The course introduces students to exploit development in MIPS processor architecture. Exploit development on MIPS processor hasn't seen the attention that other architectures such as x86 and ARM got. With the growing IoT devices, we have been seeing many embedded devices with MIPS architecture alongside ARM. Exploit development is getting harder and harder with exploit mitigation techniques in place. But, the good news is that it is not impossible to write working exploits as exploit mitigation techniques do not fix the underlying problem in the vulnerable source code. This practical training starts with the basics of MIPS Architecture and slowly moves towards writing own shell code and creating working exploits using Return Oriented Programming for a given target binary. To give a sense of real exploitation, real world examples will be discussed with proof of concept exploits. By the end of this training, students will be able to write Memory corruption exploits for MIPS architecture, understand how Return Oriented Programming can be used in MIPS for modern day exploit development and bypass some of the most common exploit mitigation techniques such as ASLR.
This beginner to Intermediate level class does not require prior exploit development knowledge, but it is good to have.
Day 1:
Introduction to MIPS Architecture
An overview of QEMU MIPS setup
MIPS compared to x86 and ARM
Basics of GDB
Basics of MIPS assembly language
Debugging MIPS Binaries
Introduction to Memory corruption attacks
Writing MIPS shellcode
Avoiding Bad characters
Day 2:
Stack based Buffer Overflows in MIPS
Ret2Libc in MIPS
Dealing with MIPS cache incoherence
Exploit Mitigation techniques
Return Oriented Programming
Bypassing ASLR
Introduction to Heap overflows in MIPS
Key Takeaways
Being a practical training with 80% of content backed by hands-on exercises, this will definitely be a high value training which can be used in several MIPS based IoT devices and students will also get practical exposure to the current state of IoT security.
Pop shells throughout the training and they can keep them popping even after the training. The end goal of all the exploitation labs is to pop a shell.
The training contents are developed by experienced professionals to cover modern day exploit development concepts on MIPS architecture, but students can use this knowledge on other architectures such as x86 and ARM as some of the concepts are similar. Students will learn how MIPS is different from other processor architectures and its similarities with other architectures. This can be helpful in understanding exploit development in various platforms. Additionally, Return Oriented Programming explained with practical examples using multiple target binaries gives the students confidence about bypassing exploit mitigation techniques such as ASLR by the end of the training.
Who Should Take this Course
Red and blue Team members, pentesters
Anyone interested in MIPS exploitation
Anyone interested in IoT and embedded device security
Anyone with knowledge in x86 and/or ARM to take it to the next level
Audience Skill Level
Beginner
Student Requirements
Familiarity with debuggers (gdb, WinDBG, OllyDBG or equivalent) is recommended to have but not must.
Familiarity with command line tools.
Working knowledge of python or Perl.
What Students Should Bring
A laptop with VirtualBox/VMware Player/Workstation/Fusion installed
8GB RAM required, at a minimum
40 GB free Hard disk space
What Students Will Be Provided With
Presentation slides
Detailed lab guide with step by step instructions
A virtual machine with all the required tools
Exercise binaries and source code
Trainers
Abhijeth Dugginapeddi is an AppSec Manager @BigCommerce, Adjunct Professor and Mentor. Security Enthusiast in the fields of Penetration Testing, Application/Mobile/Infrastructure Security. Believes in need for more security awareness and free responsible disclosures. Got lucky in finding a few vulnerabilities with Google, Yahoo, Facebook, Microsoft, Ebay, Dropbox, etc. Previously spoke at Defcon, Blackhat, OWASP AppSec USA, c0c0n, Secure-2018 Poland, CISO Summit, and several other events
Srinivas, who works for a bank as Red Team operator, is an Offensive Security Certified Professional(OSCP) & Offensive Security Certified Expert (OSCE) and passionate about Information Security. He authored a book titled "Hacking Android". He worked as a Penetration Tester in the past and has hands-on experience in DevSecOps, Container Security, Web Application Security, Infrastructure Security, Mobile Application Security, IoT Security and Embedded Software Exploit Development (ARM & MIPS). He is one of the authors of FuzzAPI, a REST API vulnerability scanner. He is a speaker/trainer at Blackhat, Defcon 26 IoT Village, Bsides Singapore 2019 and he delivered several talks and hands-on workshops at regional infosec events in India and Singapore.
