Thomas Roth

Speaker

Talk Title :

Modern reverse engineering with Ghidra


Abstract :

Ghidra has established itself as one of the leading reverse engineering tools - with its powerful decompiler being one of the main reasons. In this workshop you will learn how to effectively use Ghidra for reverse engineering various types of binaries, and how to get the decompiler to produce the best results possible.

After a quick overview over Ghidra itself we will dive into the weeds of the decompiler: What to do if the decompiler can’t understand the binary? How do we get the decompiler to understand inlined code, custom, compiler-created calling conventions, and how to use features such as split-variables to make the output more readable.

Afterwards we will briefly jump into some of the new features of
Ghidra: The debugger and the integrated emulator!

What you should to bring:

  • A laptop running the latest Ghidra version (Currently 10.2.2)

Bio :

Thomas Roth, also known as stacksmashing, is a security researcher with focus on embedded systems. His published research includes research on vulnerabilities in microcontrollers, hardware wallets, industrial systems, TrustZone and mobile devices. He is also well known for publishing educational material on his YouTube channel “stacksmashing”, and released a lot of open-source hardware security tools, such as the chip.fail glitcher.t

Want to connect with Thomas Roth?