Arm Reverse Engineering & Exploitation


Course Outline

  • General and Special Purpose Registers
  • Arm instruction sets
  • Conditional execution of instructions
  • PC-Relative Addressing and Literal Pools
  • Load and store addressing modes
  • Function calls and subroutines
  • Understanding stack frames
  • Taking control over the program flow
  • Memory Corruption vulnerabilities
  • Exploit mitigations and Bypasses
  • Tracing and issuing system calls
  • Determining syscall numbers
  • ARM calling convention
  • Translation to assembly
  • Shellcode null-bytes
  • Converting assembly into hex string
  • NX Mitigation internals
  • NX Bypass techniques
  • System vs. Mprotect ROP chains
  • Gadget hunting and pitfalls
  • ROP chain restrictions and tricks
  • Firmware extraction process
  • Firmware emulation process
  • Debugging vulnerable services
  • Bypassing vulnerability restrictions
  • Exploiting vulnerability in D-Link router
  • Exploiting vulnerability in Tenda router
  • ASLR internals and bypass techniques
  • Format string vulnerabilities
  • Information leak exploit primitives
  • Bypassing ASLR
  • Stack Canary internals
  • Bypassing Stack Canaries
  • Glibc Heap internals
  • Heap-based vulnerabilities
  • Heap exploit primitives
  • Use-After-Free (UAF) Exploit
  • Building relative read exploit primitives
  • Building arbitrary read primitives
  • Build heap exploit chain
  • Latest News

    Arm32 & IoT Exploit Development

    Latest News

    Module: Assembly Internals and Shellcoding This module is dedicated to providing attendees with a strong understanding of the Arm instruction set, based on the Armv8-A architecture. Participants will learn how to perform static and dynamic analysis of compiled programs. Through hands-on labs, students will reverse engineer binaries, write shellcode, and exploit memory corruption vulnerabilities.

    Module: Exploit Development for Firmware N-Days, Advanced ROP Techniques This module focuses on practical exploitation of two real-world router firmware targets. Students will learn the process of building and debugging memory-corruption exploits from scratch. They will also develop advanced null-free mprotect() ROP chains to bypass the XN exploit mitigation, avoiding noisy techniques like ret2libc through the system() API. Debugging and analyzing real-world processes will teach students how to overcome common obstacles and handle process forks.

    Module: Advanced Heap Exploit Engineering (A32) This module provides an in-depth study of exploit categories and techniques for improving exploit reliability. Students will focus on the heap-overflow vulnerability category, engaging in exercises that cover advanced heap exploitation techniques. They will apply these skills to develop a fully functional exploit that bypasses all available exploit mitigations on the target. Concepts taught include heap grooming, creating relative and arbitrary read primitives, and constructing fake vtables.

    Arm64 Reverse Engineering & Exploitation

    Latest News

    This course outline represents the A64 version, focusing specifically on the A64 instruction set architecture. The modules included in this version are tailored to provide in-depth knowledge and exploitation techniques relevant to the A64 architecture. We also provide the flexibility to combine modules from both instruction sets to create a comprehensive course that covers a wide range of exploitation and reverse engineering topics. This enables attendees to gain a holistic understanding of both Arm instruction sets and their specific differences.

    Whether you choose the A64-specific modules, the A32-specific modules, or a combination of both, our aim is to provide a customized learning experience that meets your specific requirements and objectives. Our courses offer the flexibility to be tailored according to your specific needs in terms of duration and topics covered. Whether you require a condensed version or an in-depth exploration, we can customize the course to align with your goals.

    Please note that the pricing of the course will vary based on its length and the number of students enrolled. We offer discounts for booking multiple course sessions and for larger class sizes exceeding 10 participants. This ensures that you not only receive a personalized learning experience but also benefit from cost savings when organizing training for a larger group. Contact us to discuss your preferences and receive a customized proposal that fits your specific requirements.

    Learn how Hackers exploit vulnerabilities

    From Zero to Shell

    • 01

      Learn Arm Assembly

      Learn the internals of the A32 instruction set.

    • 02

      Analyze Vulnerabilities

      Dissect and exploit memory corruption vulnerabilities.

    • 03

      Write Exploits

      Develop and debug memory corruption exploits.

    • 04

      Bypass Exploit Mitigations

      Learn how to bypass common exploit mitigations.

    • 05

      Compromise the Device

      Write exploits and hack real-world router firmware.

    Workbook Pages


    Solution Slides

    Target Real Devices

    Tired of simple buffer overflow challenges? Waste no time and get your hands on real targets. This course takes attendees from the basics of Arm assembly to debugging vulnerabilities in real router firmware. By the end of this course attendees will have written N-day exploits and bypassed on-device exploit mitigations.


    Visual Learning

    Who wants to stare at boring text slides for days? Nobody. Azeria Labs courses are designed to improve the learning experience by addressing different learning styles. Packed with aesthetically pleasing visual explanations of complex technical concepts, the course material helps ensure attendees understand and retain more knowledge and learn faster.

    Lab Workbooks

    To keep participants engaged and on track, attendees will receive a physical workbook to guide them through each lab. This comprehensive training workbook is designed to take attendees step-by-step through every concept taught in class, reinforcing learning and making sure no step is overlooked.


    Lab Environments

    Lose no time on complicated installations, managing dependencies, or troubleshooting configuration problems on software before class. Attendees get pre-configured and ready-to-use lab environments with all necessary tools, scripts, exploit templates, and emulations, in form of a VM or cloud access.

    Request Details

    For detailed course outlines and price quotes, email contact [at] from your company email account. Please note that our private training sessions are available to corporations and government organizations with minimum class sizes of 10 people.