Download:
This beginner to Intermediate level class does not require prior exploit development knowledge, but it is good to have.
Day 1:
Introduction to MIPS Architecture
An overview of QEMU MIPS setup
MIPS compared to x86 and ARM
Basics of GDB
Basics of MIPS assembly language
Debugging MIPS Binaries
Introduction to Memory corruption attacks
Writing MIPS shellcode
Avoiding Bad characters
Day 2:
Stack based Buffer Overflows in MIPS
Ret2Libc in MIPS
Dealing with MIPS cache incoherence
Exploit Mitigation techniques
Return Oriented Programming
Bypassing ASLR
Introduction to Heap overflows in MIPS
Key Takeaways
Being a practical training with 80% of content backed by hands-on exercises, this will definitely be a high value training which can be used in several MIPS based IoT devices and students will also get practical exposure to the current state of IoT security.
Pop shells throughout the training and they can keep them popping even after the training. The end goal of all the exploitation labs is to pop a shell.
The training contents are developed by experienced professionals to cover modern day exploit development concepts on MIPS architecture, but students can use this knowledge on other architectures such as x86 and ARM as some of the concepts are similar. Students will learn how MIPS is different from other processor architectures and its similarities with other architectures. This can be helpful in understanding exploit development in various platforms. Additionally, Return Oriented Programming explained with practical examples using multiple target binaries gives the students confidence about bypassing exploit mitigation techniques such as ASLR by the end of the training.
Who Should Take this Course
Red and blue Team members, pentesters
Anyone interested in MIPS exploitation
Anyone interested in IoT and embedded device security
Anyone with knowledge in x86 and/or ARM to take it to the next level
Audience Skill Level
Beginner
Student Requirements
Familiarity with debuggers (gdb, WinDBG, OllyDBG or equivalent) is recommended to have but not must.
Familiarity with command line tools.
Working knowledge of python or Perl.
What Students Should Bring
A laptop with VirtualBox/VMware Player/Workstation/Fusion installed
8GB RAM required, at a minimum
40 GB free Hard disk space
What Students Will Be Provided With
Presentation slides
Detailed lab guide with step by step instructions
A virtual machine with all the required tools
Exercise binaries and source code
Trainers
Abhijeth Dugginapeddi is an AppSec Manager @BigCommerce, Adjunct Professor and Mentor. Security Enthusiast in the fields of Penetration Testing, Application/Mobile/Infrastructure Security. Believes in need for more security awareness and free responsible disclosures. Got lucky in finding a few vulnerabilities with Google, Yahoo, Facebook, Microsoft, Ebay, Dropbox, etc. Previously spoke at Defcon, Blackhat, OWASP AppSec USA, c0c0n, Secure-2018 Poland, CISO Summit, and several other events
Srinivas, who works for a bank as Red Team operator, is an Offensive Security Certified Professional(OSCP) & Offensive Security Certified Expert (OSCE) and passionate about Information Security. He authored a book titled "Hacking Android". He worked as a Penetration Tester in the past and has hands-on experience in DevSecOps, Container Security, Web Application Security, Infrastructure Security, Mobile Application Security, IoT Security and Embedded Software Exploit Development (ARM & MIPS). He is one of the authors of FuzzAPI, a REST API vulnerability scanner. He is a speaker/trainer at Blackhat, Defcon 26 IoT Village, Bsides Singapore 2019 and he delivered several talks and hands-on workshops at regional infosec events in India and Singapore.
Download: