Offensive ARM64 Reversing and Exploitation
On-Site Live Group Training / Virtual Live Group Training
Master Offensive ARM Exploitation
Get mastery in dissecting and manipulating ARM architecture-based systems for mobile security assessment. Learn the art of identifying vulnerabilities within ARM-based environments and crafting and executing sophisticated exploits, and unveiling security gaps within ARM64 based systems.
What You Will Learn
This course is designed for cybersecurity professionals and enthusiasts looking to master advanced techniques in ARM64 architecture. Starting with an in-depth exploration of ARM architecture, focusing on ARMv8 (64-bit) architecture and their historical evolution, participants will gain a solid understanding of the ARM64 instruction set, calling conventions, and architectural features. The course covers introduction to reverse engineering, providing essential concepts and methodologies for dissecting ARM binaries effectively. Participants will also receive hands-on training with Ghidra, a powerful reverse engineering tool, and learn how to leverage scripting to automate tasks and streamline analysis workflows.
Moving forward, the course covers various binary exploitation categories, such as Use-after-Free (UaF), Heap Overflow, and more. Participants will learn about exploit mitigations, including Address Space Layout Randomization (ASLR), Pointer Authentication Codes (PAC), Memory Tagging (MTE), Stack Canaries, and other defenses commonly encountered in modern systems. Students will also learn the art of writing JOP and ROP chains tailored for ARM architecture.
This course will be a mix of lectures, practical labs, and projects designed to give students hands-on experience with ARM64 architecture. Students will gain the skills needed to reverse engineer, identify vulnerabilities and create exploits for ARM64 binaries.
On attending this course, you will get:
- Certificate of completion for the Training program
- Source code for vulnerable binaries used during the class
- Source code for Exploit PoCs’ that can be used for Bug Bounties
- All Python Scripts used during the course
- Students will be provided with access to Corellium for for the duration of the course
- Students will be provided access to cloud instances for the duration of the course
- Slack access for the class and after for regular mobile security discussions
Key Objectives
- ARM64 architecture fundamentals, including instruction set and conventions
- Introduction to Ghidra and scripting for reverse engineering
- Exploitation categories: UaF, Heap Overflow, and more
- Mitigations like ASLR, PAC, Stack Canaries, etc., explained
- Exploiting Info leaks to bypass ASLR
- Exploiting Uninitialized Stack Variables for privilege escalation
- Off-by-one byte overflow vulnerabilities and exploitation techniques
- Advanced exploitation tactics: ROP, JOP, and chaining strategies
- Constructing Jump-Oriented Programming (JOP) chains for ARM64
- Advanced Dynamic Instrumentation using Frida
- Firmware reversing for ARM64-based systems
- Exploiting IoT devices: firmware, protocol analysis, and exploitation
Duration
2 Days
Ways to Learn
Who Should Attend?
This course is specifically designed with the needs of modern exploit development and reverse engineering. This course will also be applicable for vulnerability researchers, penetration testers, mobile developers, or anyone keen to learn more about the ARM64 ecosystem.
laptop Requirements
- Laptop with: 8+ GB RAM and 40 GB hard disk space
- Students will be provided with access to Linux cloud instances
- Students will be provided with access to virtual ARM64 devices for hands-on and as such do not need to carry any physical devices
- Administrative access on the system
Detailed Course Setup instructions and Slack access will be sent a few weeks prior to the class
Need To Justify To Your Manager?
