Introduction to Reverse Engineering with Ghidra

Course Goals

• Familiarize students with the basic concepts behind software reverse engineering
  • x86_64 Architecture Review
  • Identifying C constructs in assembly code
  • Disassembly vs Decompilation
• Teach students how to use the Ghidra SRE tool to reverse engineer Linux based binaries
  • Basic navigation and usage
  • How to identify and reconstruct structures, local variables and other program components
• Demonstrate and explain the methodologies used when approaching an unknown program with Ghidra
  • Where to start when looking at an unknown binary
  • How to quickly gain an understanding of an unknown program
• Provide challenges and "crackme" exercises so that students gain hands on experience with Ghidra

Class 1 outline

0:00 - Presentation Outline
2:50 - What is Software Reverse Engineering?
4:12 - Software Engineering Review
24:54 - x86_64 Architecture Review
45:10 - Ghidra Overview and Basic Usage

Class 2 outline

Intro: 0:0
Assembly Language / Applying Function Signatures: 3:08
Imports and Exports: 8:49
Control Flow Statements in Assembly Language: 10:23
Switch Statements in Assembly Language: 18:10
Loops in Assembly Language: 24:34
Variables in Assembly Language: 32:42
Functions in Assembly Language: 39:46
Heap Memory: 48:08
Array Accesses in Assembly Language: 50:11

Class 3 Outline

0:00 Intro 
2:36 - SRE Tool Landscape 
8:03 - Structs: ASM, Identificaion and Ghidra Analysis 
20:19 - Pointers: ASM, Identificaion and Ghidra Analysis  
35:30 - Enums: ASM, Identificaion and Ghidra Analysis
40:00 - x86_64 System Calls
45:40 - File Operations
51:02 - Ghidra Tips: Patching, Bookmarks, Searching, Comments

Class 4 Outline

0:00 - Intro 
3:14 - Ghidra: Loading External Libraries
10:31 - Ghidra: Patch Diffing and Analysis
19:30 - Ghidra: Checksum Tool 
21:38 - Ghidra: Memory Manager 
25:39 - Ghidra Internals: PCODE and SLEIGH 
39:00 - Ghidra Extensions 
45:00 - Ghidra Scripting Overview and Examples