Presented at
Texas Cyber Summit 2019,
Oct. 11, 2019, 1 p.m.
(120 minutes).
The advent of Ghidra has lowered the bar in terms of price and skill gap for getting involved in software reverse engineering. In this workshop we shall go through getting spun up on Ghidra and utilizing it to reverse binaries and automate different portions of our analysis.
Outline:
1. What is Ghidra?
a. Software Reverse Engineering Tool with version management / decompiles
b. Talk about github/issue tracking
2. What is Reverse Engineering?
a. Compiled code -> ASM
b. Figuring out how binaries work
i. Malware, CTFs, etc
3. Introduction to reversing topics
a. Disassembling
b. Decompilation
c. IL / AST
4. Server Collaboration
a. Use cases
5. Useful features
a. Themes and configurations
b. Handling XREFs / Function Call Trees
c. Navigating the Symbol Tree
6. Useful Plugins / Github Repos
7. Getting Started with Ghidra
a. Building your first project
b. importing Binaries / Libraries
c. Structuring your project
8. Patching Binaries
9. Reversing Binaries
a. Guided reversing of several binaries
10. Introduction to P-Code
11. Scripting
a. Automating analysis of binaries using p-code (python/java)
12. Takeaways
13. Conclusion / Questions
Requirements: Attendees should bring their own laptops and have a linux distro installed in a virtual machine or on the host. Ghidra should be downloaded and unzipped prior to the class from <https://ghidra-sre.org/>. Currently the newest version is 9.0.4 however newer versions will be acceptable and supported.
A basic understanding of C and X86 ASM, Java, and Python are recommended. An installation of GDB, strace, and ltrace are also recommended.
Presenters:
-
Christopher Doege
- Raytheon
Christopher Doege is a Cyber Software engineer at Raytheon. In his free time he likes to CTF with Nasa Rejects and reverse engineer malware. Chris graduated from The University of Texas at San Antonio with a BS in Computer Science and is a local to the San Antonio area.
Links:
Similar Presentations: