24-27 Jun 2019

ARM EXPLOITATION 
(AARCH64 EXPLOITATION)

Ron Munitz, The Premium Software Consulting Group (PSCG)

This intensive hands-on course teaches experienced low-level developers and malware researchers the theory and practice of ARM/AARCH64 exploitation, via a rigorous hands-on curriculum exposing low-level software type of attacks, modern compiler, hardware and operating system protections, and how to bypass them. 

TARGET

The course is targeted towards Linux/ARM/AARCH64 platforms and will address practical IoT, Linux Servers, and mobile device concerns. 

OBJECTIVES

By the end of the course you will: 

  • Understand and implement software attacks on ARM architecture native code

  • Understand hardware, compiler, and Linux operating system protections and bypass such protections

TARGET AUDIENCE

Security personnel with practical experience, C/C++ developers, Security Researchers.

COURSE DETAILS

Date: 24-27 Jun 2019

Venue: TBC

COST

Early Bird (Sign up by 31 May 2019): $4,200 SGD

Standard (Sign up by  16 Jun 2019): $4,500 SGD

Late: $4,800 SGD

 

OUTLINE

  • Introduction

    • Evolution of Computing Devices

    • Modern-day Interesting ARM Use Cases: IoT, Mobile, Servers, Desktops.

    • Introduction to Reverse Engineering

    • About Vulnerabilities

    • About Exploits

    • Real-Life Examples

  • Computer Architecture

    • Introduction to ARM Architecture

    • ARM Licensing

    • Exception Levels

    • Boot Process

    • ARM/AARCH64 Assembly

    • Instructions Set Overview

    • Special & Hidden Instructions

    • Memory Units

    • ELF Format Basics — a program view in the memory.

    • CPU Modes

    • Labs

  • Binary File Format

    • Linux Kernel init loading and binfmt

    • Binary loading procedures

    • ELF format

    • Static Linking

    • Dynamic Linking

    • Other formats [Mach-O]

    • Compiler flags

    • Labs

  • Memory Corruptions — Part 1/3

    • Stack buffer overflow

    • Demo

    • Labs

  • Preliminary Research

    • Static analysis - objdump, IDA

    • Debugging - gdb & IDA

    • Using Crash Dumps

    • Custom Hooks

    • /proc/ File System

    • Environment Variables

    • Auditing & Fuzzing

    • Memory Auditing

    • Existing Fuzzing Tools

    • Creating Custom Tools

    • Labs

  • Memory Corruptions — Part 2/3

    • Implementing Stack Buffer Overflow Shellcode

    • Dynamic Linking: Interposing

    • Heap Overflow

    • Integer Overflow

    • Format String Vulnerabilities

    • Use-After-Free

    • Double-Free

    • Labs

  • Protections & Bypassing — Part 1/2

    • DEP & XN bits

      • Page Access, mmap, mlock and mprotect

      • ARM XN bit

      • Return-Oriented Programming

      • Finding & Using Gadgets

      • Overwriting Function Pointers

      • Additional ARM XN bits

    • Stack Canaries

      • Static Canaries

      • Arbitrary Memory Read

      • Partial or Controlled Memory Write

    • Labs

  • Memory Corruptions — Part 3/3

    • Type Confusion

    • Information Disclosure

    • Race Conditions

    • Labs

  • Shellcode Crafting

    • Art of the Shellcode

    • Remote Shell

    • Finalising Payload

    • Labs

  • Protections & Bypassing — Part 2/2

    • ASLR — Address Space Layout Randomization

    • Bypassing ASLR

    • Partial Address Overwrite

    • Using Predictable Information

    • Using Information Disclosure

    • Custom Protections

    • Summarising Exercise

  • Advances in Operating Systems, Toolchains & Hardware & Final Words

    • Gcc roadmap

    • LLVM/Clang roadmap

    • Linux Kernel roadmap

    • Android roadmap

    • MacOS roadmap

    • ARM roadmap

 

PREREQUISITES

  • Essential:

    • Significant C/C++ or (any architecture) assembly development experience

    • Familiarity with Linux command line tools

  • Recommended:

    • ARM and AARCH64 assembly language proficiency

    • Embedded Linux development experience

    • Working knowledge of Linux command line tools

    • Theoretical knowledge of Operating Systems

 

WHAT TO BRING

Attendees are to bring laptops with at least 30GB of free space. The instructor will provide both instructions for setting up your own Linux station and a VMware Player image with all the required materials.

 

ABOUT THE TRAINER
RON MUNITZ, CEO of The PSCG Premium Consulting group, is a parallel entrepreneur, specialising in Operating System internals and Embedded Security. His experience ranges from esoteric real-time operating systems and all kind of Industrial devices to anything Unix/Linux flavoured, with renowned expertise on the Linux kernel, XNU Kernel and Android and MacOS ecosystems. Ron is an experienced lecturer, who has trained thousands of engineers for The PSCG, ARM and the Linux Foundation, and has initiated and led cybersecurity tracks in several universities.

When not teaching or consulting, Ron is leading PSCG Holdings LTD, a house of excellence for entrepreneurs-researchers, active in the Aerospace, Maritime, Automotive and Mobile cybersecurity domains.

 

In his previous lifetimes, Ron founded Nubo Software, the first Android display protocol, brought up Linux and some RTOS's on more boards than he can remember, did all kinds of security related work ( ;-) ), and led the development of a couple of satellite launchers ( ;-) ;-) ).

CANCELLATION POLICY

This training course requires a minimum of 10 students to commence. If we do not have enough students, this course may be cancelled, and a refund will be processed accordingly.

Infosec in the City. Copyright © 2017-2019
IIC Productions (Pte. Ltd.). All rights reserved.

  • @infoseccity
  • @infosec_city

Contact Us  |  Join Our Mailing List   |  Follow Us :