Courses

Learn more about the training offered at INFILTRATE

Azeria Labs: Advanced IoT Exploit Development for ARM 32-bit

Based around two real-world IoT targets that we will emulate, this course gets students to learn the process of building and debugging a memory-corruption exploit from scratch, bypassing exploit mitigations such as NX and ASLR along the way.

Our course begins with an introduction into the ARM architecture and assembly language, and how to build shellcode that can be used in exploits against ARM targets. Students then learn about the theory and practice of attacking memory-corruption exploits by finding and exploiting a stack-overflow vulnerability. Students then learn about exploit mitigations, what they are, and how to bypass them, and how to take over the process using both ret2libc, as well as complex ROP-chains to run in-memory only shellcode directly in the target process.

The second day of the course focuses on exploiting two real-world routers, including the process of how to emulate, debug and trigger vulnerabilities on real-world devices, and how to adapt exploits from one target to work on a different target, even when the devices use identical library versions.

The third day of the course provides a deeper study of exploit categories and techniques to make exploits reliable. Students will cover vulnerability discovery and use of “information leaks” to stabilize memory-corruption exploits, and learn about the ASLR and stack canary exploit mitigations, and how to exploit format-string vulnerabilities to bypass these mitigations.

The final day is a deep-dive into the process of heap exploitation, and using heap vulnerabilities to construct exploitation primitives that can be engineered together to build powerful and reliable exploits, bypassing NX, ASLR and GCC’s in-built exploit mitigations. We begin with a review of how the glibc heap works, and begin writing an exploit against a network service containing a heap linear buffer overflow. Students will learn how to turn this buffer overflow into a reliable relative read exploit primitive to bypass ASLR, how to construct arbitrary read primitives to search target memory for useful binaries, and how to exploit and construct malicious vtables to fully take control of the target device.

Course Information

Date: April 19th - April 22nd
Course Fee: $5,100
CPE Credits: 0

View the Conference Calendar

More Infiltrate Courses

If you are trying to determine which course is best suited for you, email us at infiltrate@immunityinc[dot]com and we will assist you.

See all the courses

Syllabus

Course Length: 4 Days

DAY 1

  • ARM 32-bit Architecture
  • Write ARM Shellcode (w/ Lab)
  • Memory Corruption Vulnerabilities (w/ Lab)
  • Exploit Mitigations (w/ Lab)

DAY 2

  • Return Oriented Programming
  • Mprotect ROP Chains (w/ Labs)

DAY 3

  • Address Space Layout Randomization (w/ Lab)
  • Stack Canaries (w/ Lab)

DAY 4

  • Heap Exploit Engineering (w/ Labs)

View Detailed Syllabus

Infiltrate Sponsors

Register Now

Please don’t be one of those people who registers at the last minute after all the tickets have been sold!

Join us at the conference

Training & Workshops

Learn more about the technical training and workshops offered at INFILTRATE

Attend a session