The Internet of Things (IoT) has taken over. Everywhere we look we see more systems coming online, from routers to refrigerators. But as these systems become more and more integrated into our home and business networks, how does their security posture keep up with their increasing popularity? The Advanced Reduced instruction set computing Machines architecture (ARM) introduced a new family of computer processors that provide a robust platform that is ideal for running a wide variety of small, specialized systems.
Unfortunately, the rapid expansion of new devices coming to market, along with accelerated development lifecycles, mean that security is often an afterthought. The security posture of many IoT devices is further restricted due to hardware limitations and the need to maintain low production costs.
Now more than ever, there is a demand for highly skilled security professionals who understand IoT vulnerabilities and ARM exploitation. However, the complexity of exploit development and the difficulty of acquiring and analyzing the software that runs on IoT systems can create intimidating barriers to those wanting to enter this field.
SEC661: ARM Exploit Development is designed to break down those barriers. It has been built from the ground up to give students a solid foundation in exploit development on the ARM platform. The course starts by going over the fundamentals of the architecture and some basic ARM assembly. Initial emphasis is placed on key data structures and how they work together so that students gain a better understanding of why certain vulnerabilities occur.
Students are provided with the tools they need to set up and work in an ARM environment. From there, we go through several hands-on labs that explore memory corruption vulnerabilities and show how to craft custom input in order to gain control of execution. We will also cover common exploit mitigations and techniques for bypassing them. Finally, students will demonstrate their understanding of the core concepts taught in this highly technical course by crafting their own exploits against two emulated ARM routers.
You will learn:
- Techniques for running ARM in an emulated environment
- The fundamentals of ARM assembly
- How to write ARM exploits to leverage stack-based buffer overflows
- Exploit mitigations and common workarounds
- How to work with ARM shellcode
- Return Oriented Programming (ROP)
- How to exploit IoT devices in ARM
- 64-bit ARM exploit development
Important! Bring your own system configured according to these instructions!
A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.
It is critical that you back-up your system before class. It is also strongly advised that you do not bring a system storing any sensitive data.
System Hardware Requirements
Additional Hardware Requirements
The requirements below are in addition to baseline requirements provided above. Prior to the start of class, you must install virtualization software and meet additional hardware and software requirements as described below. If you do not carefully read and follow these instructions, you will leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course.
Additional Software Requirements
- 7-Zip: The Virtual Machine zip files can be very large (50 GB+) and some archive tools, even the built in Windows tools have been know to fail. 7-Zip is known to work.
VMware Workstation or Fusion: Please note: VMware Workstation or Fusion is mandatory. VMware Player will not meet this requirement. You must have the ability to take virtual machine snapshots, and you cannot do this with VMware Player.
VirtualBox is not supported and may interfere with our labs. It should not be installed on a system you are planning to use for this class. If you do not own a licensed copy of VMware Workstation or Fusion, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial at their Web site.
- Credential Guard: If your host computer is running Windows, Credential Guard may interfere with the ability to run VMs. It is important that you start up VMWare prior to class and confirm that virtual machines can run. It is required that Credential Guard is turned off prior to coming to class.
System Configuration Settings
- Local Admin: Some of the tools used in the course will require local admin access. This is absolutely required. If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different system.
If you have additional questions about the laptop specifications, please contact firstname.lastname@example.org.