The Definite Guide to ARM Exploitation
ARM is one of the most popular processor architecture in today's world. Be it IoT Devices, Healthcare appliances or your smartphone, ARM is everywhere. Being able to identify vulnerabilities in ARM binaries and perform exploitation, is one of the most required skillsets for any penetration tester.
The Definite Guide to ARM Exploitation is an adventurous journey into the world of ARM architecture, reversing binaries, identifying vulnerabilities and learning how to perform exploitation. The book takes advantage of emulated ARM architecture, which means that you don't need to buy expensive hardware or tools to try out the exercises and labs in the book. With the book, you will find yourself tearing apart ARM binaries and exploiting them using techniques such as overflow-based exploitation and ROP.
If you have never looked at ARM binaries before and want to get started, this is a must-have book. In this multi-part book series, author Barun Kumar Basak takes you step-by-step into learning ARM assembly and using that knowledge to perform exploitation. Some of the topics covered include ARM assembly introduction, Shellcoding on ARM, Return Oriented Programming (ROP) and Heap Exploitation.
About the Video Course:
Offensive ARM Exploitation Video course includes all the topics covered in the book, along with additional background information. The video course is a WIP, however is available for order now for a discounted pricing.
The training course comes with HD Videos, Slides for the training, Slack Discussion group to ask queries and doubts to the author and more.
About the Author:
Barun Kumar Basak is an ARM Reverse Engineer and Lead Security Researcher at Attify, Inc. In his current role, he focuses on binary exploitation for IoT Devices, vulnerability discovery and crafting reliable exploits, including bypassing complex security protections.
He is also the author of a number of open-source projects including RopGen, bnpy - an architecture plugin for Binary Ninja and more. He has also previously identified vulnerabilities in products such as Avira, Avast and Axis. He can be reached on Twitter at @0xec_ .