Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Offensive ARM64 Reversing and Exploitation
This course is designed for cybersecurity professionals and enthusiasts looking to master advanced techniques in ARM64 architecture. Starting with an in-depth exploration of ARM architecture, focusing on ARMv8 (64-bit) architecture and their historical evolution, participants will gain a solid understanding of the ARM64 instruction set, calling conventions, and architectural features. The course covers introduction to reverse engineering, providing essential concepts and methodologies for dissecting ARM binaries effectively. Participants will also receive hands-on training with Ghidra, a powerful reverse engineering tool, and learn how to leverage scripting to automate tasks and streamline analysis workflows.
Moving forward, the course covers various binary exploitation categories, such as Use-after-Free (UaF), Heap Overflow, and more. Participants will learn about exploit mitigations, including Address Space Layout Randomization (ASLR), Pointer Authentication Codes (PAC), Memory Tagging (MTE), Stack Canaries, and other defenses commonly encountered in modern systems. Students will also learn the art of writing JOP and ROP chains tailored for ARM architecture.
This course will be a mix of lectures, practical labs, and projects designed to give students hands-on experience with ARM64 architecture. Students will gain the skills needed to reverse engineer, identify vulnerabilities and create exploits for ARM64 binaries.
Provider Information
8kSec LLC
51 Pleasant St # 843
Malden, MA 02148
Course Overview
To successfully participate in this course, attendees should possess the following:
Working knowledge of cybersecurity and pen testing fundamentals
Basic Linux skills and command-line proficiency
Understanding of fundamental programming concepts and looping structures in at least one higher-level language (Java, Kotlin, Objective-C, Swift, C, C++, or similar)
Basic ARM/AARCH64 binary assembly and exploitation knowledge is recommended, but not required
Basic working knowledge of iOS and Android platforms is recommended, but not required
Learning Objectives
ARM64 architecture fundamentals, including instruction set and conventions
Introduction to Ghidra and scripting for reverse engineering
Exploitation categories: UaF, Heap Overflow, and more
Mitigations like ASLR, PAC, Stack Canaries, etc., explained
Exploiting Info leaks to bypass ASLR
Exploiting Uninitialized Stack Variables for privilege escalation
Off-by-one byte overflow vulnerabilities and exploitation techniques
Advanced exploitation tactics: ROP, JOP, and chaining strategies
Constructing Jump-Oriented Programming (JOP) chains for ARM64
Advanced Dynamic Instrumentation using Frida
Firmware reversing for ARM64-based systems
Exploiting IoT devices: firmware, protocol analysis, and exploitation
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Competency Areas
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.