Ghidra - reuteras/dfirws GitHub Wiki
Ghidra is available. Extra extensions can be found under C:\Tools\ghidra_extensions. Currently the following extensions can be added:
Some preferences for Ghidra is done via the default example-customize.ps1 that is copied to local/customize.ps1.
The diffing tool Ghidriff uses Ghidra to diff binaries. For more information read this blog post, Ghidriff: Ghidra Binary Diffing Engine
Currently the versions installed are 10.4 with the extensions mentioned above. The latest version is also installed, currently 11.0.
Ghidrathon is available to install and use in the sandbox. An introduction can be found in this Mandiant blog post, Riding Dragons: capa Harnesses Ghidra (capa-harnessess-ghidra.pdf).