Need a Template to Justify the Training Request to your Manager? Download the Template below
Syllabus
- Overview of ARM64 architecture and instruction set
- Introduction to ARM64 security mitigations
- Understanding ARM64 calling convention
- System specific Proprietary registers
- Setting up a testing environment for ARM64 research
- Overview of the different Binary Formats (Mach-O, ELF)
- Segments and Sections in different Binary formats
- ARM64 virtual memory management in mobile devices
- Key concepts and terminologies in reverse engineering
- Introduction to reverse engineering tools like Hopper and Ghidra for ARM64
- Exploring the ARM64 instruction set in depth
- Analyzing and bypassing ARM64 security mitigations
- Deep dive into ARM64 calling convention
- Reversing sample binaries on ARM64 architecture
- Disassembling methods and analyzing assembly instructions
- Modifying assembly instructions for ARM64 exploitation
- Deciphering Mangled Symbols in ARM64 binaries
- Exploiting Heap Overflow in ARM64 binaries
- Exploiting uninitialized stack variables in ARM64 binaries
- Leveraging off-by-one byte overflow vulnerabilities for ARM64 exploitation
- Constructing Jump-Oriented Programming (JOP) chains for ARM64
- Crafting Return-Oriented Programming (ROP) chains for ARM64 binaries
- Understanding and exploiting Uninitialized Memory vulnerabilities in ARM64 code
- Analyzing and exploiting JOP (Jump-Oriented Programming) chains in ARM64 binaries
- Exploiting ARM64-specific vulnerabilities and attack vectors
- Applying ARM64 exploitation techniques to real-world applications and systems
- Exploiting IoT devices powered by ARM64 architecture
- Firmware reversing and exploitation on ARM64-based devices
- Analyzing protocols and performing exploitation on ARM64 IoT devices
- Hands-on labs and practical exercises simulating real-world ARM64 exploitation scenarios
- Capture the Flag
Prerequisites
To successfully participate in this course, attendees should possess the following:
- Working knowledge of cybersecurity and pentesting fundamentals
- Basic Linux skills and command-line proficiency
- Understanding of fundamental programming concepts and looping structures in at least one higher-level language (Java, Kotlin, Objective-C, Swift, C, C++, or similar)
- Basic ARM/AARCH64 binary assembly and exploitation knowledge is recommended, but not required
- Basic working knowledge of iOS and Android platforms is recommended, but not required
Offensive ARM Exploitation Expert (OAAE)
This course prepares you for the Offensive ARM Exploitation Expert (OAAE) certification exam, a hands-on assessment specifically designed to test your grasp of advanced ARM64 reversing and exploitation knowledge.
Exam Duration : 48 hours
TRUSTED TRAINING PROVIDERS
Our trainers boast more than ten years of experience delivering diverse training sessions at conferences such as Blackhat, HITB, Power of Community, Zer0con, OWASP Appsec, and more.
Hear from our Students
Our Students are our greatest voice, just read what they have to say!
Take Your Skills To The Next Level
OUR MODES OF TRAINING
LIVE VIRTUAL
GET IN TOUCH FOR PRICING
- Real-time interaction with our expert trainers over Zoom
- Customizable content tailored to your team’s needs
- Continued support after the training
LIVE ON-SITE
GET IN TOUCH FOR PRICING
- Real-time interaction with our expert trainers at an onsite location
- Customizable content tailored to your team’s needs
- Continued support after the training
FAQ
What are the different formats in which the courses are offered?
Our Live Virtual and On-Site sessions replicate the interactive classroom experience, fostering real-time collaboration and engagement among participants.
Is prior experience in mobile security necessary to enroll in the training program?
While prior experience is helpful, the course is designed to accommodate various skill levels. It provides a structured learning path, starting from foundational concepts and progressing to advanced techniques.
Can i share the purchased course material with other people?
No, the training that you purchase from 8kSec, including the course materials is exclusively for your individual use. You may not reproduce, distribute or display (post/upload) lecture notes, or recordings, or course materials in any other way — whether or not a fee is charged – without the express written consent of 8kSec.
Where can i find the Certificate of Course Completion?
For On-Site/Virtual Courses during private trainings/conferences, we provide a customized certificate after the completion of the course. Please note that the Certificate of Course Completion is different from the one obtained after clearning the Certification exam.
Do i need to setup any Labs in order to perform the Labs in the training?
For Virtual/Live Trainings, we will provide you access to our Lab environment and an instruction guide during the training.
How long does it take to get the results after submitting the Report?
Once you submit your report, one of the members of our review board will review the report and provide with the results in 3 business days.
How Much Does it Cost to Retake the Certification Exam?
The fee to retake the certification exam is USD $119. To schedule your re-examination, simply email info@8ksec.io and our logistics team will be in touch.
Where can i find the schedule of your Virtual/Live Training classes?
You can find our Training Schedule at https://8ksec.io/public-training/. To schedule a Live Virtual or Live On-site private training for a group of 5+ attendees, email trainings@8ksec.io and our logistics team will get in touch with you to organize one.
The information on this page is subject to change without notice.
CONTACT US
Please share with us the project requirements and the goals you want to achieve, and one of our sales representatives will contact you within one business day.
Our Location
51 Pleasant St # 843, Malden, MA, Middlesex, US, 02148
General and Business inquiries
contact@8ksec.io
Trainings
trainings@8ksec.io
Press
press@8ksec.io
Phone
+1(347)-4772-006