Ghidra Software Reverse-Engineering for Beginners: Master the art of debugging, from understanding code to mitigating threats

Learn how to use Ghidra to analyze your code for potential vulnerabilities and examine both malware and network threats
Key Features

Make the most of Ghidra on different platforms such as Linux, Windows, and macOS
Unlock the potential of plug-ins and extensions for disassembly, assembly, decompilation, and scripting
Learn advanced concepts like binary diffing, debugging, unpacking real-world malware samples, and reverse engineering ransomware
Purchase of the print or Kindle book includes a free PDF eBook

Book Description

Written by David Álvarez Pérez, a senior malware analyst at Gen Digital Inc., and Ravikant Tiwari, a senior security researcher at Microsoft, with expertise in malware and threat detection, this book is a complete guide to using Ghidra for examining malware, making patches, and customizing its features for your cybersecurity needs.

This updated edition walks you through implementing Ghidra’s capabilities and automating reverse-engineering tasks with its plugins. You’ll learn how to set up an environment for practical malware analysis, use Ghidra in headless mode, and leverage Ghidra scripting to automate vulnerability detection in executable binaries. Advanced topics such as creating Ghidra plugins, adding new binary formats, analyzing processor modules, and contributing to the Ghidra project are thoroughly covered too.

This edition also simplifies complex concepts such as remote and kernel debugging and binary diffing, and their practical uses, especially in malware analysis. From unpacking malware to analyzing modern ransomware, you’ll acquire the skills necessary for handling real-world cybersecurity challenges.

By the end of this Ghidra book, you’ll be adept at avoiding potential vulnerabilities in code, extending Ghidra for advanced reverse-engineering, and applying your skills to strengthen your cybersecurity strategies.
What you will learn

Develop and integrate your own Ghidra extensions
Discover how to use Ghidra in headless mode
Extend Ghidra for advanced reverse-engineering
Perform binary differencing for use cases such as patch and vulnerability analysis
Perform debugging locally and in a remote environment
Apply your skills to real-world malware analysis scenarios including ransomware analysis and unpacking malware
Automate vulnerability detection in executable binaries using Ghidra scripting

Who this book is for

This book is for software engineers, security researchers, and professionals working in software development and testing who want to deepen their expertise in reverse engineering and cybersecurity. Aspiring malware analysts and vulnerability researchers will also benefit greatly. Prior experience with Java or Python and a foundational understanding of programming is recommended.
Table of Contents

Getting Started with Ghidra
Automating RE Tasks with Ghidra Scripts
Ghidra Debug Mode
Using Ghidra Extensions
Reversing Malware Using Ghidra
Scripting Malware Analysis
Using Ghidra's Headless Analyzer
Binary Diffing
Auditing Program Binaries
Scripting Binary Audits
Developing Ghidra Plugins
Incorporating New Binary Formats
Analyzing Processor Modules
Contributing to the Ghidra Community
Extending Ghidra for Advanced Reverse-Engineering
Debugging
Unpacking in-the-Wild Malware
Reverse-Engineering Ransomware