Craig YoungA Basic Guide to Discovering Attack Surface with Ghidra and GDBIn this article I will introduce how to generate GDB Python code to trace a program being analyzed in Ghidra.May 181May 181
Craig YoungA Basic Guide to AFL QEMUOver the years that I’ve been teaching Ghidra at Black Hat and other events, there is one question which inevitably comes up.Apr 28Apr 28
Craig YoungUnpacking Shellcode with Ghidra EmulatorIn this post, I use Ghidra’s emulator to unpack a Metasploit XOR encoded reverse shell to get decompiled output with resolved syscalls.Jun 4, 20231Jun 4, 20231
Craig YoungFirst Look: Ghidra 10.3 EmulatorGhidra 10.3 dropped this week with a dedicated Emulator tool! I’ve been eagerly anticipating such a feature and so I am very excited that…May 13, 2023May 13, 2023
Craig YoungVulnerability Analysis with Ghidra ScriptingAs some of you may have seen, I posted a challenge to use Ghidra to identify a vulnerability in a WarGames themed game. There has been a…May 7, 20231May 7, 20231
Craig YoungPatching a Bug from a Ghidra ListingWith a full-fledged multi-architecture decompiler available, it is easy to understand why so many of my students skip right over the…Apr 30, 2023Apr 30, 2023
Craig YoungVulnerability Hunting with GhidraOne of the more common uses I’ve had for Ghidra over the years has been to identify and understand vulnerabilities in compiled code. The…Apr 16, 2023Apr 16, 2023
Craig YoungReversing a Simple CrackMe with Ghidra DecompilerIn this article, I will walk through a simple crackme challenge from the collection of sample files for A Guide to Reversing with Ghidra…Apr 10, 2023Apr 10, 2023
Craig YoungA Guide to Reversing Shared Objects with GhidraI’m excited to announce that I will be returning this year to the Black Hat USA 2023 conference in Las Vegas. As with previous years’…Apr 2, 2023Apr 2, 2023