Learn more about the training offered at INFILTRATE

Jeremy Blackthorne: Reverse-Engineering with Ghidra

This is a majority hands-on course on using Ghidra for reverse-engineering and vulnerability research. Exercises include Windows binaries, Linux binaries, and device firmware, and will be in a variety of architectures, including ARM, PowerPC, MIPS, x86, and x64. After completing this course, students will have the practical skills to use Ghidra in their day-to-day reversing tasks.

Learning Objectives

  • Students will have the ability to perform static analysis of real-world binaries and firmware in Ghidra
  • Students will have the ability to use manual and automated techniques in Ghidra
  • Students will know how to leverage Ghidra’s strengths and how to complement its weaknesses


Students are expected to have some experience with static and dynamic analysis, Linux, Windows, command line tools, shell scripting, C, and Python. Students should have the ability to do the following:

  • Declare an array pointer in C
  • Write a python script to XOR an encoded string
  • Perform a function trace using a debugger
  • Identify dead code using a disassembler

Course Information

Date: October 11th - October 14th
Course Fee: $4,900
CPE Credits: 0

View the Conference Calendar

More Infiltrate Courses

If you are trying to determine which course is best suited for you, email us at infiltrate@immunityinc[dot]com and we will assist you.

See all the courses


Course Length: 4 Days

DAY 1 - Reversing Engineering with Ghidra

  • Ghidra overview
  • Project management
  • Code navigation, manipulation
  • Symbols, labels, bookmarks, searching
  • Disassembler-decompiler interaction
  • Patching

DAY 2 - Ghidra Expert Tools

  • Decompiler deep dive
  • Datatype management
  • Memory management
  • P-code
  • Program flow
  • Ghidra tools
  • Plugin groups

DAY 3 - Automation with Ghidra

  • Java/Jython refresher
  • The Ghidra FlatAPI
  • Development with Eclipse and the GhidraDev plugin
  • Analysis in Ghidra headless mode
  • Java-Jython interop

DAY 4 - Extending Ghidra with ExtensionPoint

  • Loader, Decryptor, FileSystem
  • BuiltInDataType, AbstractAnalyzer

View Detailed Syllabus

Infiltrate Sponsors

Register Now

Tickets will be released soon.

Training & Workshops

Learn more about the technical training and workshops offered at INFILTRATE

Attend a session