DUBLIN–(BUSINESS WIRE)–The “3-Day
Training: The ARM Exploit Laboratory” training has been added
to ResearchAndMarkets.com’s offering.

ARM has emerged as the leading architecture in the Internet of Things
(IoT) world.

The all new ARM IoT Exploit Laboratory is a fast paced 3-day
intermediate level class intended for students who want to take their
exploit writing skills to the ARM platform. The class covers everything
from an introduction to ARM assembly all the way to Return Oriented
Programming (ROP) on ARM architectures. Our lab environment features
hardware and virtual platforms for exploring exploit writing on ARM
based Linux systems and IoT devices.

The class concludes with an end-to-end Firmware-To-Shell hack, where we
extract the firmware from a popular SoHo router, build a virtual
environment to emulate and debug it, and then use the exploit to gain a
shell on the actual hardware device.

Key Learning Objectives

• Introduction to the ARM CPU architecture
• Exploring ARM assembly language
• Debugging on ARM systems
• Understanding how functions work in ARM
• Exploiting Stack Overflows on ARM
• Writing ARM Shellcode from the ground up
• Introduction to Exploit Mitigation Techniques (XN/DEP and ASLR)
• Introduction to Return Oriented Programming
• Bypassing exploit mitigation on ARM using ROP
• Practical ROP Chains on ARM
• An Introduction to firmware extracting
• Emulating and debugging a SoHo router’s firmware in a virtual
  environment
• Firmware-To-Shell – exploiting an actual SoHo router
• The Lab environment is a mixture of physical ARM hardware and ARM
  virtual machines.

Prerequisites

• A conceptual understanding of how functions work in C programming
• Knowledge of how a stack works, basic stack operations
• Familiarity with debuggers (gdb, WinDBG, OllyDBG or equivalent)
• Not be allergic to command line tools.
• Have a working knowledge of operating systems, Win32 and Unix.
• Have a working knowledge of shell scripts, cmd scripts or Perl.
• If none of the above apply, then enough patience to go through the
  pre-class tutorials.
• SKILL LEVEL: INTERMEDIATE (leaning towards advanced)

Hardware/Software Requirements

• A working laptop (no Netbooks, no Tablets, no iPads)
• Intel Core i3 (equivalent or superior) required
• 8GB RAM required, at a minimum
• Wireless network card
• 40 GB free Hard disk space
• If you’re using a new Macbook or Macbook Pro, please bring your
  dongle-kit
• Linux / Windows / Mac OS X desktop operating systems
• VMWare Player / VMWare Workstation / VMWare Fusion MANDATORY
• Administrator / root access MANDATORY

Agenda

Time: 9.00am – 6.00pm

DAY 1

• Introduction to the ARM CPU and ARM assembly language
• Debugging on ARM systems
• Understanding how functions work in ARM
• Exploiting Stack Overflows on ARM
• EXERCISE – ARM Stack Overflows
• Writing ARM Reverse Shell shellcode from the ground up
• Shellcode optimization and avoiding NULL bytes
• EXERCISE – Embedded Web Server exploit

DAY 2

• Introduction to Exploit Mitigation Techniques (XN/DEP and ASLR)
• Introduction to ARM Return Oriented Programming
• Bypassing exploit mitigation on ARM using ROP
• ARM ROP Tools
• Practical ROP Chains on ARM
• EXERCISE – Exploit featuring ARM ROP Chains
• Bypassing ASLR
• EXERCISE – End to end exploit with ASLR and XN/DEP bypass

DAY 3

• An Introduction to extracting firmware
• Emulating and debugging a SoHo router’s firmware in a virtual
  environment
• Firmware-To-Shell – exploiting an actual SoHo router
• EXERCISE – Working SoHo Router exploit in an emulated environment
• EXERCISE – Attacking a DLINK DIR-880L ARM Router – from firmware to
  shell

For more information about this training visit https://www.researchandmarkets.com/research/45p6bj/3day_training?w=4

Contacts

ResearchAndMarkets.com
Laura Wood, Senior Press Manager
press@researchandmarkets.com
For
E.S.T Office Hours Call 1-917-300-0470
For U.S./CAN Toll Free Call
1-800-526-8630
For GMT Office Hours Call +353-1-416-8900
Related
Topics: Professional
Development and Training