S. government. Before that, Jeremy was a scout sniper in the U.S. Marine Corps and completed three tours in Iraq. He has a master’s in computer science and is an alumnus of RPISEC.

    HACK IN THE BOX LIMITED

    Masdar City, United Arab Emirates