For upcoming training dates, please inspect the Trainings entry in the navigation pane.

ARM Exploitation Training

Nowadays, most people carry at least one ARM-based device in their pockets, some even have an ARM-based computer stripped to their wrist. That said, with a lot of devices comes a lot of attack surface.

No matter if you’re a Pentester, Bug Hunter or by any other factor motivated to be able to exploit memory corruption vulnerablities on ARM-based hardware: this training will get you right on track.

More specifically; this three day training will teach how to exploit memory corruption vulnerabilities in ARM-based environments on modern Linux systems. For that, the ARM architecture is introduced in detail, followed by exercises involving the exploitation of classic stack-based buffer overflows. In addition, the participants will not only learn about modern defense mechanisms, such as XN and ASLR, but also about possible bypasses.

Who should attend?

Penetration testers and IT Security professionals, who are keen on learning more about the ARM architecture and low-level security in ARM environments.

Decent scripting language knowledge, such as Python, Ruby or Perl, is highly recommended.

Key Learning Objectives

  • Getting to know the ARM architecture and understanding ARM Assembly
  • Writing Shellcode
  • Understanding of stack-based buffer overflows
  • Understanding of modern mitigation mechanisms and how to bypass them

Prerequisite Knowledge

  • Experience with a scripting languages, such as Python, Ruby or Perl

Agenda (preliminary)

Day 1 - Introduction & Shellcode

  • ARM CPU architecture
  • ARM assembly language
  • Debugging on ARM
  • Function calls on ARM
  • Writing ARM Shellcode
  • Exercises

Day 2 - Memory Corruptions & Mitigations

  • Stack-based buffer overflows on ARM
  • Introduction to memory protection mechanisms (XN/DEP)
  • Introduction to Return Oriented Programming (ROP)
  • Bypassing XN/DEP on ARM using ROP
  • Exercises

Day 3 - ASLR

  • Introduction to Address Space Layout Randomization (ASLR)
  • Bypassing ASLR via Info Leaks / Brute Force
  • Exercises