I am very excited to share that I will be offering my Ghidra training course at Black Hat USA 2021. As an online event, this is the perfect opportunity for Black Hat caliber training without hotel and airfare costs. Registration for “A Beginner’s Guide to Reversing with Ghidra “on July 31 and August 1 2021 is now available via the Black Hat web site.

With the public release of Ghidra, NSA has democratized access to advanced reverse engineering capabilities. Foremost among these features is that Ghidra has a decompiler rivaling the capabilities of commercial software many of us have spent a small fortune on over the years. Join me to learn how to navigate Ghidra and customize it to suit your workflow. As a student, you will gain hands-on experience using Ghidra to analyze crackme binaries as well as real-world software including an obfuscated IoT malware sample.

Ghidra in the Classroom

On the first day of class, we will systematically explore all of Ghidra’s core features with periodic breaks to run through unit exercises. Beyond simply introducing the features of Ghidra, I will show you the nuances of interacting with it so you can hit the ground running. We will use crackme challenges to apply and reinforce the new skills.

By Day 2, we will be ready to start extending functionality with Ghidra’s Python 2.7 interpreter to access the underlying API. We will author Python scripts to perform custom reversing tasks and then integrate these scripts into the Ghidra CodeBrowser tool. Ultimately, we will be able to dissect a sample of Mirai, identify obfuscated functionality and implement scripts to dump an encryption key and enumerate the bot net configuration parameters. Students will also have the opportunity to analyze a simulated ransomware sample which can be used to recover (Read more...)