Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • #TripwireBookClub – The Ghidra Book
  • Critical Vulnerability
  • Data Breach
  • Malware

#TripwireBookClub – The Ghidra Book

5 years ago Tyler Reguly
#TripwireBookClub – The Ghidra Book

It’s been a little while since we last reviewed a book, but a lot of my team has been spending time with Ghidra this year. Craig Young taught a course on the subject, and I’ve used it with my students at Fanshawe College in their Malware Analysis course. Given our fascination with Ghidra, reviewing The Ghidra Book: The Definitive Guide by Chris Eagle and Kara Nance from No Starch Press made sense. I have a few of Chris’s books on my shelf, and I’ve always enjoyed them, so I was looking forward to digging into this one.

The book takes you from the beginning of your Ghidra journey to the end. From an introduction to disassembly and working with the basics of Ghidra to scripting in Ghidra to extend its capabilities, this book covers it all. One of my favorite aspects of the book is that it doesn’t read like a technical manual. When books are focused on a specific product, they can become very focused on a bland approach that can turn off readers. It feels more like reading the owner’s manual for your car than a book. Thankfully, that didn’t happen with this book, and it was enjoyable. I will admit that I did not read this book sequentially, instead jumping to topics that were relevant to my current work or that interested me. I think that’s the sign of a good technical book when you can move around freely and use it as reference material.

Here’s what others had to say about the book.

The Ghidra Book: The Definitive Guide by Chris Eagle and Kara Nance is an excellent choice for a reference book. This book provides explanations on how to modify the UI and other features that Ghidra provides. This allows any user to customize their layout to suit their specific needs. The authors provide a description of the reverse engineering process and the aspects of Ghidra that can be used. The authors explain the process of obfuscation and the techniques that might be used to prevent the reverse engineering process. They continue on to explain how Ghidra can be used in these situations. This allows readers to understand that if any of these methods are implemented, there are ways that Ghidra can be used to continue the reverse engineering process. Overall, it can be tedious to read through the chapters that explain how to customize the UI.

Rating: 3.9/5

– Andrew Swoboda
Senior Security Researcher
Tripwire

I would highly recommend this book. Rather than simply being a Ghidra user guide, the authors did an exceptional job of laying out many of the fundamental concepts involved in software reverse engineering. As they walk through various aspects of Ghidra functionality, they take the opportunity to explain not only what Ghidra is showing with its data displays but also providing insight into how Ghidra extracts the information from a program. For example, great attention is paid to making sure the reader will understand, at least at a high-level, how compilers arrange stack frames and how they can be reconstructed through static analysis. This is critical knowledge not only for Ghidra users but more generally for anyone involved in software reversing.

The sections in Chapter 8 pertaining to identifying data structures was immensely helpful for me in one of my personal research projects. Specifically, this chapter spells out various patterns of how programmers make use of structured data types as well as how the compiler reflects this in the machine code. In my case, this helped me correct an incorrect function prototype which had impeded my understanding of the program I was analyzing. Another section of particular interest to me is the Ghidra basic scripting guide in Chapter 14. From what I was able to find, this seems to be one of the more comprehensive and well-documented introductions to the Ghidra scripting API.

The later chapters also offer a lot of great material including advanced topics like creating loaders, diffing/patching binaries and working with obfuscated programs. Although Ghidra is not necessarily the best suited for these tasks, the book does a good job of presenting what is possible and what limitations exist. For example, I had previously attempted to modify and patch an ELF binary within Ghidra only to find that this generally didn’t work the way I expected. Although this was not clear to me from the Ghidra documentation, The Ghidra Book does greatly clarify how binary loading and export works in Ghidra, which in turn explains why you cannot export a functional binary after using the ELF loader. The Ghidra Book has answers to this and countless other questions.

Rating: 5/5

– Craig Young
Principal Security Researcher
Tripwire

Having no prior experience with reverse engineering, I was excited to get the opportunity to dive into The Ghidra Book. The book made clear from the very beginning that it was not a user manual for Ghidra. Instead, it was to be used as an enabling tool giving practical examples on how to properly use Ghidra. Being new to reverse engineering and thus software reverse engineering suites (SRE’s) the book did well on laying out the what, why, and how of disassembly and the challenges that arise around them in the first section of the book. Later, common tools that are available to the public give an insight on what motived the creation of Ghidra as well as give the reader a taste of what to expect from Ghidra’s UI and the different data displays. I found this section to be essential in order to understand what you’re looking at as you move further into the book.

The second part of the book is all about basic usage in Ghidra. In this section, the reader is introduced to many screen shots of the GUI and how to navigate the various displays to render data. I found Chapter 6 was very helpful for understanding the basic navigational techniques and getting used to the disassembly constructs. As you read further, the book discusses how to customize Ghidra to work for you. This section talks about collaboration with others on shared projects and introducing basic scripting in Ghidra with both Java and Python languages. This section of the book was the most interesting to me for reasons of automating repetitive tasks such as enumerating functions, function calls, instructions and cross-references.

Overall, I enjoyed The Ghidra Book, and it was a good starting point for me in entering the world of reverse engineering and the many different tools that are accessible due to being open-sourced. I encourage anyone that has an interest in reverse engineering or who just wants to investigate cool open-sourced tools to give The Ghidra Book a read.

Rating: 4.5/5

– Matthew Jerzewski
Security Researcher
Tripwire

Personally, I’m with Craig on this one. The book is a perfect 5/5 for me.

Overall Rating: 4.6/5

We don’t have any plans for another book at the moment, so if you have any suggestions, let us know on Twitter!

The post ” #TripwireBookClub – The Ghidra Book” appeared first on TripWire

Source:TripWire – Tyler Reguly

Tags: Critical Severity, Encryption, High Severity, Java, Medium Severity, TripWire

Continue Reading

Previous The 10 Most Common Website Security Attacks (and How to Protect Yourself)
Next iPhones of 36 Journalists Hacked Using iMessage Zero-Click Exploit

More Stories

  • Data Breach

The Buyer’s Guide to AI Usage Control

1 hour ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

7 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

8 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models

19 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

19 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns

23 hours ago [email protected] (The Hacker News)

Recent Posts

  • The Buyer’s Guide to AI Usage Control
  • Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows
  • Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign
  • Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models
  • DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT