No announcement yet.

Workshop Information: Introduction to Reverse Engineering With Ghidra

  • Filter
  • Time
  • Show
Clear All
new posts

  • Workshop Information: Introduction to Reverse Engineering With Ghidra

    Title: Introduction to Reverse Engineering With Ghidra

    Instructor: Wesley McGrew & Tyler Holland

    Abstract: The open-source release of the NSA's Ghidra disassembler gives software reverse engineers a free option for high-capability interactive analysis of binary code. Many software reverse engineering (SRE) practitioners have been spending time since the release learning about Ghidra and bringing it into their workflow. It also gives those new to SRE a toolset to learn with that is not restricted by commercial license costs or "demo" limitations.

    The purpose of this workshop is to teach beginners, with no prior experience in software reverse engineering, about the analysis of software in the Ghidra disassembler. We'll cover the following major topics, with high degree of interaction between the instructors and students:

    - Defining software reverse engineering terms
    - Setting up an environment for Ghidra
    - Ghidra configuration and usage
    - Linking and Loading
    - Data types
    - C data types and constructs in assembly
    - Simple anti-RE tricks and how to analyze them
    - Methodology for approaching unknown programs (prioritization, analysis)
    - Analysis exercise with a malware sample

    Level: Beginner

    Pre-Requisites: Students should have experience with at least one high-level programming language. C is preferred, but experience with any other language should provide you with the experience necessary to at least read C code. You will not be required to *write* code. No prior software reverse engineering experience is required.

    Required Materials: Students that wish to "follow along" in Ghidra and participate in hands-on exercises should bring a laptop. Laptops should be running a 64-bit operating system (macOS, Windows, or Linux), and have at least 4GB RAM (more preferred, especially if you're using virtual machines). Before the workshop, please download and install OpenJDK and Ghidra as described in the instructions at . We can troubleshoot installation problems in-class, but don't count on reliable/fast network access, so try to get it set up ahead of time.

    We will be analyzing *live malware* provided to you on USB. You will need to have administrative capability on your laptop in order to disable or set exclusions on your AV software. While we will not be intentionally executing code (this course is limited to static analysis), you are expected to take whatever measures necessary to protect yourself, to include: bringing a "burner" laptop, having backups, virtualization, and/or common sense.

    If you do not bring a laptop, you can still get some good exposure to reverse engineering with Ghidra! I'll be working in Ghidra most of the time on the projector, and you may coordinate with another student to collaboratively discuss what you're looking at on a shared laptop.

  • #2
    Thesis committee theessayservice

    Hi, I'm taking up a summer course in Software Reverse Engineering online at Drexel University. I downloaded the latest version of Ghidra on my PC and I would like to learn the basics just before the course labs begin. What should I start with? Thanks.