|
PRESENTATION:
|
Training Course: Practical Exploit Development for AVR-Based Devices
|
|
PRESENTER(S):
|
Alexander Bolshev, Security Consultant for IOActive, and Boris Ryutin, Information Security Researcher for Digital Security
|
|
CONFERENCE:
|
S4xEurope 2016
|
|
LOCATION:
|
Grand Hotel Wien, Wien, Austria
|
|
DATE & TIME:
|
June 8, 2016 at 10:00AM
|
Today, you can find many devices based on AVR microcontrollers. These devices range from Arduino-based amateur projects to serious automotive, home automation, and industrial control system controllers and gateways. While there are technical talks related to reverse engineering and developing exploits for AVR-based devices, there is a lack of full-scale guidance to answer the question “I have an AVR device and downloaded the firmware; I found a potential case that looks like vulnerability, what should I do now?”
The goal of Alexander and Boris’ class is to give you the knowledge and skills to answer this question.
During this class, you will learn about reverse engineering AVR firmware and exploitation specifics. Alexander and Boris will talk about tools and techniques, review AVR architecture, teach you how to write ROP chains for AVR, and use other methods that force MCUs to do things that firmware developers didn’t expect. Post-exploitation topics (like re-flashing and altering the bootloader) will also be covered.
The journey will start with simple programs, quickly advance to different AVR ’libc’ and compilers, including some AVR RTOSes and popular Arduino libraries, and finish with a real-world case of industrial gateway exploitation.
Attendees will be supplied with JTAG programmers, Atmega328 devboards, and specially crafted Atmega128 boards (with several RF and UART interfaces) to perform all of the exercises and examples on real hardware.
Class Prerequisites:
- Basic understanding of memory corruption (buffer overflow) vulnerabilities and embedded (or ICS) device architecture
- Ability to read/understand C code would be great, but not mandatory
- A laptop with at least two USB ports and VMWare/VirtualBox installed (a virtual machine with all required software will be supplied)
About Alexander Bolshev
Alexander Bolshev is a Security Consultant for IOActive. He holds a Ph.D. in computer security and works as an assistant professor at Saint-Petersburg State Electrotechnical University. His research interests lie in distributed systems, as well as mobile, hardware, and industrial protocol security. He is the author of several white papers on topics of heuristic intrusion detection methods, Server Side Request Forgery attacks, OLAP systems, and ICS security. He is a frequent presenter at security conferences around the world, including Black Hat USA/EU/UK, ZeroNights, t2.fi, CONFIdence, and S4.
About Boris Ryutin
Boris Ryutin is an Information Security Researcher for Digital Security. He graduated from the Baltic State Technical University “Voenmeh”, faculty of space technology, and is currently a postgraduate student there. Prior to this, he was a security engineer at ZORSecurity. He is a contributor to MALWAS post-exploitation framework, a recurring writer for the ][akep magazine, as well as a contributor and developer in several open-source information security projects. He is also a Radare2 evangelist.
About S4xEurope
Digital Bond’s S4 series provides the freshest and most advanced industrial control system (ICS) cyber security content. We assume you understand and are tired of hearing the basics over and over again. S4 now comes to Europe for the first time with an event designed for Plant Managers, CISO and other leaders responsible for securing ICS.
About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.
###
Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github