Dates: 12th November - 16th November 2018 (5 days)
Venue: TBA, Singapore
Availability: 20 Seats
Today's world of mobile devices is mostly dominated by ARM based systems. While many of these devices are still running with 32 bit ARM CPU cores the move powerhungry applications have meanwhile all moved over to 64 bit ARMv8/ARM64 CPU cores. For software reverse engineers and exploit developers this means they have to learn yet another CPU architecture, because the 64 bit moder (AARCH64) of these CPUs is like a completely new architecture and requires them to learn a completely new instruction set called A64.
Our newly designed course begins with an introduction of the ARM64 architecture and its new A64 instruction sets. The trainees will learn to understand and reverse engineer snippets of ARM64 assembly. The course then moves over to the exploitation of vulnerabilities. Trainees will learn about ARM64 stack buffer overflows and return oriented programming, differences between Android/Linux and iOS and the training will end with heap exploitation topics.
The hands-on tasks of this training will be executed on a mixture of emulated ARM64 devices, actual Android and iOS devices and on ODROID-C2 devices running linux. Trainees will each take home an ODROID-C2 ARM64 device.
The goal of this training is to enable you to understand the ARM64 architecture, understand A64 assembly language and write exploits for a variety of ARM64 android/linux/iOS targets.
Introduction to the ARM64 CPU architecture
Understanding the different ARM64 Calling Conventions
Exploring the A64 Instruction Set
Reverse Engineering of small code snippets
Exploring the ARM64 System Registers
Understanding ARM64 Page Tables
Introduction to ARM64 debugging with gdb and lldb
Crashdumps, Coredumps and Kernel Panics
System Calls and Writing Shellcode in ARM64 (for later conversion into ROP)
Exploitation of ARM64 stack buffer overflows
Exploit Mitigations Part I ((P)XN, ASLR, Stack Cookies)
Bypassing Stack Cookies with Infoleaks
ARM64 Return Oriented Programming
differences ROP / BOP / code reuse
manual and tool driven ARM64 ROP gadget search
building practical ROP chains
Hands-on: writing exploit with ROP chains
breaking ASLR with brutefore / infoleaks
Hands-on: changing exploit to defeat ASLR
Heap Vulnerabilities (memory corruption, use after free, double free, ...)
Introduction to various heap implementations
Differences of heap implementations in Linux/Android/iOS
How to exploit Use After Free bugs
Hands-on: exploit a use after free vulnerability
How to exploit Heap memory Corruptions
Hands-on: exploit a heap memory corruption
All students will take home an ODROID-C2 ARM64 device
The whole training material (multiple hundred slides) will be handed to the students in digital form.
training is for intermediate students that have had prior contact to exploitation
capable of performing basic tasks within the OS they bring
capable of operating the command line of their OS
capable to use the VMWare virtualization software to run a virtual machine provided by trainer
knowledge of basic shell scripting, python, C programming language
knowledge in at least one non ARM64 assembly language (e.g. ARM, x86, x86_64)
Notebook powerful enough to run a virtual machine (no netbook, no tablet, no iPad)
at least 8 GB or RAM
40 GB of free harddisk space
wireless network card
for notebooks with USB-C students must bring USB-A adaptors or hubs
further ARM64 hardware will be provided by the trainer
ARM64 disassembler (e.g. IDA Pro 6.x with ARM64 support, Hopper, Binary Ninja)
Linux / Windows / Mac OS X desktop operating systems
MANDATORY: VMWare Player / VMWare Workstation / VMWare Fusion (installed and tested)
MANDARORY: Students require Administrator / root access
The training will be held at TBA (Singapore). The TBA is located near ... in Singapore, which is easily reachable with public transportation from many parts of Singapore.
No special deal has been made with the hotel concerning rooms for the attendees. Attendees are free to choose whatever hotel is nearby.
We offer the following rates for this training. The prices are in Singapore Dollars and include 7% GST.
Early Bird (before 15th August)
Regular (before 1st November)
Registration closes 1st November
The training ticket price include daily lunch, morning and afternoon coffee breaks, free soft drinks in the training room.
If you have further questions about this training please contact us by e-mail firstname.lastname@example.org. If you want to sign up for this training please do this via COSEINC, here. Please notice that signup and billing of the training is performed by COSEINC. Execution of the training however is done by Antid0te SG Pte. Ltd.
In-House Training / Conferences / Additional Trainings
If you are interested in this training, but want us to perform the training for your people at your office, want to feature our training at your conference or would just like to know if we provide the training again at a later time please contact us by e-mail email@example.com.