$2,200

Exploiting Real Time Operating Systems

Event Information

Share this event

Date and Time

Location

Location

Tactical Network Solutions

8825 Stanford Blvd

Suite 308

Columbia, MD 21045

View Map

Friends Who Are Going
Event description

Description

CPE/ECE Credits: 40

Course Description
This course will teach students how to analyze, reverse, debug, and exploit embedded RTOS firmware. Hands-on experience with a variety of real-world devices, RTOS’s, and architectures equip students with the practical knowledge and skills necessary to be proficient in RTOS vulnerability analysis and exploitation.

Prerequisites
Due to the nature of the material, we do expect students to already have experience with:

  • basic overflows and ROP
  • be comfortable in IDA’s user interface
  • some prior knowledge of MIPS and ARM (a plus, but not required)

This course is a natural progression for students already familiar with embedded Linux/firmware exploitation. If you attended IoT Firmware Exploitation, then you meet the criteria!

Course Length
5 days

Day 1
Basic introduction to the concept of Real Time Operating Systems
Overview of MIPS architecture and design
Firmware analysis of our first target device
Debugging our first target device
Augmenting IDA’s auto analysis
Searching for backdoors

Day 2
Searching for stack overflows
Exploiting RTOS overflows
How not to crash your target
Practical exploitation of LAN services from the WAN

Day 3
Hardware & firmware analysis
Identifying functions without a symbol table
Debugging without a debugger
Searching for stack overflows
Writing stack overflows with limited debugging
Write stack overflow exploits for our second target device

Day 4
Parsing bugs
Dynamic call path identification
Complex ROP chains
Re-programming RTOS kernel code on-the-fly
Low-hanging crypto
Breaking custom crypto
Finding WPS crypto bugs
Practical exploitation of WPS crypto bugs

Day 5
More firmware analysis
Augmenting IDA’s auto analysis
V-Chip backdoors
Hidden manufacturer menus

Instructor Bio
Craig Heffner is a Vulnerability Researcher and has 15 years experience analyzing embedded systems – 10 actually paid while 5 were just “exploring” on his own. He’s also the creator of binwalk, and he operates the /dev/ttyS0 blog which is dedicated to firmware hacking topics. He has presented at events including Blackhat and DEFCON. His skin has never been exposed to sunlight and is bioluminescent at 200 meters (656 feet) below sea level.

Private, on-site training is available. Call +1 (443) 276–6990 or email us at sales@tacnetsol.com.

Share with friends

Date and Time

Location

Tactical Network Solutions

8825 Stanford Blvd

Suite 308

Columbia, MD 21045

View Map

Save This Event

Event Saved