The ARM IoT Exploit Laboratory (Three-Day Workshop) (closed)

Presented at DeepSec 2017 „Science First!“, Unknown date/time (Unknown duration)

NOTE: This is a Three-Day Workshop, starting on the 13th of November, one day earlier than the other trainings.   SHORT ABSTRACT: ------------------- ARM has emerged as the leading architecture in the Internet of Things (IoT) world. The all new ARM IoT Exploit Laboratory is a fast paced 3-day intermediate level class intended for students who want to take their exploit writing skills to the ARM platform. The class covers everything from an introduction to ARM assembly all the way to Return Oriented Programming (ROP) on ARM architectures. Our lab environment features hardware and virtual platforms for exploring exploit writing on ARM based Linux systems and IoT devices. The class concludes with an end-to-end "Firmware-To-Shell" hack, where we extract the firmware from a popular SoHo router, build a virtual environment to emulate and debug it, and then use the exploit to gain a shell on the actual hardware device. LEARNING OBJECTIVES: ------------------- * Introduction to the ARM CPU architecture * Exploring ARM assembly language * Understanding how functions work on ARM * Debugging on ARM systems * Exploiting Stack Overflows on ARM * Writing ARM Shellcode from the ground up * Introduction to Exploit Mitigation Techniques (XN/DEP and ASLR) * Introduction to Return Oriented Programming * Bypassing exploit mitigation on ARM using ROP * Practical ROP chains on ARM * An introduction to firmware extraction * Emulating and debugging an IoT device firmware in a virtual environment * Case Study: From Firmware to Shell - exploiting an ARM router's embedded firmware TARGET AUDIENCE: ---------------- - Pentesters working on ARM embedded environments. (SoCs, IoT, etc) - Red Team members, who want to pen-test custom binaries and exploit custom built applications. - Bug Hunters, who want to write exploits for all the crashes they find. - Members of military or government cyberwarfare units. - Members of reverse engineering research teams. - People frustrated at IoT devices to the point they want to break them!

Presenters:

• Saumil Shah - Net-Square Solutions Pvt. Ltd.
  Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients around the globe. Saumil is an internationally recognized speaker and instructor, having regularly presented at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest, Hack.lu, Hack-in-the-box and others. He has authored two books titled "Web Hacking: Attacks and Defense" and "The Anti-Virus Book". Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world and taking pictures.

Links:

• https://deepsec.net/archive/2017.deepsec.net/speaker.html#WSLOT329

Similar Presentations:

• DerbyCon 3.0 All in the Family (2013) / A SysCall to ARMs
• Black Hat USA 2011 / ARM exploitation ROPmap
• DEF CON 18 (2010) / Exploitation on ARM - Technique and Bypassing Defense Mechanisms