Reverse Engineering and Code Emulation with Ghidra

Presented at SAINTCON 2019, Oct. 22, 2019, 2 p.m. (30 minutes).

The NSA recently open-sourced the Ghidra software reverse engineering tool. While it's unlikely to steal IDA-heads, Binjas, or those 5 people who remember Radare2's command line, it is a mature RE tool with a huge feature set. It's also easily extensible through Java, Python, and a command line batch mode. This talk will introduce Ghidra briefly, then demonstrate/release an open-source Ghidra intermediate language emulation capability, and finally describe the basics of extending Ghidra via Python scripting.

Presenters:

• Karl Sickendick - US Air Force
  Electrical Engineer, Computer Scientist, experienced cyber capability developer, Air Force Officer, recently assigned to Idaho National Labs as an Air Force Fellow

Links:

• https://saintcon2019.sched.com/event/W6VD/reverse-engineering-and-code-emulation-with-ghidra
• https://infocon.org/cons/SAINTCON/SAINTCON 2019/Karl Sickendick - Reverse Engineering and Code Emulation with Ghidra.mp4
• https://infocon.org/cons/SAINTCON/SAINTCON 2019/Karl Sickendick - Reverse Engineering and Code Emulation with Ghidra.eng.srt (subtitles)
• https://www.youtube.com/watch?v=NHbmBeXXi5I

Similar Presentations:

• Kernelcon 2019 / What's a Ghidra, and why should you care?
• REcon 2019 / Open-Source Ghidra: The First Few Months
• Texas Cyber Summit 2019 / RE-1012 Ghidra for the begineer reverse enginering