We've experienced some issues with border security when bringing in HiKey boards and a large number of test mobile devices. Depending on the country, we might not be able to deliver this training or will need to organise alternative methods for delivering hardware required for this training.
Kernel exploitation on Android devices still presents a relatively new unexplored research area due to its diverse range of hardware options and hardware/software exploitation mitigations implemented by vendors or the Linux kernel itself. Similar to other operating systems, Android provides several common user-space exploitation mitigations and attacking the kernel is an appealing option to obtain full access on the device bypassing any user-space exploitation mitigations.
This course starts by enumerating the Android kernel attack surface (from an LPE perspective) describing any sandboxing options that may limit this attack surface. Though the course is mostly self-contained and there's a brief refresher on arm64 architecture, attendees should be already familiar with this architecture / instruction set.
The main focus is on common kernel vulnerability classes and exploitation techniques on Android (Google Pixel 2/3/4 and Samsung S9/S10 devices, i.e., kernels 4.4+). The current Android version installed on lab test devices is 9 (Pie) but this is likely to change since we constantly update our training material. The training is hands-on and assumes some familiarity with Linux kernel exploit development. Common hardware/software kernel exploitation mitigations on Google and Samsung devices will be discussed and several bypass techniques will be presented. The course will also provide some introduction to fuzzing and crash analysis on Android devices.
This course is largely self-contained but please ensure you meet the entry requirements detailed below.
We generally run a couple of public trainigs sessions per year (first half of the year) in Europe or Asia. You can sign up below to receive public training schedule notifications.
For a private training contact us directly.