A Guide To Reversing with Ghidra

Since 2019, the NSA's software reverse engineering toolkit, Ghidra, has made powerful multi-architecture/multi-platform decompilation capabilities freely available. Join us for an introduction to Ghidra and a series of incremental challenges to build up hands-on experience. Students will learn how to navigate Ghidra, analyze binaries, and use integrated Python scripting to defeat some common anti-reversing techniques. Lessons will illustrate strategies for peeling back layers of obfuscation to understand program intent. By the end of the class, students will be writing their own Ghidra scripts to recover encrypted data from real malware samples. Students will also be introduced to some more specialized applications of Ghidra including patch diffing and dynamic analysis.