Black Hat USA Registration Black Hat USA Registration Black Hat USA Briefings Black Hat USA Briefings Black Hat USA Training Black Hat USA Training Black Hat USA Schedule Black Hat USA Schedule Black Hat USA Sponsors Black Hat USA Sponsors Black Hat  USA Special Events Black Hat  USA Special Events Black Hat USA Venue Black Hat USA Venue
 
 

On This Page

Practical Arm Exploitation

Stephen Ridley & Stephen Lawler | July 27-30


Regular

$3600

Ends May 31

Late

$3800

Ends July 24

Onsite

$4000

Ends July 30



Overview

The maintainers of http://www.dontstuffbeansupyournose.com (Stephen C. Lawler and Stephen A. Ridley) have developed a course entitled “Practical ARM Exploitation”. The purpose of the course is to introduce students with prior basic exploitation experience (on other architectures) to “real world” exploitation scenarios on the ARM processor architecture. The reality is that exploitation these days is harder and a bit more nuanced than it was in the past with the advent of protection mechanisms like XN, ASLR, stack cookies, etc. As such, this course is called “practical” because it aims to teach exploitation on ARM under the real-world circumstances in which the exploit developer will encounter (and have to circumvent) these protection mechanisms. The course materials focus on advanced exploitation topics (circumventing protection mechanisms) using Linux as the platform as a basis to learn the ARM architecture but with the obvious applications being platforms running on mobile phones, tablets, embedded devices, etc.

Our hope is that students with some previous exploitation experience go from knowing nothing about ARM on the first day to exploiting custom heap implementation (bypassing ASLR, NX) using their hand-built ROP connect-back-shell payload on the the last day.

The course contains the following:



COURSE SYLLABUS



STUDENT REQUIREMENTS

Students taking the “Practical ARM Exploitation” course should have a intermediate software exploitation background on another architecture (such as x86)

They should have hands-on familiarity with the following concepts:



WHAT TO BRING



Trainers

Stephen Lawler and Stephen A. Ridley were research partners at a major U.S Defense contractor that supported the U.S. defense and intelligence communities in areas of information security research and development. Since then they have have worked for different companies but stay in contact to collaborate with each other “after hours” on interesting areas of research. Together they maintain the blog http://www.dontstuffbeansupyournose.com