Reverse Engineer Like The NSA's Best Agents

Ghidra was the NSA’s formerly classified software reverse-engineering tool. Speculated to have been developed over the last 20 years or so, it is now free, open source, and available for download on the NSA’s github page. The only barrier left is the steep learning curve. In this course, we take students from the beginning: menus, icons, and features and build them up over four days into efficiently reversing firmware on a variety of architectures.

The course takes place at the Novotel London West, Hammersmith from the 2nd – 5th of December, 2019.

Who Should Take This Course

  • Students looking to transition their reverse-engineering skills to Ghidra.
  • Reverse Engineers looking to work well at scale.
  • Malware analysts wanting to take their skills to the next level.

"Master the NSA Research Tool's Secrets for less than the cost of the equivalent IDA Pro licence"

Got A Ghidra Problem? Talk To The Ghidra Guys.

Even those who have been reversing for years with IDA Pro face the annoyance of all the menus and hotkeys being different. Well, we at least took care of the hotkeys. We imported the most common keybindings from IDA Pro into Ghidra. We’ll cover the hotkeys, menus, and many more techniques to help bridge the gap from techniques on other platforms to Ghidra and all of its plugins and extensions.
 
This is a majority hands-on course on using Ghidra for reverse-engineering and vulnerability research. Exercises will include PE and ELF files and will be in a variety of architectures, to include x86, x86-64, PowerPC, MIPS, and ARM. This course balances fundamentals with modern applications. After completing this course, students will have the ability to perform analysis of real-world binaries in Ghidra with both manual and automated techniques. Students will know how to leverage Ghidra’s strengths and how to complement its weaknesses.

What You'll Learn

  • Static analysis of real-world binaries in Ghidra
  • Static analysis of real-world firmware in Ghidra
  • How to use Ghidra for manual reversing work
  • How to automate analysis with Ghidra
  • How to leverage Ghidra's strengths
  • How to compensate for Ghidra's weaknesses.

Course Outline

Day 1 - Reversing With Ghidra

  • Ghidra Overview
  • Project management
  • Code navigation, manipulation
  • Lunch
  • Symbols, labels, bookmarks, searching
  • Disassembler-decompiler interaction
  • Patching

Day 2 - Ghidra Expert Tools

  • Decompiler deep dive
  • Datatype management
  • Memory management
  • P-code
  • Lunch
  • P-code
  • Ghidra tools
  • Plugin groups

Day 3 - Ghidra Automation

  • Java/Jython refresher
  • The Ghidra FlatAPI
  • Development with Eclipse and the GhidraDev plugin
  • Lunch
  • Analysis in Ghidra headless mode
  • Java-Jython interop

Day 4 - Ghidra and ExtensionPoint

  • Loader
  • Decryptors
  • FileSystem
  • Lunch
  • BuiltInDataType
  • AbstractAnalyzer

What To Bring

  • A Laptop with 16 GB of RAM and 4 Core CPU
  • 50 GB of free hard disk space
  • VMWare or Virtual Box to import an ova file

What Students Are Provided With

  • Repo access to custom Ghidra tools and scripts

4 Days of Training at a Premium London Venue.
Book Now at only £2600 Inc. VAT!

4 Reasons Why You'll Want To Train With 44CON

Classrooms

Venue

Focus on learning with our spacious, air-conditioned rooms. The comfort doesn’t stop there, with incredible food at lunch and in breaks.

Serious Savings

Save over 50% with us compared to the same courses at other events in London. Get the Vegas experience without the cost.

44CONnect

44CONnect

Get exclusive invites to 44CONnect – our quarterly event with talks and more. Invites run for 12 months after your last course.

44CON

44CON Discounts

You’ll receive an exclusive £50 discount code for standard tickets to the next main 44CON event: the UK’s best security conference.

Meet The Trainers: Jeremy Blackthorne and Evan Jensen

Jeremy Blackthorne is co-founder and lead instructor of the Boston Cybernetics Institute (BCI). Before BCI, he was a researcher in the Cyber System Assessments group at MIT Lincoln Laboratory. He was the co-creator and instructor for the Rensselaer Polytechnic Institute courses: Modern Binary Exploitation and Malware Analysis. Jeremy has published research at various academic conferences, including RAID, WOOT, and LatinCrypt. He has also presented or taught at hacker conferences, including INFILTRATE, REcon, and RingZer0. He served in the U.S. Marine Corps with three tours in Iraq. He is currently a PhD candidate in computer science at RPI and is a proud alumnus of RPISEC.

Evan Jensen is the co-founder and CTO of BCI, where he splits his time between performing security assessments, developing capabilities, and teaching. Evan has conducted training workshops on binary reversing at many universities, including BU, RPI, NYU, MIT, Tufts, and West Point. He has also presented and taught at hacker conferences including SchmooCon, REcon, and RingZer0. Before founding BCI, Evan worked in the Cyber System Assessments Group at MIT Lincoln Laboratory and Facebook’s redteam. He has a BS in computer science from NYU Tandon School of Engineering.

Jeremy Blackthorne

44CON December Bonus: Hootenanny Tickets Included!

Hootenanny

The 44CONnect Hootenanny is an end-of-year one day event on the 6th of December.

The Hootenanny has a single talk track, a workshop track and an escape room track. We’ll have workshops from our trainers so you can get a taste of their courses, and a bunch of invited talks at the level of quality you’ve come to expect from a full 44CON. The event is fully catered, of course.

All December training attendees automatically receive a Hootenanny ticket as part of their booking. Those who’ve attended training at any time in 2019 can join our wait list. Tickets will be issued to the wait list two weeks before the Hootenanny event.

Watch Jeremy Talk

Three Heads Are Better Than One: Mastering NSA's Ghidra Reverse Engineering Tool

A one-hour Ghidra walkthrough from INFILTRATE 2019. Thsi workshop covers manual analysis, scripting, P-Code and SLEIGH.

Stay In Touch

Like the NSA, our newsletter will be in your inbox every Tuesday. Unlike the NSA, you can unsubscribe at any time.