Every developer makes mistakes. If you are unlucky, these mistakes result in a security vulnerability, an almost untraceable bug for the normal developer. Going around the world performing security reviews for the code of embedded and IoT developers I learned the different conceptions that lead developers to create vulnerabilities. This is what made me a better researcher and a better developer, and what I hope to teach you.
In this course you will get a the practical basics of embedded devices security from the beginning:
How vulnerabilities are created and how an attacker approaches a new device. From the internals, physical manipulations, buffer overflows, memory corruptions, timing attacks, all the way to the skill:
How to detect such mistakes, even the uncommon ones. Than you can decide: Should you fix it? Or exploit it? brought to you by LINK
In my training, students will learn about low level vulnerabilities from the basics: buffer overflows, integer overflows, command injections and more. All the way to complex vulnerabilities like TOCTOU attacks and physical intrusion. All subjects learned will focus on the world of embedded and IoT including the examples and exercises.
All exercises will be done on a Linux machine built by me to simulate everything needed. The setup for each lab runs on my server. I built a docker environment with a container for each student. To start an exercise each student login with the username/password of the exercise, where all of the required files reside, including instructions.
Since the make files for each exercise are visible to students, they can manipulate the code for debugging, and try to fix each vulnerability to understand how to avoid it (after they exploit it).
Each lab time consists of a few exercises I expect everyone to solve, which I will also show the solution for in class, and a few “buffer” tasks that are harder to solve.
Each exercise contains code example “hints” so that even students with limited amount of knowledge in C/C++/Python/Bash could finish it.
On each subject learned students will gain the tools to prevent such mistakes when developing and to detect such vulnerabilities when reviewing code.
Almost every subject includes an hand-on lab were you will detect, exploit and fix each vulnerability for deeper understanding.
All assembly examples will be in x86 assembly.