ARM-based IoT Exploit Development 2-Day ARM-based IoT Exploit Development

Date
28 November 2018 - 29 November 2018
Hosted by
Seaport Conference Center
Location
459 Seaport Ct, Redwood City, CA 94063
View on Google Maps
Trainer
Maria Azeria Markstedter
Language
English
Capacity
15

Course Description

HardwareSecurity.Training has invited Maria Azeria Markstedter to present ARM-based IoT Exploit Development to round out the offerings at our training event in Redwood City, CA in November.

Course Description

This course introduces the ARM architecture and teaches students how to reverse engineer ARM binaries and bypass exploit mitigations present on ARM-based IoT devices. Students will be provided with a Lab VM containing two emulated ARM architectures and exploitation challenges, as well as a lab workbook specifically crafted for this course.

The first day begins with an overview of the ARM architecture and its instruction sets, followed by hands-on labs on debugging ARM binaries and reverse engineering vulnerable functions. After getting a solid understanding about ARM assembly, students will learn how to write their own shellcode and exploit their first stack overflows.

The second day begins with an overview of ARM exploit mitigations and techniques to bypass them. With hands-on labs, students will learn how to craft their own exploits and bypass these mitigations using techniques like Return-to-Libc and Return-oriented-Programming (ROP). The self-crafted exploits will then be used to attack an emulated router firmware.

Target Device

This course targets an ARM-based router. The router firmware will be emulated inside the Lab VM and attacked using exploits written during the course. The targeted device suffers from multiple buffer overflows and serves as a good example for various vulnerable ARM-based IoT devices. The techniques taught in this course can easily be applied to other vulnerable target devices.

Audience

The target audience of this course are penetration testers and reverse engineers who want to expand their skills to exploit IoT devices, developers, and security enthusiasts who have explored binary exploitation on other architectures but are curious about exploitation of ARM-based devices.

Format

30% lecture 65% lab 5% discussion

Outline

  1. ARM Processor Architecture and Reverse Engineering
    • Background: ARM Processors, Instruction set, Debugging, Vulnerable Functions
    • RE Lab 1: Getting familiar with GDB
    • RE Lab 2: Reverse Engineering Vulnerable Functions
  2. Writing ARM Shellcode
    • Background: Functions and System Calls, Methodology
    • Shellcode Lab 1: Writing your first Shellcode
    • Shellcode Lab 2: Writing a Reverse Shell
    • Shellcode Lab 3: Transforming Reverse Shell into Bind Shell
  3. Stack Overflows
    • Background: Memory Corruptions, Vulnerable Functions
    • Stack Overflow Lab 1: Exploiting Stack Overflows
  4. ARM Exploit Mitigations and Bypasses
    • Background: Exploit Mitigations, Ret2Libc, ROP, ASLR
    • Exploit Lab 1: Bypassing Exploit Mitigations using Ret2Libc
    • Exploit Lab 2: Searching for ROP gadgets
    • Exploit Lab 3: Writing a ROP chain
    • Exploit Lab 4: Creating an Exploit to Attack the Router Firmware
    • Exploit Lab 5: Adjusting the Exploit to Bypass ASLR

Requirements

  • Basic understanding of how functins work in C
  • Familiarity with command line tools
  • Working knowledge of the Linux operating system

What to Bring

Laptop with at least 8GB RAM and minimum 20GB free disk space

Registration

$2200 (until October 29th)
$2900 (after October 29th)
Cancellation requests by paid registrants must be made at least 45 days before the event and may be subject to an administration fee. In the event of course cancellation by the trainer, students may choose to attend an alternate course (space pending) or receive a full refund.

Pay by Credit Card or Bitcoin


Pay by Check/Wire or
Request a Group Discount


Group discounts are available for 3 or more registrations.
Request Invoice

Onsite Training


Can't make it? Training is also available at a location of your choice.
Request an Onsite Quote