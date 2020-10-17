If you’re a prior reader of the blog, you probably know that when I have the opportunity to take a training class, I like to write a review of the course. It’s often hard to find public feedback on trainings, which feels frustrating when you’re spending thousands of dollars on that course.

Last week, I took the “Reverse Engineering with Ghidra” taught by Jeremy Blackthorne (0xJeremy) of the Boston Cybernetics Institute. It was ostensibly offered as part of the Infiltrate Conference, but 20202 being what it is, there was no conference and it was just an online training. Unfortunately for me, it was being run on East Coast time and I’m on the West Coast, so I got to enjoy some early mornings.

I won’t bury the lede here – on the whole, the course was a high-quality experience taught by an instructor who is clearly both passionate and experienced with technical instruction. I would highly recommend this course if you have little experience in reverse engineering and want to get bootstrapped on performing reversing with Ghidra. You absolutely do need to have some understanding of how programs work – memory sections, control flow, how data and code is represented in memory, etc., but you don’t need to have any meaningful RE experience. (At least, that’s my takeaway, see the course syllabus for more details.)

One key feature of Jeremy’s teaching approach is the extensive use of Jupyter notebooks for the lab exercises. This encourages students to produce a log of their work, as you can directly embed shell commands and python scripts (along with their output) as well as Markdown that can include images or other resources. A sort of a hidden gem of his approach was also an introduction to the Flameshot screenshot tool. This tool lets you add boxes, arrows, highlights, redactions, etc., to your screenshot directly in an on-screen overlay. I hadn’t seen it before, but I think it’ll be my goto screenshot tool in the future.