Course Schedule
2 day ONLINE-only course at 8 hours per day (plus optional exciting overnight crackme challenges!)
The course will no longer be taking place this year during CanSecWest 2022. (Updated May 9, 2022)
Course Abstract
This 2-day hands-on training introduces you to software reverse engineering with the free open source Ghidra tool suite. Since its open-source release by the NSA in 2019, Ghidra has become an attractive tool for reverse engineering. You will meet Ghidra and be provided with hands-on scenarios that will allow you to discover how you can use Ghidra to enhance your reverse engineering capabilities.
During this course (which roughly parallels the first half of The Ghidra Book), you will explore the following topics, each of which is presented through hands-on activities in our online lab environment, HOTzone. Within each of the following modules are levelled hands-on challenges (e.g., 1A, 1B, 1C) that allow you to choose tasks that peak your interest, meet you where you are, and take you to the next level....and we have never run out of crackmes!
Course Agenda
Day 1 Agenda: (Optional side quests available for the adventurous!)
Introduction to the Training and HOTzone
Meet Ghidra: This module includes a high-level introduction to the Ghidra tool suite and the various options that may be of interest to Ghidra users.
Getting Started with Ghidra: This module covers the basics of obtaining, installing, and setting up a personal Ghidra environment.
Ghidra Displays: This module introduces the Ghidra Project environment, CodeBrowser tool, and the default windows used as an anchor for analysis.
Disassembly Navigation: This module includes a brief introduction to disassembly in the Ghidra context using the basic CodeBrowser windows with a focus on navigating and understanding the disassembly listing.
Disassembly Manipulation: This section focuses on navigating and manipulating the disassembly and understanding constructs.
Data Type and Data Structures: This module demonstrates how you can manipulate and define simple and complex data types and data structures found within compiled programs.
**Optional overnight Crackme challenge sets will be made available to participants
Day 2 Agenda: (Content may vary based on class interests)
Ghidra’s Decompiler: This module discusses Ghidra’s built-in Decompiler and how it can be used to expedite and enhance analysis.
Ghidra’s Debugger:
Customizing Ghidra: This module demonstrates how you can customize both your Ghidra work environment as well as Ghidra’s capabilities to better match your RE process.
Scripting with Ghidra: This module introduces scripting with Ghidra including Ghidra scripts, basic script editor, integrated scripting with Eclipse, and provides you with tool
In addition to levelled crackme challenges, there are topical choices that allow participants to choose tasks appropriate to their personal interests and objectives.
Course Pre-requisites
Take this course if you’re interested in reverse engineering in general or are specifically interested in learning about Ghidra. Some programming experience is expected. It is important to understand data types and basic high-level programming constructs like variables, loops, and functions. Students will see code in C, Python, and Java, but no specific language is required to complete exercises. Some basic knowledge of assembly language is also helpful.
Intended Audience
If you like listening to people talk over LONG PowerPoint presentations, this is probably NOT the course for you. Our philosophy is “hands-on” rather than “hand-outs” so come prepared to actively participate in the action and experiment with the concepts.
About the Instructor: Kara Nance
Kara Nance, PhD, is Chief Technology Officer at CyberRatings.org where she is responsible for expanding the non-profit’s test program measuring efficacy of traditional and cloud cybersecurity products and services. She is co-author of “The Ghidra Book: The Definitive Guide" and regularly conducts training on the evolution of the reverse-engineering tool since its release as an open-source product by the NSA at RSA 2019. A computer science professor before transitioning to government and industry, she served as a Senior-Executive Advisory Board member for the Office of the Director of National Intelligence and as a Board Member of the Honeynet Project for many years. She is a frequent speaker and author on cybersecurity and enjoys building Ghidra extensions in her spare time.
Hardware and Software Requirements
Bring a Windows, Mac, or Linux laptop (and power cord) with a current version of Chrome, Firefox, or Safari. That’s it! We provide everything else through our HOTzone environment. (As always - the more screen real estate you have available, the happier you will be!)