Dive into the intricacies of ARM shellcode development in this comprehensive lab session from the Hack In The Box Security Conference. Explore the critical intersection of Internet of Things (IoT) security and ARM architecture, focusing on the unique challenges and responsibilities in securing these ubiquitous devices. Begin with a foundational overview of ARM architecture and instruction sets before delving into system calling conventions. Apply this knowledge in hands-on exercises, crafting ARM Linux shellcode to spawn a shell. Learn techniques for optimizing shellcode size and reliability, crucial for execution in constrained environments. Witness a live demonstration of exploiting a vulnerable ARM-based IoT device running bare-metal firmware, showcasing the process of leveraging a buffer overflow vulnerability to control GPIO pins. Gain insights into the distinct challenges of writing shellcode for bare-metal systems compared to traditional operating systems. Led by IoT Security Researcher Munawwar Hussain Shelia, this session equips security professionals with essential skills for reversing ARM binaries, identifying vulnerabilities, and developing effective exploits in the rapidly evolving IoT landscape.
Overview
Syllabus
#HITBCyberWeek D1 LAB - Writing Bare-Metal ARM Shellcode
Taught by
Hack In The Box Security Conference