top of page

Course Description

This is a hands-on course on using Ghidra for reverse-engineering and vulnerability research. Exercises include Windows binaries, Linux binaries, and will cover a variety of architectures (e.g., ARM, PowerPC, MIPS, x86, and x64). After completing this course, students will have the practical skills to use Ghidra in their day-to-day reversing tasks.

The course is live and recorded each day, with recordings posted at the end of each day. Students keep the VM, exercises, solutions, and all recordings. Students are encouraged to post all the materials in their organizations internal wiki to be used as future reference for themselves and other staff.


Learning Objectives

  • Students will have the ability to perform static analysis of real-world binaries in Ghidra

  • Students will have the ability to use manual and automated techniques in Ghidra

  • Students will know how to leverage Ghidra’s strengths and how to complement its weaknesses

  • Students will be able to communicate findings to others


Prerequisites

Students are expected to have some experience with static and dynamic analysis, Linux, Windows, command line tools, shell scripting, C, and Python. Students should have the ability to do the following:

  • Declare an array pointer in C

  • Write a Python script to XOR an encoded string


Required Hardware/Software

Students are expected to bring their own laptops. The laptops are required to run a 30GB virtual machine but will not perform any intensive computation. A recommended hardware configuration would have the following:

  • 50 GB of free hard disk space

  • 16 GB of RAM

  • 4 Processor cores

  • VMWare or Virtual Box to import an ova file


Course Schedule:

Day 1: Ghidra Overview

  • Project management

  • Code navigation, manipulation

  • Symbols, labels, bookmarks, searching

  • Disassembler-decompiler interaction

  • Patching


Day 2: Ghidra Expert Tools

  • Decompiler deep dive

  • Datatype management

  • Memory management

  • P-code• Program flow

  • Ghidra tools

  • Plugin groups


Day 3: Automation with Ghidra

  • Python prompt

  • Script Manager

  • Eclipse GhidraDev Extension

  • Ghidra+Jupyter Lab

  • Ghidra API


Day 4: Advanced Automation Techniques

  • Headless mode to support batch analysis

  • Data extraction (e.g., strings, functions, cyclomatic complexity)

  • Cross-architecture analysis

  • Development with Eclipse and the GhidraDev plugin


Day 5: Automated Binary Similarity Analysis

  • Function-level binary similarity analysis

  • Analysis and graphing of large datasets


About Boston Cybernetics Institute

Boston Cybernetics Institute, PBC was created by former MIT Lincoln Lab cybersecurity researchers to give meaningful niche cyber instruction to a new generation of cybersecurity professionals.

 

We avoid the normal style of teaching with PowerPoint and lectures, opting to provide instead real-life engaging instruction that takes place in a customized environment. We have given our style of instruction to multiple DoD agencies, US commercial companies, and international companies.

BCI_LOGO_FINAL_Seal_Black-MOD2.png

Instructors at Boston Cybernetics Institute

Jeremy Blackthorne.png

Jeremy Blackthorne

President of the Boston Cybernetics Institute

Jeremy Blackthorne is a Lead Instructor at the Boston Cybernetics Institute (BCI). Before BCI, he was a researcher in the Cyber System Assessments group at MIT Lincoln Laboratory. Blackthorne is the co-creator and instructor for the Rensselaer Polytechnic Institute (RPI) courses: Modern Binary Exploitation, Spring 2015 and Malware Analysis, Spring 2013. ​Jeremy has published research at various academic and industry conferences. He served in the U.S. Marine Corps and is an alumnus of RPISEC. He holds a BS and MS in computer science. ​ Blackthorne was an active member of the Student Security Club and CTF team, RPISEC, from 2012 to 2015, where he taught seminars on Reverse-Engineering, Exploitation, and various other Cybersecurity topics.

Dr. Kayla Afanador

Dr. Kayla Afanador

Senior technical staff member and lead instructor

Prior to BCI, Afanador was the lead of the Cyber Research & Development Team at the U.S. Naval Air Warfare Center Weapons Division (NAWC WD). ​Afanador completed her PhD in Computer Science at the Naval Postgraduate School with a focus on Automated Vulnerability Research. She also holds a MS and BS from the University of Maryland.

Clark-Wood.jpg

Clark Wood

security researcher and instructor

Clark Wood is a security researcher and instructor at the Boston Cybernetics Institute (BCI), focusing on Reverse Engineering, Exploitation, and CI/CD. He recently built a Reverse-Engineering and Exploitation platform for a DoD customer and is the Lead Engineer for BCI’s Government Services. Clark was formerly on the technical staff at MIT Lincoln Laboratory where he was a member of the Cyber System Assessments Group. ​Clark holds a BA in Economics from the University of Florida, a BS and MS in Computer Science from Florida State University, and a Master’s in Technology and Policy from MIT. ​

Rodolfo.png

Rodolfo Cuevas

security researcher and instructor

Rodolfo Cuevas is a security researcher and instructor at BCI, where he focuses on understanding how design constraints can be used to limit the impact of an attacker on a system. His research combines the adversarial mindset with approaches influenced by Systems and Control Theory. ​ Rodolfo was a staff member at MIT Lincoln Laboratory and began his career as a RADAR and Ballistic Missile Defense System (BMDS) analyst. Later, Rodolfo transitioned to evaluating and Red-Teaming tactical and commercial cyber systems in support of DoD and other government programs. ​ Rodolfo holds a BS, M.Eng., and M.S. in Electrical and Computer Engineering from Cornell University.

Reed-Porada.jpg

Reed Porada

security researcher and instructor

Reed Porada is a security researcher and instructor at BCI, focused on getting to the "so what" of both defensive and offensive cyber measures. Reed also leads BCI training in Cyber Systems Analysis, focusing on developing systems-thinking skills of developers up to managers. ​Reed was a staff member at MIT Lincoln Laboratory for ten years, where he was responsible for Test and Evaluation, Test Automation Research, Red-Teaming of Cyber Systems, and Blue System Architectures. Reed was a computer scientist at the Naval Research Laboratory focused on wireless communication systems. He holds a BS in Computer Science from the University of Maryland, College Park and an MS in Software Engineering from Carnegie Mellon University.

Reverse Engineering with Ghidra

This is a hands-on course on using Ghidra for reverse engineering and vulnerability research.

Cyber-security-course.png

COURSE PRICE

$3800

COURSE LENGTH:

5 days, starting:
13 Feb 2023

What happens after I click the button?

You'll be redirected to the course's Eventbrite page where you can buy your tickets to this course.

Anchor 1
bottom of page