DEF CON Forum Site Header Art
DEF CON Forum Site Header Art


No announcement yet.

The Joy of Reverse Engineering: Learning With Ghidra and WinDbg by Wesley McGrew

  • Filter
  • Time
  • Show
Clear All
new posts

  • The Joy of Reverse Engineering: Learning With Ghidra and WinDbg by Wesley McGrew

    The Joy of Reverse Engineering: Learning With Ghidra and WinDbg
    Wesley McGrew

    Prerequisites for students?:
    No previous reverse engineering experience required. Basic familiarity with programming in a high-level language is necessary (C preferred).

    Materials or Equipment students will need to bring to participate?:
    • A laptop with a fresh Windows 10 Virtual Machine.
    • Being able to dedicate 8GB RAM to the VM (meaning, you probably have 16GB in your laptop) will make the experience smoother, but you can get by with 4GB
    • 10 GB storage free in the VM (after installing Windows)
    • Administrative privileges
    • Ability to copy exercise files from USB
    We will be working with live malware samples. Depending on your comfort level with this, bring a "burner" laptop, use a clean drive, or plan on doing a clean install before and after the workshop.

    What level of skill is required for your targeted audience?:

    While it can be intimidating to "get into" software reverse engineering (RE), it can be very rewarding. Reverse engineering skills will serve you well in malicious software analysis, vulnerability discovery, exploit development, bypassing host-based protection, and in approaching many other interesting and useful problems in hacking. Being able to study how software works, without source code or documentation, will give you the confidence that there is nothing about a computer system you can't understand, if you simply apply enough time and effort. Beyond all of this: it's fun. Every malicious program becomes a new and interesting puzzle to "solve".

    The purpose of this workshop is to introduce software reverse engineering to the attendees, using static and dynamic techniques with the Ghidra disassembler and WinDbg debugger. No prior experience in reverse engineering is necessary. There will be few slides--concepts and techniques will be illustrated within the Ghidra and WinDbg environments, and attendees can follow along with their own laptops and virtual environments. We will cover the following topics:
    • Software Reverse Engineering concepts and terminology
    • Setting up WinDbg and Ghidra (and building the latter from source)
    • The execution environment (CPU, Virtual Memory, Linking and Loading)
    • C constructs, as seen in disassembled code
    • Combining static and dynamic analysis to understand and document compiled binary code
    • Methodology and approaches for reverse engineering large programs
    • Hands-on malware analysis
    • How to approach a "new-to-you" architecture

    Trainer Bio:
    Dr. Wesley McGrew directs research, development, and offensive cyber operations as Senior Cybersecurity Fellow for MartinFederal. He has presented on topics of penetration testing and and malware analysis at DEF CON and Black Hat USA and taught a self-designed course on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. Wesley has a Ph.D. in Computer Science from Mississippi State University for his research in vulnerability analysis of SCADA HMI systems.
    Last edited by The Dark Tangent; June 16, 2021, 08:20. Reason: Removed outline, it might change before the workshop
    PGP Key:

  • #2
    Hello. Any word on when and where this workshop will happen? And how to sign up?