For upcoming training dates, please inspect the Trainings entry in the navigation pane.
For the description of the ARM64 training, click here.
ARM32 Exploitation Training
Nowadays, most people carry at least one ARM-based device in their pockets, some even have an ARM-based computer stripped to their wrist. That said, with a lot of devices comes a lot of attack surface.
No matter if you’re a Pentester, Bug Hunter or by any other factor motivated to be able to exploit memory corruption vulnerablities on ARM-based hardware: this training will get you right on track.
More specifically; this three day training will teach how to exploit memory corruption vulnerabilities in ARM-based environments on modern Linux systems. For that, the ARM architecture is introduced in detail, followed by exercises involving the exploitation of classic stack-based buffer overflows. In addition, the participants will not only learn about modern defense mechanisms, such as Stack Cookies, XN and ASLR, but also about possible bypasses.
Who should attend?
Penetration testers and IT Security professionals, who are keen on learning more about the ARM architecture and low-level security in ARM environments.
Decent scripting language knowledge, such as Python, Ruby or Perl, is highly recommended.
Key Learning Objectives
- Getting to know the ARM architecture and understanding ARM Assembly
- Writing Shellcode
- Understanding of stack-based buffer overflows
- Understanding of modern mitigation mechanisms and how to bypass them
- Experience with scripting languages, such as Python, Ruby or Perl
- Experience with C/C++
- Experience with at least one assembly language
- Powerful Laptop
- 8 GB RAM
- 40 GB free space
- WiFi card
Day 1 - Introduction & Shellcode
- ARM CPU architecture
- ARM assembly instruction set
- Calling Conventions
- Introduction to debugging
- System Calls
- Writing ARM Shellcode
Day 2 - Memory Corruptions & Mitigations
- Stack-based buffer overflows on ARM
- Introduction to Stack Cookies
- Bypassing Stack Cookies (InfoLeak and Bruteforce)
- Introduction to memory protection mechanisms (XN)
- Introduction to ret2libc
Day 3 - ASLR
- Introduction to Return Oriented Programming (ROP)
- Bypassing XN/DEP on ARM using ROP
- Introduction to Address Space Layout Randomization (ASLR)
- Bypassing ASLR via Info Leaks / Brute Force