Advanced Ghidra Scripting & Automation
Event description
Advanced Ghidra Scripting & Automation
Level of Instruction: Intermediate
Instructed by: Max "Libra" Kersten
Abstract:
When you are reverse engineering a file and have to repeatedly perform the same mundane task, you start to wonder how to perform the action automatically. This workshop provides the basis for automating tasks with Ghidra. We will look at a wiper used to target Ukrainian victims in late February 2022.
This four-hour workshop primarily focuses on how to automate repeated activities and how to think in a way that is supported by the analysis framework’s API. You can transfer this knowledge to other reverse engineering suites, although the specific API calls will differ. This class is perfect for aspiring and beginning analysts, while also providing background information and additional techniques for intermediate analysts.
The workshop’s materials consist of multiple malware samples, the precautions for which will be explained in-detail during the workshop, ensuring the safety and integrity of the systems of the attendees. An x86_64 laptop with Ubuntu 22.04 or later, along with Ghidra, Eclipse, and OpenJDK 21 is required. Its mandatory to be able to understand the basics of assembly language and decompiled code, and to be able to read and write Java. Python 2 can be used as a substitute if desired, but is not fully supported
Tickets for good, not greed Humanitix dedicates 100% of profits from booking fees to charity
