Infosec In the City (IIC)
#IICSG2019 Training — ARM (AARCH64) Exploitation
by Ron Munitz, The Premium Software Consulting Group (PSCG)
This intensive hands-on course teaches experienced low-level developers and malware researchers the theory and practice of ARM/AARCH64 exploitation, via a rigorous hands-on curriculum exposing low-level software type of attacks, modern compiler, hardware and operating system protections, and how to bypass them.
The course is targeted towards Linux/ARM/AARCH64 platforms and will address practical IoT, Linux Servers, and mobile device concerns.
By the end of the course you will:
Understand and implement software attacks on ARM architecture native code
Understand hardware, compiler, and Linux operating system protections and bypass such protections
Security personnel with practical experience, C/C++ developers, Security Researchers.
Date: 24-27 Jun 2019
Venue: ICE71, 71 Ayer Rajah Crescent, #02-18, Singapore 139951
Early Bird (Sign up by 31 May 2019): $4,200 SGD
Standard (Sign up by 16 Jun 2019): $4,500 SGD
Late: $4,800 SGD
Evolution of Computing Devices
Modern-day Interesting ARM Use Cases: IoT, Mobile, Servers, Desktops.
Introduction to Reverse Engineering
Introduction to ARM Architecture
Instructions Set Overview
Special & Hidden Instructions
ELF Format Basics — a program view in the memory.
Binary File Format
Linux Kernel init loading and binfmt
Binary loading procedures
Other formats [Mach-O]
Memory Corruptions — Part 1/3
Stack buffer overflow
Static analysis - objdump, IDA
Debugging - gdb & IDA
Using Crash Dumps
/proc/ File System
Auditing & Fuzzing
Existing Fuzzing Tools
Creating Custom Tools
Memory Corruptions — Part 2/3
Implementing Stack Buffer Overflow Shellcode
Dynamic Linking: Interposing
Format String Vulnerabilities
Protections & Bypassing — Part 1/2
DEP & XN bits
Memory Corruptions — Part 3/3
Art of the Shellcode
Protections & Bypassing — Part 2/2
ASLR — Address Space Layout Randomization
Partial Address Overwrite
Using Predictable Information
Using Information Disclosure
Advances in Operating Systems, Toolchains & Hardware & Final Words
Linux Kernel roadmap
Significant C/C++ or (any architecture) assembly development experience
Familiarity with Linux command-line tools
ARM and AARCH64 assembly language proficiency
Embedded Linux development experience
Working knowledge of Linux command-line tools
Theoretical knowledge of Operating Systems
WHAT TO BRING
Attendees are to bring laptops with at least 30GB of free space. The instructor will provide both instructions for setting up your own Linux station and a VMware Player image with all the required materials.
ABOUT THE TRAINER
RON MUNITZ, CEO of The PSCG Premium Consulting group, is a parallel entrepreneur, specialising in Operating System internals and Embedded Security. His experience ranges from esoteric real-time operating systems and all kind of Industrial devices to anything Unix/Linux flavoured, with renowned expertise on the Linux kernel, XNU Kernel and Android and MacOS ecosystems. Ron is an experienced lecturer, who has trained thousands of engineers for The PSCG, ARM and the Linux Foundation, and has initiated and led cybersecurity tracks in several universities.
When not teaching or consulting, Ron is leading PSCG Holdings LTD, a house of excellence for entrepreneurs-researchers, active in the Aerospace, Maritime, Automotive and Mobile cybersecurity domains.
In his previous lifetimes, Ron founded Nubo Software, the first Android display protocol, brought up Linux and some RTOS's on more boards than he can remember, did all kinds of security-related work ( ;-) ), and led the development of a couple of satellite launchers ( ;-) ;-) ).