Introduction to Ghidra
– Ghidra overview
– Building Ghidra on Windows, macOS, Linux
X
X
X
X
Bali, 22-25 October: Kaspersky Security Analyst Summit. Register here
This course is your gateway to unlocking the full potential of a powerful reverse engineering tool Ghidra for advanced malware analysis.
Ghidra isn’t just a tool; it’s your strategic advantage in the digital realm. Gain hands-on experience, master scripting, and navigate complex malware analysis with confidence, all while following the lead of Kaspersky’s cybersecurity experts.
Immerse yourself in the realm of advanced malware analysis with Ghidra, guided by industry luminaries Igor Kuznetsov and Georgy Kucherin. Empower your InfoSec career to confidently tackle real-world
threats or elevate your organization’s cybersecurity posture.
Advanced
$1800 inc. tax per learner
Prerequisites
Advanced
$1800 inc. tax per learner
Prerequisites
As the digital realm continues to expand, the challenges associated with it grow as well. Enter Ghidra, a powerful tool that has become indispensable for InfoSec specialists. Whether you’re an individual looking to enhance your career prospects or a business striving to fortify its digital stronghold, Ghidra is the compass guiding you through the intricate terrain of malware analysis and reverse engineering.
Developed by experts at the Kaspersky Lab, the “Advanced Malware Reverse Engineering with Ghidra” course is your gateway to unlocking the full potential of this invaluable tool.
Created by luminaries in the field such as Igor Kuznetsov, Director of GReAT, and Kaspersky security researcher Georgy Kucherin, this course is designed to empower you with the skills and knowledge necessary to navigate the complex world of malware analysis.
The course is tailored to provide a robust foundation in Ghidra. Starting with mastering the basics of Ghidra, you’ll embark on a journey that de-mystifies the malware analysis workflow. Explore data types, structures, and external type definitions. Learn basic and advanced-level Ghidra scripting in Python and Java, find out how to identify run-time library code and much more.
Let’s embark on this transformative training course together, where understanding Ghidra isn’t just an achievement — it’s a strategic advantage.
Director, Global Research & Analysis Team (GReAT)
Igor is the Director of the Global Research & Analysis Team (GReAT) at Kaspersky. His research focuses on investigating malware campaigns and employing reverse engineering techniques to understand advanced malware. His profound knowledge and skills have proven instrumental in understanding and countering complex cyber threats. He has more than 20 years of reverse engineering experience.
Security Researcher, Global Research & Analysis Team (GReAT)
Georgy Kucherin is a Security Researcher at Kaspersky’s renowned Global Research and Analysis Team. Georgy demonstrates an unwavering passion for unraveling the intricacies of complex malware and employing reverse engineering techniques to analyze and understand its inner workings. With a strong background in cybersecurity research, Georgy has contributed significantly to the field through his comprehensive investigations into advanced persistent threats (APTs) such as FinFisher, APT41, and Lazarus. Georgy actively shares his research findings at prominent conferences, including SAS, VirusBulletin, and other renowned gatherings, where his presentations captivate audiences and contribute to the collective knowledge of the cybersecurity community.
– Ghidra overview
– Building Ghidra on Windows, macOS, Linux
– Introduction to the Metasploit sample
– Settings overview, configuring familiar controls
– Basic analysis workflow
– Using Data Type Manager to import type libraries
– Using Ghidra’s parser to import C headers
– Applying structure pointers
– Working with linked lists and adjusting shifted pointers
– Analyzing code that uses PE header structures
– Introduction to scripting
– Analyzing an API hashing algorithm with Ghidra
– Implementing an API hash analysis script in Python and Java
– Introduction to the Mettle sample
– Using a library (.so file) to create a function identification database
– Using Ghidra’s headless mode to create a function identification database from an archive (.a) file
– Introduction to the Calypso sample
– Studying capabilities related to structure pointers, such as automatic recognition of structure fields
– Tips and tricks for working with function pointers, such as applying API function signatures for them
– Ghidra’s decompiler internals overview
– Advanced-level scripting: coding a stack string analysis script using knowledge of decompiler internals
– Learning to expand Ghidra’s capabilities using the Eclipse IDE
– Coding an API hash analysis extension for Ghidra
InfoSec professionals
Perfect for seasoned reverse engineers, incident responders, and digital forensics experts, this course takes your cybersecurity prowess to new heights through an advanced acquaintance with the Ghidra tool.
Cybersecurity consultancies
The course will empower your personnel with the mastery of Ghidra, enabling them to provide unparalleled cybersecurity solutions and deliver top-tier malware analysis services to clients.
Enterprises
Elevate your organization's cybersecurity and SOC teams. Upon completing the course, they'll become experts in conducting a comprehensive malware analysis using Ghidra, capable of uncovering actionable insights that bolster your organization's security framework and enhance incident response strategies.
Guided video lectures
Dive into the Ghidra tool usage through the expert lectures that break down complex concepts into easily digestible segments.
Virtual Lab
Step into a secure virtual environment created specifically for the course, where you can apply your skills without risk.
Iterative learning
Embrace a learning journey that adapts to your pace. Benefit from iterative exercises, quizzes and experts’ solutions that reinforce your understanding, ensuring mastery of each topic before moving forward.
6 months to complete your course
Course delivered in English with English subtitles
Self guided learning that fits around your life
100 hours in browser based Virtual lab with hands on training
Browser based via desktop, mobile or tablet
40+ videos to guide you through the course
PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s)
Reverse engineering
Strengthen your skills in advanced static techniques, get to know decrypting frameworks to automate your tasks to make your reversing skills unique!
Reverse engineering
The course features static and dynamic analysis of some outstanding and unique mobile malware including Android and iOS samples.
Reverse engineering
Get first-hand knowledge and best practices from exclusive research of 10 targeted malware cases used in the wild by powerful APT actors.
Each and every month we share our latest news, tips, tricks and advice on all things cybersecurity related.
Be the first to find out when we run competitions, promotions, launch new courses, release free webinars and much more!
*Ghidra is an open-source software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. Reference herein to any specific commerical product, process, or service by trade name, trademark, manufacturer, or otherwise, in this Software is used for informational purposes only and does not constitute any association or relationship with NSA or its products.