ARM shellcode and exploit development - BSidesMunich 2018
Switch branches/tags
Nothing to show
Clone or download
Latest commit f469a93 Apr 8, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
code/Workshop adding soruce code and presentation Apr 8, 2018
README.md Update README.md Apr 8, 2018
workshop_slides.pdf adding soruce code and presentation Apr 8, 2018

README.md

Workshop-ARM BSidesMunich2018

ARM shellcode and exploit development

Workshop topics

ARM Architecture

  • ARM CPU
  • Registers
  • Instructions
  • PC-relative addressing
  • Calling convention and Stack frames

LAB1 - Debugging on ARM system

Shellcode

  • syscalls
  • Shell spawning shellcode (ARM/Thumb) + LAB2
  • Bind TCP shellcode (ARM) + LAB3
  • Reverse shell shellcode (ARM)

Exploit

  • Tools introduction (pwntools, ROPGadget)
  • Modify the value of a local variable (stack1) + LAB4
  • Vulnerability mitigations
  • Ret to libc - Bypass NX and execute a shell with a single ROP gadget (stack_sh) + LAB5
  • Bypass NX with ROP using mprotect (stack_mprotect) + LAB6
  • ASLR
  • Bypassing NX and ASLR (stack_aslr) + LAB7

Enviroment