Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

An Azure Sphere Security Breakdown

nullcon via YouTube

Overview

Explore a comprehensive breakdown of Azure Sphere IoT platform security in this 38-minute conference talk from Nullcon International Security Conference March 2021. Dive into Microsoft's approach to IoT security, examining lightweight security features in the custom SoC and patched Linux kernel. Learn about the Azure Sphere Security Research Challenge and discover 16 vulnerabilities identified by Cisco Talos, including a privilege escalation chain. Gain insights into IoT security, vulnerability research, and the specific challenges posed by Azure Sphere's architecture. Follow the speaker's journey through various security aspects, from app manifests to unsigned code execution and privilege escalation techniques.

Syllabus

Intro
The Azure Sphere Security Research Challenge ASSF
Azure Sphere Overview
App_manifest.json
For the Managers
For the Nerds
ASSRC Program Scope
Cool Vulns Discovered
READ_IMPLIES_EXEC
Unsigned Code Execution - PACKET_MMAP
The Escalation Chain - ASXipFS
The Escalation Chain - /dev/mtdblock1
The Escalation Chain - /mnt/config/uid_map
The Escalation Chain - Ptrace & Caps

Taught by

nullcon

Reviews

Start your review of An Azure Sphere Security Breakdown

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.