For the description of the ARM32 training, click here.

ARM64 Exploitation Training

Nowadays, most people carry at least one ARM-based device in their pockets, some even have an ARM-based computer stripped to their wrist. That said, with a lot of devices comes a lot of attack surface. No matter if you’re a Pentester, Bug Hunter or by any other factor motivated to be able to exploit memory corruption vulnerablities on ARM-based hardware: this training will get you right on track.

More specifically; this three day training will teach how to exploit memory corruption vulnerabilities in ARM-based environments on modern Linux systems. For that, the ARM architecture is introduced in detail, followed by exercises involving the exploitation of classic stack-based buffer overflows. In addition, the participants will not only learn about modern defense mechanisms, such as Stack Cookies, XN and ASLR, but also about possible bypasses.

Who should attend?

Penetration testers and IT Security professionals, who are keen on learning more about the ARM64 architecture and low-level security in ARM64 environments.

Decent scripting language knowledge, such as Python, Ruby or Perl, is highly recommended.

Key Learning Objectives

  • Getting to know the ARM64 architecture and understanding A64 Instruction Set
  • Writing Shellcode
  • Understanding of stack-based buffer overflows
  • Understanding of modern mitigation mechanisms and how to bypass them

Prerequisite Knowledge

  • Experience with scripting languages, such as Python, Ruby or Perl
  • Experience with C/C++
  • Experience with at least one assembly language

Requirements

  • Powerful Laptop
    • 8 GB RAM
    • 40 GB free space
    • WiFi card
    • Ethernet
  • VMware/VirtualBox

Agenda (preliminary)

Day 1 - Introduction & Shellcode

  • ARM64 CPU architecture
  • A64 Instruction Set
  • Calling Conventions
  • Introduction to debugging
  • System calls
  • Writing ARM64 Shellcode
  • Exercises

Day 2 - Memory Corruptions & Mitigations

  • Stack-based buffer overflows on ARM64
  • Hands-on
  • Introduction to Stack Cookies
  • Bypassing Stack Cookies
  • Hands-on
  • Introduction to memory protection mechanisms (XN)
  • Introduction to Return Oriented Programming (ROP)

Day 3 - Mitigations and Bypasses

  • Bypassing XN/DEP on ARM64 using ROP
  • Hands-on
  • Introduction to Address Space Layout Randomization (ASLR)
  • Bypassing ASLR via Info Leaks
  • Hands-on