The ARM IoT Exploit Laboratory
Saumil Shah

Dates

10-13 February 2020

Capacity

16

Price

4.000€
(Early Bird 3.500€)

Introduction

"There's an ARM on every desktop, and Intel in the iPhone baseband"

The Internet of Things (IoT) universe comprises largely of ARM based systems. This year, we bring you a completely overhauled intense 4-day course featuring a practical hands-on approach to exploit development on ARM based systems. This class is perfectly suited for students who are keen to dive into the world of modern ARM exploit development. The last day of the class runs like a hardware CTF, where students will spend the entire day attacking four hardware IoT targets.

Our intermediate level class begins with an introduction to ARM architecture and ARM assembly language and moves quickly onto debugging techniques for ARM systems, exploiting buffer overflows on ARM devices running Linux, writing ARM shellcode from the ground up, and bypassing exploit mitigation techniques with ARM Return Oriented Programming (ROP). Our lab environment features both hardware and virtual machine targets.

  • UPDATED FOR 2020

    • ARM-X: A new firmware emulation framework for accurate emulation of IoT devices, including nvram.
    • Hardware level firmware extraction from IoT devices
    • An introduction to ARM64 Assembly.
  • Learning Objectives

    • Introduction to the ARM CPU architecture
    • Exploring ARM assembly language
    • Understanding how functions work in ARM
    • Debugging on ARM systems
    • Exploiting Stack Overflows on ARM
    • Writing ARM Shellcode from the ground up
    • Introduction to Return Oriented Programming
    • Bypassing exploit mitigation using ROP
    • Practical ARM ROP
    • An Introduction to firmware extracting directly from the hardware
    • Emulating and debugging device firmware in a virtual environment
    • Exploiting Hardware Targets - "Firmware-To-Shell" - Cisco, DLink, Netgear routers and an IP camera
    • Introduction to ARM64 Assembly
    • The Lab environment is a mixture of physical ARM hardware and ARM virtual machines.
  • Day 1

    • Introduction to the ARM CPU architecture
    • Exploring ARM assembly language
    • EXERCISE - Examples in ARM Assembly Language
    • Debugging on ARM systems
    • Understanding how functions work in ARM
    • Exploiting Stack Overflows on ARM
    • EXERCISE - ARM Stack Overflows
    • Writing ARM Shellcode from the ground up
  • Day 2

    • EXERCISE - Write your own ARM Reverse Shell
    • EXERCISE - Embedded Web Server exploit
    • Introduction to Exploit Mitigation Techniques (XN/DEP and ASLR)
    • Introduction to ARM Return Oriented Programming
    • Bypassing exploit mitigation on ARM using ROP
    • ARM ROP Tools
    • Practical ROP Chains on ARM - ret2system and ret2mprotect
  • Day 3

    • Bypassing ASLR
    • EXERCISE - End to end exploit with ASLR and XN/DEP bypass
    • An Introduction to IoT device architecture
    • Firmware Extraction from IoT devices
    • Emulating Firmware using the ARM-X framework
    • Emulating and debugging a SoHo router's firmware in a virtual environment
    • EXERCISE - Attacking a DLINK ARM Router - from firmware to shell
  • Day 4

    • EXERCISE - Attacking a Netgear ARM Router - from firmware to shell
    • EXERCISE - Attacking a Cisco ARM Router - from firmware to shell
    • EXERCISE - Attacking an ARM IP Camera - from firmware to shell
    • ARM64 - the future
    • Introduction to ARM64 Assembly
  • Prerequisities

    • A conceptual understanding of how functions work in C programming
    • Knowledge of how a stack works, basic stack operations
    • Familiarity with debuggers (gdb, WinDBG, OllyDBG or equivalent)
    • Not be allergic to command line tools.
    • Have a working knowledge of shell scripts, cmd scripts or Perl.
    • If none of the above apply, then enough patience to go through the pre-class tutorials.
    • SKILL LEVEL: INTERMEDIATE (leaning towards advanced)
  • Hardware Requirements

    • A working laptop (no Netbooks, no Tablets, no iPads)
    • Intel Core i3 (equivalent or superior) required
    • 8GB RAM required, at a minimum
    • Wireless network card
    • 40 GB free Hard disk space
    • If you're using a new Macbook or Macbook Pro, please bring your dongle-kit (especially for reading USB-A pen drives)
  • Software Requirements

    • Linux / Windows / Mac OS X desktop operating systems
    • VMWare Player / VMWare Workstation / VMWare Fusion MANDATORY
    • Administrator / root access MANDATORY
  • Students

    Students will be provided with all the lab images used in the class. The ARM IoT Exploit Laboratory uses a "Live Notes" system that provides a running transcript of the instructor's system to all the students. Our lab environment, plus about 800MB of curated reading material, will be made available to all attendees to take with them and continue learning after the training ends.

Bio

Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients around the globe. Saumil is an internationally recognised speaker and instructor, having regularly presented at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest, Hack.lu, Hack-in-the-box and others. He has authored two books titled "Web Hacking: Attacks and Defense" and "The Anti-Virus Book". Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world and taking pictures.

Saumil Shah

Saumil Shah

Limited Seats - Remember to reserve your ticket!

register now