RE-1012 Ghidra for the begineer reverse enginering

Presented at Texas Cyber Summit 2019, Oct. 10, 2019, 1 p.m. (120 minutes)

The open-source release of the NSA's Ghidra disassembler gives software reverse engineers a free option for high-capability interactive analysis of binary code. Many software reverse engineering (SRE) practitioners have been spending time since the release learning about Ghidra and bringing it into their workflow. It also gives those new to SRE a toolset to learn with that is not restricted by commercial license costs or "demo" limitations. The goal of this session is to expose attendees with no prior reverse engineering experience to the Ghidra disassembler. Ghidra will be used as an environment in which the basics of reading, navigating, and analyzing executable code will be demonstrated. Dr. McGrew will demonstrate how to install and configure Ghidra, and then load a series of sample programs that he will use to illustrate: Strategies for analyzing unknown programsLinking and loading in WindowsData typesC code constructs in assembly All of these concepts will be discussed in the context of the iterative process of reverse engineering unknown code--using what we know about the program based on its API calls and overtly documented information to deduce the types and purposes of undocumented variables and functions. Attendees who wish to follow along should bring a laptop with Ghidra installed ([http://ghidra-sre.org](http://ghidra-sre.org/)). A link will be provided in-class to samples that will be used. Following along is not required! Attendees who simply observe and ask questions will still gain a useful exposure to reverse engineering and Ghidra. Resources for continuing to learn reverse engineering will be recommended.

Presenters:

  • Wesley McGrew - HORNE Cyber
    Dr. McGrew serves as director of cyber operations for HORNE Cyber. Known for his work in offense-oriented network security, Wesley specializes in penetration testing, vulnerability analysis, reverse engineering of malicious software and network traffic analysis. Wesley is the author of penetration testing and forensic tools used by many practitioners. He is a frequent presenter at DEF CON and Black Hat USA. At the National Forensics Training Center, he provided digital forensics training to law enforcement and wounded veterans. As an adjunct professor he designed a course he teaches on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. This effort was undertaken as part of earning National Security Agency CAE Cyber Ops certification for the university. He has presented his work on critical infrastructure security to the DHS joint working group on industrial control systems. Wesley earned his Ph.D. in computer science at Mississippi State University for his research in vulnerability analysis of SCADA HMI systems used in national critical infrastructure. He served as a research professor in MSU’s Department of Computer Science & Engineering and Distributed Analytics and Security Institute.

Links:

Similar Presentations: