Title: Tricks to RE fast
Description
In this workshop, we will look at some commonly seen patterns in decompiler-generated C pseudocode. By being familiar with these patterns, we can very quickly predict what a piece of code does when we see something similar the next time.
Setup:
Please download Ghidra (needs Java to run). If you wish to use other decompilers (e.g. IDA), feel free to do so. However, there might be slight differences in the decompiler output.
This workshop focuses on static analysis, i.e. code reading. So, any OS (Windows/MacOS/Linux) and architecture (Intel/ARM) are fine, as long as you can run Ghidra.