"There's an Intel on every desktop, but an ARM in every pocket."
The Internet of Things (IoT) universe comprises largely of ARM based systems. The ARM IoT Exploit Laboratory brings you an intense 4-day course featuring a practical hands-on approach to exploit development on ARM based systems. This class is perfectly suited for students who are keen to dive into the world of modern ARM exploit development. The last day of the class runs like a hardware CTF, where students will spend the entire day attacking three hardware IoT targets.
Our intermediate level class begins with an introduction to ARM architecture and ARM assembly language and moves quickly onto debugging techniques for ARM systems, exploiting buffer overflows on ARM devices running Linux, writing ARM shellcode from the ground up, and bypassing exploit mitigation techniques with ARM Return Oriented Programming (ROP). Our lab environment features both hardware and virtual machine targets.
** UPDATED FOR 2019 ** A new methodology for end-to-end "Firmware-To-Shell" hacking, testing out ARM exploitation skills against commercial ARM based SoHo routers and IP surveillance cameras. Students will extract the manufacturer's firmware, learn how to analyse and debug it in a virtual environment, build an exploit which involves tight ROP chaining and ASLR bypass, and finally succeed in getting a shell on the actual hardware.
Students will be provided with all the lab images used in the class. The ARM IoT Exploit Laboratory uses a "Live Notes" system that provides a running transcript of the instructor's system to all the students. Our lab environment, plus about 800MB of curated reading material, will be made available to all attendees to take with them and continue learning after the training ends.
Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients around the globe. Saumil is an internationally recognised speaker and instructor, having regularly presented at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest, Hack.lu, Hack-in-the-box and others. He has authored two books titled "Web Hacking: Attacks and Defense" and "The Anti-Virus Book". Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world and taking pictures.