Introduction to AArch64 Binary Exploitation

Skill level: Beginner

Duration: 3 days

Delivery: in-person, public or private

Instructor: Michael Subotic, PhD


Course description:

This course is designed for novice security researchers interested in learning binary exploitation on 64-bit ARM. It assumes no previous background in binary exploitation or fuzzing. The material covered serves as a solid foundation for further vulnerability research on mobile and IoT devices. Similar to our other courses, this training is largely self-contained but assumes minimal entry requirements.

The training starts off with an introduction to the AArch64 architecture, data models, calling convention, and ARM64 assembly. We then cover common classes of memory corruption vulnerabilities, various exploitation techniques and current exploitation mitigations. A large portion of the material covered in this class is devoted to exploitation of heap-related vulnerabilities.

The course material also includes a brief introduction to user-space fuzzing with code coverage / symbolic execution.

The course is very hands on. It is organised into theory and practical components where theory material is followed by practical labs demonstrating the learned concepts.

Prerequisites:

  • Basic C / Python programming skills

Who should attend:

  • Pentesters
  • Reverse engineers
  • Bug hunters and exploit developers

Hardware and software:

  • Base OS - Windows, macOS, Linux
  • Virtualisation software that allows you to import VMs in standard OVA/OVF format
  • At least 80GB of free disk space
  • At least 16 GB of RAM

Key learning objectives:

  • Introduction to ARM64 binary exploitation
  • Developing your own shellcode
  • Common classes of memory corruption vulnerabilities
  • Exploitation mitigations NX, ASLR, RELRO, stack canaries, etc.
  • Chaining multiple vulnerabilities and developing complex memory corruption exploits
  • Fuzzing with code coverage / symbolic execution

Course agenda:

  • Introduction to AArch64 / assembly
  • Developing custom ARM64 shellcode
  • Common memory corruption vulnerabilities
    • Integer-related vulnerabilities (signedness issues, typecasting, overflows)
    • Use-after-free vulnerabilities (UAF)
    • Stack and heap overflows
  • Debugging with GDB
  • Exploitation mitigations NX, ASLR, RELRO, stack canaries, etc.
  • Return-oriented / Jump-oriented programming
  • Fuzzing with code coverage / symbolic execution

Public Schedule

Training Announcements