This workshop will provide a whirlwind tour from zero to working ARM Assembly Bind Shell in 120 minutes.
Please download the ARM VM in advance of the workshop. You can download it from Azeria-labs or VulnHub:
Despite extensive work to stay on top of vulnerability research techniques for x86 and x64, ARM remains largely ignored. With the proliferation of mobile and Internet of Things devices based on ARM architecture, ARM exploitation evolved into an exciting area with an increasing demand for security researchers specialized on embedded systems.
This workshop is for beginners who want to dive into ARM exploitation but first want to get familiar with ARM Assembly in order to use that knowledge for Reverse Engineering or building ROP chains, for example. One of the best ways to learn ARM assembly is to take apart a C program and try to transform it into its assembly representation. That way, you not only get familiar with various assembly instructions, but also learn how functions work in ARM assembly. Equipped with the knowledge of how to write a bind shell in assembly, participants will be able to write any kind of shell for that matter.
In the first hour of this workshop, we will dive into ARM assembly and everything we need to know to write a working bind shell. The second hours focuses on transforming a C Bind Shell into ARM Assembly and making sure that no null-bytes exist in the final code. That way, the final shellcode can be used for exploits that take advantage of memory corruption vulnerabilities. At the end of this workshop, participants will know how to write any ARM shellcode and use it for exploitation (challenge provided at the end of the workshop).
– Introduction to ARM Assembly
– Understanding how to invoke System Functions on ARM
– Writing Bind Shellcode from the ground up
– Shellcode optimization and avoiding null-bytes
– Exploiting Stack Overflows on ARM
– Basic familiarity with Linux command-line
– Basic understanding of C
– Laptop with at least 4GB RAM
– VMware Player
– 20 GB free disk space for the VM