Skip to main content

Debuggers 1102: Introductory Ghidra

Enrollment in this course is by invitation only

About This Course

This is a very basic introduction to Ghidra, with an emphasis on using Ghidra as a debugger, so that it can be used in OST2 assembly classes' final exercise. Topics will include installation, an overview of the default static analysis and debugger interfaces, and how to perform basic debugging of userspace executables on Windows and Linux.


Knowledge of WinDbg or GDB

Knowledge of the assembly language of the executable you'd like to debug (e.g. Intel x86-64 or RISC-V)

Course Staff

Course Staff Image #1

Erin Cornelius

Erin is the Senior Staff Security Researcher at GRIMM, specializing in systems, software, and hardware reverse engineering, vulnerability research, cyberphysical systems security, and mentoring. She has given talks at well-established forums, including ESCAR, Car Hacking Village, Aerospace Village, and B-Sides Las Vegas. Erin helped develop and teaches GRIMM's Automotive Security training, and has taught software reverse engineering at CyberAuto and CyberTruck events. Prior to moving into cybersecurity Erin spent many years designing, testing, and integrating safety-critical embedded systems for telecom, aerospace, medical, and industrial applications.

Xeno's Pic!

Xeno Kovah

Xeno founded OpenSecurityTraining(1) in 2011 to share his and others' trainings more widely. He relaunched OpenSecurityTraining2 in 2021.

Xeno's from Minnesota and has a BS in CS from UMN. He received a MS in computer security from Carnegie Mellon through the National Science Foundation "CyberCorps Scholarship for Service". But the US government didn't really yet know what to do with "cyber" people in 2007; so he ended up going to work for a Federally Funded Research and Development Center - MITRE. Xeno worked exclusively on internal-funded research projects, first as a participant and later as a leader on Windows kernel malware detection and trusted computing projects. Towards the end, other cool researchers inspired him to dig into BIOS and firmware level threats.

Xeno left MITRE to start an independent consultancy, LegbaCore, with Corey Kallenberg in 2015. Less than a year later, under mysterious circumstances that he's legally prevented from stating, he started working for Apple. While at Apple he helped get SecureBoot on Macs with the addition of the T2 chip. He also led the SecureBoot design and implementation project for the ARM-based M1 Macs. But between those big, visible, multi-year, projects, he was silently improving the security of a bunch of the 3rd party peripheral processors' hardware and firmware. He liked working at Apple because he had a bully pulpit where he could force 3rd parties to do the right thing or lose their business. But he likes OST better, so he left in 2020 to work on this full time.

Xeno has a touch of the illness known as being a "collector" (it's not quite to the level of being a "hoarder", so he can't get on TV for it or anything...) Consequently he collects speaker badges and has presented at IEEE S&P, ACM CCS, BlackHat USA/EUR, DEF CON, CanSecWest, PacSec, NL, Hack in the Box KUL/AMS/GSEC/HKT, H2HC, Microsoft BlueHat, Shmoocon,, NoHat, Hacktivity, HackFest, NoSuchCon, SummerCon, RSA, ToorCon, DeepSec, VirusBulletin, MIRCon, AusCERT, Trusted Infrastructure Workshop, NIST NICE Workshop, and the DOD Information Assurance Symposium. And yet he still says "MORE!"