This course is designed for cybersecurity professionals and enthusiasts looking to master advanced techniques in ARM64 architecture. Starting with an in-depth exploration of ARM architecture, focusing on ARMv8 (64-bit) architecture and their historical evolution, participants will gain a solid understanding of the ARM64 instruction set, calling conventions, and architectural features. The course covers introduction to reverse engineering, providing essential concepts and methodologies for dissecting ARM binaries effectively. Participants will also receive hands-on training with Ghidra, a powerful reverse engineering tool, and learn how to leverage scripting to automate tasks and streamline analysis workflows.
Moving forward, the course covers various binary exploitation categories, such as Use-after-Free (UaF), Heap Overflow, and more. Participants will learn about exploit mitigations, including Address Space Layout Randomization (ASLR), Pointer Authentication Codes (PAC), Memory Tagging (MTE), Stack Canaries, and other defenses commonly encountered in modern systems. Students will also learn the art of writing JOP and ROP chains tailored for ARM architecture.
This course will be a mix of lectures, practical labs, and projects designed to give students hands-on experience with ARM64 architecture. Students will gain the skills needed to reverse engineer, identify vulnerabilities and create exploits for ARM64 binaries.
Learning Objectives
ARM64 architecture fundamentals, including instruction set and conventions
Introduction to Ghidra and scripting for reverse engineering
Exploitation categories: UaF, Heap Overflow, and more
Mitigations like ASLR, PAC, Stack Canaries, etc., explained
Exploiting Info leaks to bypass ASLR
Exploiting Uninitialized Stack Variables for privilege escalation
Off-by-one byte overflow vulnerabilities and exploitation techniques
Advanced exploitation tactics: ROP, JOP, and chaining strategies
Constructing Jump-Oriented Programming (JOP) chains for ARM64
Advanced Dynamic Instrumentation using Frida
Firmware reversing for ARM64-based systems
Exploiting IoT devices: firmware, protocol analysis, and exploitation
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):