This is a majority hands-on course on using Ghidra for reverse-engineering and vulnerability research. Exercises include Windows binaries, Linux binaries, and device firmware, and will be in a variety of architectures, including ARM, PowerPC, MIPS, x86, and x64. After completing this course, students will have the practical skills to use Ghidra in their day-to-day reversing tasks.

Learning Objectives

• Students will have the ability to perform static analysis of real-world binaries and firmware in Ghidra
• Students will have the ability to use manual and automated techniques in Ghidra
• Students will know how to leverage Ghidra’s strengths and how to complement its weaknesses
  
  

Prerequisites

Students are expected to have some experience with static and dynamic analysis, Linux, Windows, command line tools, shell scripting, C, and Python. Students should have the ability to do the following:

• Declare an array pointer in C
• Write a python script to XOR an encoded string
• Perform a function trace using a debugger
• Identify dead code using a disassembler