Hands-On Ghidra - A Tutorial about the Software Reverse Engineering Framework

In this tutorial, the Ghidra software reverse engineering framework will be presented, its characteristics highlighted and its features to the hitherto industry standard in reverse engineering tools, IDA Pro - the interactive disassembler, compared against. This framework was released on March the 5th 2019, by the National Security Agency under the Apache v2 license and brought with it a powerful decompiler for many different architectures (X86 16/32/64, ARM/AARCH64, Java/DEX bytecode, ...), which will be presented and its underlying intermediate language p-code and the corresponding SLEIGH-format explained. Further, hands-on demonstrations will follow, including the aforementioned SLEIGH-format, the plugin-system and the standalone-mode, showcased on different reverse engineering tasks like binary diffing, code lifting, deobfuscation and patching.