This course is designed for novice security researchers interested in learning binary exploitation on 64-bit ARM. It assumes no previous background in binary exploitation or fuzzing. The material covered serves as a solid foundation for further vulnerability research on mobile and IoT devices. Similar to our other courses, this training is largely self-contained but assumes minimal entry requirements.
The training starts off with an introduction to the AArch64 architecture, data models, calling convention, and ARM64 assembly. We then cover common classes of memory corruption vulnerabilities, various exploitation techniques and current exploitation mitigations. A large portion of the material covered in this class is devoted to exploitation of heap-related vulnerabilities.
The course material also includes a brief introduction to user-space fuzzing with code coverage / symbolic execution.
The course is very hands on. It is organised into theory and practical components where theory material is followed by practical labs demonstrating the learned concepts.
We generally run a couple of public trainigs sessions per year (first half of the year) in Europe or Asia. You can sign up below to receive public training schedule notifications.
For a private training contact us directly.