Hardwear.io Security Trainings and Conference USA 2026

  • 26th – 30th May 2026
  • Santa Clara Marriott, USA
Share:
Advanced

Hands-On TrustZone TEE Security

Training Objectives

ARM TrustZone Trusted Execution Environments (TEEs) form the backbone of the security architecture for a diverse array of devices, including smartphones, tablets, smart TVs, automotive infotainment systems, and drones. Over the past decade, numerous design and implementation flaws in TrustZone TEE implementations have been uncovered, exposing critical vulnerabilities that compromise the integrity and confidentiality these systems aim to guarantee. These flaws often stem from recurring TrustZone TEE-specific patterns. This training provides a hands-on, offensive-focused exploration of these vulnerabilities, equipping participants with a comprehensive understanding of the flaws and pitfalls in modern TrustZone TEE implementations.

In this training, you will gain a deep, hands-on understanding of ARM TrustZone TEEs from both a system-level perspective and an offensive security lens. Drawing from real-world research, you’ll learn to analyze system designs to intuitively identify vulnerabilities, explore hardware primitives that enforce isolation and confidentiality, and master the key “do’s and don’ts” of TrustZone TEE design.

On an emulated training platform designed for 64-bit ARM TrustZone TEE implementations, you will put theory into practice. Through an engaging Capture-the-Flag (CTF) experience, you’ll execute a variety of attacks, demonstrating firsthand the real-world impact of design and implementation flaws specific to TEEs.

Finally, you’ll explore advanced techniques to fuzz critical TEE components, including the secure monitor and Trusted Applications (TAs), giving you practical skills to assess and challenge TrustZone security implementations.

By the end of this training, you’ll not only have sharpened your offensive security skills but also developed a robust understanding of the intricacies of TrustZone TEEs.

Key Learning Objectives

  • Understand TrustZone TEEs from the ground up
  • Map the attack surface of and identify vulnerabilities within TrustZone TEEs
  • Understand TrustZone-specific design and implementation flaws
  • Exploit vulnerabilities in TrustZone TEEs

Detailed Description

This three-day training is structured to provide you with a comprehensive learning experience that combines theoretical insights and practical application. During the official training hours, you will attend engaging lectures designed to deepen your understanding of ARM TrustZone TEE security, covering key concepts, vulnerabilities, and offensive techniques.

In addition to the lectures, you’ll participate in hands-on practical exercises that reinforce the material covered. These exercises, including a dynamic Capture-the-Flag (CTF), can be completed both during and outside of the official training hours, allowing you the flexibility to explore and experiment at your own pace. This structure ensures you gain both the knowledge and the practical skills to effectively analyze and exploit TrustZone TEE vulnerabilities.

During the three-day training, we will cover a broad range of TEE security topics including

  • Foundation
    • What is a TEE?
    • TrustZone, SGX, SEV, and friends
  • ARM TrustZone Overview
    • Use cases
    • Security model
    • Attack surface
    • TEEs in-the-wild: the Android TEE Ecosystem
  • Trusted Applications
    • Talking to TAs: the GlobalPlatform APIs
    • Sharing memory pitfalls (the semantic gap)
    • GlobalConfusion attacks
    • Time-of-Check-Time-of-Use attacks
    • Rollback attacks
    • Code confidentiality
    • Cryptographic key protection pitfalls
    • Exploit mitigations
    • Fuzzing TAs
  • Secure Monitors
    • ARM Trusted Firmware-A
    • Design and implementation flaws in SMC handlers
    • Fuzzing Secure Monitors
  • Trusted Operating Systems
    • System call interface
    • GlobalPlatform APIs
    • Design and implementation flaws in Trusted OS system calls and drivers

Who Should Attend?

  • Security researchers and engineers interested in TrustZone TEE security
  • Pen testers, bug bounty hunters, and forensic investigators interested in an offensive TrustZone TEE perspective

Prerequisites

  • Basic systems programming experience in C
  • Experience with the ARM architecture (aarch64)
  • Good understanding of computer architecture and systems concepts
  • Familiarity with reverse engineering (aarch64)

Software & Hardware Requirements

  • Modern laptop capable of smoothly running an Ubuntu VM compiled for 64-bit x86 (i.e., using VMWare or VirtualBox)
  • At least 30GB of free space for the VM

What You Get

  • Ubuntu (64-bit x86) VM with training contents
  • CTF competition platform access

Training Details

  • Date: 26th to 28st May 2026
  • Time: 9:00am to 5:00pm PDT
  • Venue: Santa Clara Marriott
  • Level: Advanced
Register Now

About Trainer

Marcel Busch

Marcel Busch (@0ddc0de) holds a PhD in Computer Science with a specialization in cybersecurity, bringing a wealth of expertise and hands-on experience to the training. In his past research he broke proprietary TEEsfuzzed TAs, identified the GlobalConfusion design weakness, performed large-scale rollback attacks, and fuzzed secure monitors.

As an experienced educator, Marcel has delivered university-level lectures to large audiences. Additionally, he organized weekly Capture-the-Flag (CTF) meetings and workshops on reverse engineering and binary exploitation. As a passionate CTF enthusiast, Marcel has captured flags in dozens of competitions as a member of renowned teams such as FAUST, Shellphish, polygl0ts, and the Organizers.

Marcel’s unique combination of academic rigor, practical expertise, and competitive experience makes him an exceptional trainer for this hands-on security course.