image image

Grzegorz Wypych

ARM32 exploitation for IoT devices calender


Trainers: Grzegorz Wypych

Date: 25th - 27th Oct 2021

Time: 9:00am to 5:00pm CEST

Venue: NH Den Haag Hotel, The Netherlands

Training Level: Basic to Intermediate


Note: Regarding COVID-19 safety, Hardwear.io will seek to ensure a safe event, as the health and safety of our exhibitors, delegates, speakers, and staff will always be our number one priority. Hardwear.io will follow all applicable health regulations required by the local (GGD) and government (RIVM and VWA) authorities.


Training Objectives:

IoT devices heavily use ARM CPUs. Raspberry Pi v4 very popular device microcomputer is based on armv7. ARMv7 is used by all Cortex-XXX microcontrollers. Cortex-XXX microcontrollers are used by IoT devices. Goal of the training is to teach students to find vulnerabilities and exploit them even with memory corruption protections applied on binaries. During entire course we will avoid source code analysis, instead do reverse engineering and disassembly to be as close as possible to real world analysis scenarios for IoT devices.


What to Expect? | Key Learning Objectives:

  • 100% hands on, each student will have dedicated VM with all labs
  • Reverse engineering binaries (no source code provided)
  • Finding and exploiting vulnerabilities in binaries
  • Memory corruption bypass mitigation techniques

Training Detailed Description:

Agenda

Day 1
  • getting familiar with environment
    • Disassembler and reverse engineering process
    • Pwntools library
    • Gdb
    • Debug gdb over ssh with python
    • Exploit scripting basics and methodology
  • ARM32 assembly fundamentals important for exploitation
    • Registers
    • Calling convention
    • Walk-trough stack frame (prologue, epilog)
    • Local variables and parameters
    • Branching and conditional execution
  • Basic buffer overflow to gain control of code execution
  • Basic buffer overflow with shell code on vanilla executable stack

Day 2
  • Understand NX protection
  • Understand Return Oriented Programming (ROP)
  • Bypassing NX protection with different techniques
    • ret2libc
    • ROP chain
    • mprotect


Day 3
  • Format string vulnerabilities and exploitation
  • Understand RELRO protection
  • Understand Stack canaries
  • Bypass Stack canaries by information leakage vulnerability and brute forcing
  • Understand ASLR protection
  • Bypass ASLR protection by information leakage vulnerability
  • Heap Exploitation
    • Understand glibc heap
    • Reversing malloc allocation in binaries
    • Adjacent overwrite
    • UAF vulnerability exploitation
  • Final challenge to use learnt techniques to successfully exploit and gain access to target

Who Should Attend? | Target Audience:

  • Everyone interested in ARM32 exploitation
  • Security Engineers, hackers, vulnerability researchers, students

What to Bring? | Software and Hardware Requirements:

  • All labs will be available via dedicated per student VM with working raspbian for armv7

What to Bring? | Prerequisite Knowledge and Skills:

  • Python scripting skills
  • Basic reverse engineering (not necessary, nice to have)

ABOUT THE TRAINERS

Grzegorz Wypych has worked in IT industry for more than 15 years as network engineer, architect, developer and security expert. He is a speaker on major local and international conferences like: Black Hat, hardwear.io, Security PWNing. He is also security tool inventor and developer. His experience is not only software security but also hardware and IoT. During his security career Grzegorz reported many major CVEs for different devices and firmware’s. Loves to write exploits for MIPS/ARM and Linux x64. He holds master degree of computer science. Currently he is working as IBM X-Force Red Senior Security Consultant. He lives in Poland