applied security conferences and training: CanSecWest | PacSec |

Security Masters Dojo

Advanced and intermediate security training and technology enhancement for information security professionals.

CanSecWest: Security Masters Dojo Vancouver


The ARM IoT Firmware Laboratory
Register for the March 14-17, 2020 (4-day course)

Instructor(s): Saumil Shah

Description

"There's an ARM on every desktop, and Intel in the iPhone baseband"

The world of ARM IoT devices is growing rapidly. Routers, IP cameras, Network video recorders, VoIP systems and several other "smart" appliances are now running on ARM SoCs. While the hardware is the latest and greatest, the software running on it is a different story.

The ARM IoT Firmware Laboratory is a brand new class, beginning where the ARM IoT Exploit Laboratory left off. This class takes a closer look at the hardware and the firmware running on it.

Students shall learn how to analyse, emulate and exploit the firmware on a variety of ARM IoT devices. The class starts with extracting the firmware directly from the devices, moves on to creating an emulated test environment for fuzzing and debugging, and writing end to end exploits for the devices. The class shall feature an array of hardware targets of varying complexity.

Students shall have ample time for hands on exercises to sharpen their exploitation skills.

** Some Highlights of ARM IoT Firmware Laboratory 2020 **
- Hardware level firmware extraction from IoT devices
- ARM-X: A new firmware emulation framework for accurate emulation of IoT devices, including nvram.
https://armx.exploitlab.net/
- New hardware targets: Network video recorders, multiple IP cameras, multiple routers, and perhaps more.

PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.

Learning Objectives

Students will be provided with all the lab images used in the class. The ARM IoT Exploit Laboratory uses a "Live Notes" system that provides a running transcript of the instructor's system to all the students. Our lab environment, plus about 700MB of curated reading material, will be made available to all attendees to take with them and continue learning after the training ends.

TARGET AUDIENCE

  • Pentesters working on ARM embedded environments. (SoCs, IoT, etc)
  • Red Team members, who want to pen-test custom binaries and exploit custom built applications
  • Bug Hunters, who want to write exploits for all the crashes they find
  • Members of military or government cyberwarfare units
  • Members of reverse engineering research teams. - People frustrated at software to the point they want to break it!
  • PREREQUISITES

    Course Outline


    DAY 1 DAY 2 DAY 3 DAY 4
  • Overcoming limitations in the exploit payloads - size, bad characters and encodings.
  • EXERCISES - three hardware targets to emulate and exploit.
  • BONUS CHALLENGES - for those hungry for more.
  • REQUIREMENTS

    The following tutorials have been specially prepared to get students up to speed on essential concepts before coming to class.

    a) Operating Systems - A Primer

    b) How Functions Work

    c) Introduction to Debuggers

    HARDWARE REQUIREMENTS:

    SOFTWARE REQUIREMENTS:

    STUDENTS WILL BE PROVIDED WITH:
    Students will be provided with the pro version of ARM-X, and all the lab images used in the class. The ARM IoT Exploit Laboratory uses a "Live Notes" system that provides a running transcript of the instructor's system to all the students. Our lab environment, plus about 800MB of curated reading material, will be made available to all attendees to take with them and continue learning after the training ends.

    THE EXPLOIT LAB BLOG: http://blog.exploitlab.net
    OUR TWITTER STREAM: @exploitlab