Friends and associates at Kyrus (Kyrus-Tech.com) recently announced they will be hosting Practical ARM Exploitation Course. This is the extremely popular course maintained by Stephen C. Lawler and Stephen A. Ridley.
Exploitation is harder and a bit more nuanced today than it was in the past with the advent of protection mechanisms like XN, ASLR, stack cookies, etc. As such we aim to teach exploitation on ARM under the real-world circumstances in which the exploit developer will encounter (and have to circumvent) these protection mechanisms. The course materials focus on advanced exploitation topics (circumventing protection mechanisms) using Linux as the platform as a basis to learn the ARM architecture but with the obvious applications being platforms running on mobile phones, tablets, embedded devices, etc.
Ideally, students with some previous exploitation experience will go from knowing nothing about ARM on the first day to exploiting custom heap implementation (bypassing ASLR, NX) using their hand-built ROP connect-back-shell payload at the end of the course.
Where: Sterling, VA, USA
When: October 9th – October 12th, 2012
Cost: $2,500 (includes all course materials, hardware & meals/refreshments)
Contact: michael.tanji @kyrus-tech.com
• 650+ slides across 12 decks
• 17 lab exercises (ranging from code auditing and simple stack overflows to advanced heap exploitation and application specific exploitation)
• 3 CTF style exploitation challenges
• 80+ page printed/bound/laminated lab manual with comprehensive notes including: architecture quick reference, ARM GDB and IDA ‘gotchas’, et al
Prerequisites: Students taking the “Practical ARM Exploitation” course should have an intermediate software exploitation background on another architecture (such as x86). They should also have hands-on familiarity with the following concepts, tools and languages:
• Exploitation of stack and heap overflows
• Basic experience with IDA
• Basic experience with a debugger
• Cursory knowledge of Python or some equivalent language (Java, Ruby, etc.)
• C++ and C coding experience
• A laptop (running any OS) capable of connecting to wired and wireless networks
• An installed valid VMWare
• An installed copy of IDA Standard or better
• An SSH/Telnet client to access the Gustix hardware images
Stephen A. Ridley and Stephen Lawler were research partners at a major U.S Defense contractor that supported the U.S. defense and intelligence communities in areas of information security research and development. Since then they have worked for different companies but stay in contact to collaborate with each other “after hours” on interesting areas of research.
Together they maintain the blog: http://www.dontstuffbeansupyournose.com
Stephen A. Ridley
Stephen A. Ridley is a security researcher with more than 10 years of experience in software development, software security, and reverse engineering. Before becoming an independent researcher, Mr. Ridley served as the Chief Information Security Officer of a financial services firm. Prior to that: Senior Researcher at Matasano. He also was Senior Security Architect at McAfee, and a founding member of the Security and Mission Assurance (SMA) group at a major U.S defense contractor where he did vulnerability research and reverse engineering in support of the U.S. intelligence community. He has spoken about (and given trainings on) reverse engineering and software security at BlackHat, ReCon,EuSecWest, CanSecWest, Syscan and others. Mr. Ridley currently lives in Manhattan and frequently guest lectures at New York area universities such as NYU and Rensselaer Polytechnic Institute.
Stephen Lawler is the Founder and President of a small computer software and security consulting firm. Mr. Lawler has been actively working in information security for over 7 years, primarily in reverse engineering, malware analysis, and exploit development. While working at Mandiant he was a principal malware analyst for high-profile computer intrusions affecting several Fortune 100 companies.
Prior to this, as a founding member of the Security and Mission Assurance (SMA) division of a major U.S. Defense contractor where he discovered numerous 0-day vulnerabilities in “Commercial-Off-The-Shelf” (or COTS) software and pioneered several exploitation techniques that have only been recently discovered and published publicly. Prior to his work at a the major defense contractor, Stephen Lawler was the lead developer for the AWESIM sonar simulator as part of the US Navy SMMTT program. He has spoken at (and given trainings) at BlackHat and other security conferences and is the technical editor of “Practical Malware Analysis” published by No Starch Press.
Kyrus is the world famous contributor of security expertise and innovation. Find more on Kyrus at: http://www.kyrus-tech.com/