Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Independent

Introduction to Reverse Engineering with Ghidra

Hackaday via Independent

Overview

Course Goals

  • Familiarize students with the basic concepts behind software reverse engineering
    • x86_64 Architecture Review
    • Identifying C constructs in assembly code
    • Disassembly vs Decompilation
  • Teach students how to use the Ghidra SRE tool to reverse engineer Linux based binaries
    • Basic navigation and usage
    • How to identify and reconstruct structures, local variables and other program components
  • Demonstrate and explain the methodologies used when approaching an unknown program with Ghidra
    • Where to start when looking at an unknown binary
    • How to quickly gain an understanding of an unknown program
  • Provide challenges and "crackme" exercises so that students gain hands on experience with Ghidra

Syllabus

Class 1 outline

0:00 - Presentation Outline
2:50 - What is Software Reverse Engineering?
4:12 - Software Engineering Review
24:54 - x86_64 Architecture Review
45:10 - Ghidra Overview and Basic Usage

Class 2 outline

Intro: 0:0
Assembly Language / Applying Function Signatures: 3:08
Imports and Exports: 8:49
Control Flow Statements in Assembly Language: 10:23
Switch Statements in Assembly Language: 18:10
Loops in Assembly Language: 24:34
Variables in Assembly Language: 32:42
Functions in Assembly Language: 39:46
Heap Memory: 48:08
Array Accesses in Assembly Language: 50:11

Class 3 Outline

0:00 Intro 
2:36 - SRE Tool Landscape 
8:03 - Structs: ASM, Identificaion and Ghidra Analysis 
20:19 - Pointers: ASM, Identificaion and Ghidra Analysis  
35:30 - Enums: ASM, Identificaion and Ghidra Analysis
40:00 - x86_64 System Calls
45:40 - File Operations
51:02 - Ghidra Tips: Patching, Bookmarks, Searching, Comments

Class 4 Outline

0:00 - Intro 
3:14 - Ghidra: Loading External Libraries
10:31 - Ghidra: Patch Diffing and Analysis
19:30 - Ghidra: Checksum Tool 
21:38 - Ghidra: Memory Manager 
25:39 - Ghidra Internals: PCODE and SLEIGH 
39:00 - Ghidra Extensions 
45:00 - Ghidra Scripting Overview and Examples

 

Taught by

wrongbaud

Reviews

5.0 rating, based on 1 Class Central review

Start your review of Introduction to Reverse Engineering with Ghidra

  • Anonymous
    Really great introductory course with a good structure and very capable instructor! I was introduced to a ton of general concepts and to things in Ghidra I wasn't aware of beforehand - obviously you to practice quite a bit on actual samples to get good, but that will be much easier for me now than before.

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.