State-of-the-art learning techniques help ensure students understand and retain more knowledge than any other course—and retain the knowledge long after classes end.
Use unique Azeria Labs tools to quickly learn and retain complex security concepts. If you want to try out our online assembler AZM, visit azm.azerialabs.com.
Reverse-engineer and exploit real-world devices and hardened programs like those you'll see outside of the classroom. The specific type of target devices used depend on the course (IoT or mobile exploitation).
Lose no time on complicated installations, managing dependencies, or troubleshooting configuration problems on software before class or on the first day—all exploitation development tools and targets come pre-configured and ready-to-use on a purpose-built Azeria Labs virtual machine.
Comprehensive 90+ page training workbooks take students step-by-step through every concept taught in class to reinforce learning and ensure no step is missed.
Learn IoT-security and memory-corruption basics by hacking IoT devices running on Arm®'s 32-bit processors.
Based around two real-world IoT targets that we will emulate, this course gets students to learn the process of building and debugging a memory-corruption exploit from scratch, bypassing exploit mitigations such as NX and ASLR along the way.
Our course begins with an introduction into the Arm architecture and assembly language, and how to build shellcode that can be used in exploits against Arm targets. Students then learn about the theory and practice of attacking memory-corruption exploits by finding and exploiting a stack-overflow vulnerability. Students then learn about exploit mitigations, what they are, and how to bypass them, and how to take over the process using both ret2libc, as well as complex ROP-chains to run in-memory only shellcode directly in the target process.
The second day of the course focuses on exploiting two real-world routers, including the process of how to emulate, debug and trigger vulnerabilities on real-world devices, and how to adapt exploits from one target to work on a different target, even when the devices use identical library versions.
The third day of the course provides a deeper study of exploit categories and techniques to make exploits reliable. Students will cover vulnerability discovery and use of “information leaks” to stabilize memory-corruption exploits, and learn about the ASLR and stack canary exploit mitigations, and how to exploit format-string vulnerabilities to bypass these mitigations.
For four-day courses, the final day is a deep-dive into the process of heap exploitation, and using heap vulnerabilities to construct exploitation primitives that can be engineered together to build powerful and reliable exploits, bypassing NX, ASLR and GCC’s in-built exploit mitigations. We begin with a review of how the glibc heap works, and begin writing an exploit against a network service containing a heap linear buffer overflow. Students will learn how to turn this buffer overflow into a reliable relative read exploit primitive to bypass ASLR, how to construct arbitrary read primitives to search target memory for useful binaries, and how to exploit and construct malicious vtables to fully take control of the target device.
Learn to analyze compiled applications
Packed with practical labs and hands-on examples, the Azeria Labs Reverse Engineering course is designed to give students a deep understanding of Arm 32-bit and Arm 64-bit assembly, and to perform both static and dynamic analysis of compiled programs.
Our reverse-engineering courses are based around a series of reverse-engineering labs, including pure reverse-engineering of compiled binaries through to offensive-security-focused vulnerability discovery and vulnerability class hunting.
Our reverse-engineering courses are available only as private trainings. For more details, get in touch.
Get started on Android security and Arm 64-bit exploit development
This 3-day fast course is optimized for students just starting out in exploit-development or security engineering for Android on ARM.
Our course begins with a detailed introduction into the Arm 64-bit processor and assembly language, with labs covering more advanced shellcoding techniques targeted specifically at Android. Students will deploy their own shellcode as part of an attack against the Android device, and learn how to debug and develop complex functionality for use in their own exploits.
The second day of our course covers Android in more detail, looking at the Android security model, filesystem and permission model, and how to do invasive security auditing of Android user-mode applications, including labs on how to intercept encrypted network traffic and hook vulnerable functions in managed applications to look for exploitable vulnerabilities in the app.
Our final day covers theory and practice of patch-analysis and reverse-engineering. Students will use the Ghidra tool to reverse-engineer a patch for an Android 64-bit native application and use it to identify the security vulnerability that the patch fixes. We will learn how to identify similar vulnerabilities in binary analysis, and use a debugger to instrument and test the unpatched binary to trigger the bug.
Finally, students will develop a fully working exploit against the unpatched application, taking control of the target process via a complex mprotect ROP-chain to cause the process to run the shellcode written by the students on day 1.
This is the prerequisite course of our Advanced Android Exploit Development course where students learn now to turn multiple N-days into exploits, build and chain a kernel exploit to escalate privileges and more.
Azeria Labs Private Trainings are available to corporate clients with minimum class sizes of 10 people. For detailed course outlines and price quotes, email contact [at] azeria-labs.com from your company email account. Please note that private trainings are in high demand and must therefore be booked well in advance.