Learn how to use Ghidra to analyze your code for potential vulnerabilities and examine both malware and network threats

Key Features

• Make the most of Ghidra on different platforms such as Linux, Windows, and macOS
• Unlock the potential of plug-ins and extensions for disassembly, assembly, decompilation, and scripting
• Learn advanced concepts like binary diffing, debugging, unpacking real-world malware samples, and reverse engineering ransomware
• Purchase of the print or Kindle book includes a free PDF eBook

Book Description

Written by David Álvarez Pérez, a senior malware analyst at Gen Digital Inc., and Ravikant Tiwari, a senior security researcher at Microsoft, with expertise in malware and threat detection, this book is a complete guide to using Ghidra for examining malware, making patches, and customizing its features for your cybersecurity needs.

This updated edition walks you through implementing Ghidra’s capabilities and automating reverse-engineering tasks with its plugins. You’ll learn how to set up an environment for practical malware analysis, use Ghidra in headless mode, and leverage Ghidra scripting to automate vulnerability detection in executable binaries. Advanced topics such as creating Ghidra plugins, adding new binary formats, analyzing processor modules, and contributing to the Ghidra project are thoroughly covered too.

This edition also simplifies complex concepts such as remote and kernel debugging and binary diffing, and their practical uses, especially in malware analysis. From unpacking malware to analyzing modern ransomware, you’ll acquire the skills necessary for handling real-world cybersecurity challenges.

By the end of this Ghidra book, you’ll be adept at avoiding potential vulnerabilities in code, extending Ghidra for advanced reverse-engineering, and applying your skills to strengthen your cybersecurity strategies.

What you will learn

• Develop and integrate your own Ghidra extensions
• Discover how to use Ghidra in headless mode
• Extend Ghidra for advanced reverse-engineering
• Perform binary differencing for use cases such as patch and vulnerability analysis
• Perform debugging locally and in a remote environment
• Apply your skills to real-world malware analysis scenarios including ransomware analysis and unpacking malware
• Automate vulnerability detection in executable binaries using Ghidra scripting

Who this book is for

This book is for software engineers, security researchers, and professionals working in software development and testing who want to deepen their expertise in reverse engineering and cybersecurity. Aspiring malware analysts and vulnerability researchers will also benefit greatly. Prior experience with Java or Python and a foundational understanding of programming is recommended.

Table of Contents

1. Getting Started with Ghidra
2. Automating RE Tasks with Ghidra Scripts
3. Ghidra Debug Mode
4. Using Ghidra Extensions
5. Reversing Malware Using Ghidra
6. Scripting Malware Analysis
7. Using Ghidra's Headless Analyzer
8. Binary Diffing
9. Auditing Program Binaries
10. Scripting Binary Audits
11. Developing Ghidra Plugins
12. Incorporating New Binary Formats
13. Analyzing Processor Modules
14. Contributing to the Ghidra Community
15. Extending Ghidra for Advanced Reverse-Engineering
16. Debugging
17. Unpacking in-the-Wild Malware
18. Reverse-Engineering Ransomware