Introduction to AArch64 Binary Exploitation
Skill level: Beginner
Duration: 3 days
Delivery: in-person, public or private
Instructor: Michael Subotic, PhD

Course description:

This course is designed for novice security researchers interested in learning binary exploitation on 64-bit ARM. It assumes no previous background in binary exploitation or fuzzing. The material covered serves as a solid foundation for further vulnerability research on mobile and IoT devices. Similar to our other courses, this training is largely self-contained but assumes minimal entry requirements.

The training starts off with an introduction to the AArch64 architecture, data models, calling convention, and ARM64 assembly. We then cover common classes of memory corruption vulnerabilities, various exploitation techniques and current exploitation mitigations. A large portion of the material covered in this class is devoted to exploitation of heap-related vulnerabilities.

The course material also includes a brief introduction to user-space fuzzing with code coverage / symbolic execution.

The course is very hands on. It is organised into theory and practical components where theory material is followed by practical labs demonstrating the learned concepts.

Prerequisites:
  • Basic C / Python programming skills
Who should attend:
  • Pentesters
  • Reverse engineers
  • Bug hunters and exploit developers
Hardware and software:
  • Base OS - Windows, macOS, Linux
  • Virtualisation software that allows you to import VMs in standard OVA/OVF format
  • At least 80GB of free disk space
  • At least 16 GB of RAM
Key learning objectives:
  • Introduction to ARM64 binary exploitation
  • Developing your own shellcode
  • Common classes of memory corruption vulnerabilities
  • Exploitation mitigations NX, ASLR, RELRO, stack canaries, etc.
  • Chaining multiple vulnerabilities and developing complex memory corruption exploits
  • Fuzzing with code coverage / symbolic execution
Course agenda:
  • Introduction to AArch64 / assembly
  • Developing custom ARM64 shellcode
  • Common memory corruption vulnerabilities
    • Integer-related vulnerabilities (signedness issues, typecasting, overflows)
    • Use-after-free vulnerabilities (UAF)
    • Stack and heap overflows
  • Debugging with GDB
  • Exploitation mitigations NX, ASLR, RELRO, stack canaries, etc.
  • Return-oriented / Jump-oriented programming
  • Fuzzing with code coverage / symbolic execution

Public Schedule
Training Announcements

There are generally two public trainigs sessions per year (first half of the year) in Europe or Asia. You can sign up below to receive public training schedule notifications.

For a private training contact us directly.