Reverse Engineer Like The NSA’s Best Agents

Ghidra was the NSA’s formerly classified software reverse-engineering tool. Speculated to have been developed over the last 20 years or so, it is now free, open source, and available for download on the NSA’s github page. The only barrier left is the steep learning curve. In this course, we take students from the beginning: menus, icons, and features and build them up over four days into efficiently reversing firmware on a variety of architectures.

The course takes place at the Novotel London West, Hammersmith from the 2nd – 5th of December, 2019.

Book Now

Who Should Take This Course

Students looking to transition their reverse-engineering skills to Ghidra.
Reverse Engineers looking to work well at scale.
Malware analysts wanting to take their skills to the next level.

“Master the NSA Research Tool’s Secrets for less than the cost of the equivalent IDA Pro licence”

Got A Ghidra Problem? Talk To The Ghidra Guys.

Even those who have been reversing for years with IDA Pro face the annoyance of all the menus and hotkeys being different. Well, we at least took care of the hotkeys. We imported the most common keybindings from IDA Pro into Ghidra. We’ll cover the hotkeys, menus, and many more techniques to help bridge the gap from techniques on other platforms to Ghidra and all of its plugins and extensions. This is a majority hands-on course on using Ghidra for reverse-engineering and vulnerability research. Exercises will include PE and ELF files and will be in a variety of architectures, to include x86, x86-64, PowerPC, MIPS, and ARM. This course balances fundamentals with modern applications. After completing this course, students will have the ability to perform analysis of real-world binaries in Ghidra with both manual and automated techniques. Students will know how to leverage Ghidra’s strengths and how to complement its weaknesses.

What You’ll Learn

Static analysis of real-world binaries in Ghidra
Static analysis of real-world firmware in Ghidra
How to use Ghidra for manual reversing work
How to automate analysis with Ghidra
How to leverage Ghidra’s strengths
How to compensate for Ghidra’s weaknesses.

Book Now

Course Outline

Day 1 – Reversing With Ghidra

Ghidra Overview
Project management
Code navigation, manipulation
Lunch
Symbols, labels, bookmarks, searching
Disassembler-decompiler interaction
Patching

Day 2 – Ghidra Expert Tools

Decompiler deep dive
Datatype management
Memory management
P-code
Lunch
P-code
Ghidra tools
Plugin groups

Day 3 – Ghidra Automation

Java/Jython refresher
The Ghidra FlatAPI
Development with Eclipse and the GhidraDev plugin
Lunch
Analysis in Ghidra headless mode
Java-Jython interop

Day 4 – Ghidra and ExtensionPoint

Loader
Decryptors
FileSystem
Lunch
BuiltInDataType
AbstractAnalyzer

What To Bring

A Laptop with 16 GB of RAM and 4 Core CPU
50 GB of free hard disk space
VMWare or Virtual Box to import an ova file

What Students Are Provided With

Repo access to custom Ghidra tools and scripts

4 Days of Training at a Premium London Venue.
Book Now at only £2600 Inc. VAT!

Book Now!

4 Reasons Why You’ll Want To Train With 44CON

Venue

Focus on learning with our spacious, air-conditioned rooms. The comfort doesn’t stop there, with incredible food at lunch and in breaks.

Serious Savings

Save over 50% with us compared to the same courses at other events in London. Get the Vegas experience without the cost.

44CONnect

Get exclusive invites to 44CONnect – our quarterly event with talks and more. Invites run for 12 months after your last course.

44CON Discounts

You’ll receive an exclusive £50 discount code for standard tickets to the next main 44CON event: the UK’s best security conference.

Meet The Trainers: Jeremy Blackthorne and Evan Jensen

Jeremy Blackthorne is co-founder and lead instructor of the Boston Cybernetics Institute (BCI). Before BCI, he was a researcher in the Cyber System Assessments group at MIT Lincoln Laboratory. He was the co-creator and instructor for the Rensselaer Polytechnic Institute courses: Modern Binary Exploitation and Malware Analysis. Jeremy has published research at various academic conferences, including RAID, WOOT, and LatinCrypt. He has also presented or taught at hacker conferences, including INFILTRATE, REcon, and RingZer0. He served in the U.S. Marine Corps with three tours in Iraq. He is currently a PhD candidate in computer science at RPI and is a proud alumnus of RPISEC.

Evan Jensen is the co-founder and CTO of BCI, where he splits his time between performing security assessments, developing capabilities, and teaching. Evan has conducted training workshops on binary reversing at many universities, including BU, RPI, NYU, MIT, Tufts, and West Point. He has also presented and taught at hacker conferences including SchmooCon, REcon, and RingZer0. Before founding BCI, Evan worked in the Cyber System Assessments Group at MIT Lincoln Laboratory and Facebook’s redteam. He has a BS in computer science from NYU Tandon School of Engineering.

Book Now For December!

44CON December Bonus: Hootenanny Tickets Included!

The 44CONnect Hootenanny is an end-of-year one day event on the 6th of December.

The Hootenanny has a single talk track, a workshop track and an escape room track. We’ll have workshops from our trainers so you can get a taste of their courses, and a bunch of invited talks at the level of quality you’ve come to expect from a full 44CON. The event is fully catered, of course.

All December training attendees automatically receive a Hootenanny ticket as part of their booking. Those who’ve attended training at any time in 2019 can join our wait list. Tickets will be issued to the wait list two weeks before the Hootenanny event.