The world of ARM IoT devices is growing rapidly. Routers, IP cameras, Network video recorders, VoIP systems and several other "smart" appliances are now running on ARM SoCs. While the hardware is the latest and greatest, the software running on it is a different story. Read more...
Trusted Execution Environments (TEEs) are notoriously hard to secure due to the interaction between complex hardware and a large trusted code bases (TCBs). TEEPwn will guide you into an unexpected range of attack vectors and TEE-specific exploitation techniques, which may be leveraged for novel and creative software exploits, refining your skills to a new level. Read more...
This class is designed to introduce students to the best tools and technology available for automating vulnerability discovery and crash triage with a focus on delivering a practical approach to applying this technology in real deployments at any scale. Read more...
This 4-day course introduces students to real-world attack scenarios on devices powered by UEFI firmware. The course starts from low-level internals of modern operating systems boot process from the perspective of a security researcher interested in bootkits analysis, detection/forensics and vulnerability research. Read more...
This course provides students the skills and knowledge to develop their thin hypervisors as UEFI modules using Intel VT-x. This is a hands-on heavy class and will spend about half of the time with excesses. Read more...
The course focuses primarily on Windows malware and on the analysis, tweaking and re-purposing of real malware samples. Participants will be provided with plenty of custom code to facilitate the understanding of complex malware techniques. Read more...
Web browsers are among the most utilized consumer facing software products on the planet. As the ubiquitous gateway to the internet, browsers introduce significant risk to the integrity of personal computing devices. This course will focus specifically on Google Chrome and Apple Safari. Read more...
This course starts by enumerating the Android kernel attack surface (from an LPE perspective) describing any sandboxing options that may limit this attack surface. Though the course is mostly self-contained and there's a brief refresher on arm64 architecture, attendees should be already familiar with this architecture / instruction set. Read more...
This four-day course contains a thorough introduction to static reverse engineering, the act of deriving meaning from assembly language code simply by reading it. The course has been heavily classroom-tested, having been taught over two dozen times. Read more...
This training will focus on the cellular chip, also known as the baseband processor. It is generally perceived that a significant amount of knowledge is required to do baseband research and this poses a barrier to entry into this field for some. In this training we will show that baseband exploitation is not particularly different from other more traditional targets. Students will learn the basics of cellular networks and how to identify, analyze and exploit baseband vulnerabilities. Read more...
With the release of iOS 15 Apple has once again raised the bars in terms of kernel level security. This course will introduce you to these new security enhancements and discuss them in the light of kernel exploitation of iOS 14 and iOS 15. Read more...
For the first time ever, join both the co-author of the recently updated Windows Internals book series from Microsoft Press, as well as an esteemed senior security researcher and endpoint security engineer, as they take you along a deep dive into the internals of the Windows 11 Operating System. Covering Windows 11 “21H2”, the upcoming “22H1”, and Server 2022. Read more...
This is 32 hour course trains students to do sophisticated program analysis using Binary Ninja and the Binary Ninja Python API for the purpose of vulnerability research with the goal of improving auditing processes, improving ability to identify interesting code paths, and encoding bug primitives. Read more...