From €990


3 days




Maria Markstedter

Maria Markstedter is the CEO and founder of Azeria Labs, established in 2017 to provide advanced training to companies on binary exploitation, as well as identifying and defending security vulnerabilities on Arm devices. Azeria Labs also provides free public workshops that teach developers and security engineers about the security of Arm-based technologies.

In 2018, Maria was listed in Forbes 30 Under 30 and joined the review board of the Black Hat security conference.

Maria's research interests are in processor and OS security, defensive mitigations against binary exploits, and reverse engineering.

About the training

This course is optimized for students just starting out in exploit development or security engineering for Android on ARM.

Our course begins with a detailed introduction to the Arm 64-bit processor and assembly language, with labs covering more advanced shellcoding techniques targeted specifically at Android. Students will deploy their own shellcode and learn how to debug and develop complex functionality for use in their own exploits.

The course covers the Android security model, filesystem and permission model, and how to perform invasive security auditing of Android user-mode applications, including labs on how to intercept encrypted network traffic and hook vulnerable functions in managed applications to look for exploitable vulnerabilities in the app.

We cover the theory and practice of patch analysis and reverse engineering using Ghidra to reverse-engineer a patch for an Android 64-bit native application and identify the security vulnerability that the patch fixes. We will learn how to identify similar vulnerabilities in binary analysis and use a debugger to instrument and test the unpatched binary to trigger the bug.

Key Takeaways

• Develop and debug exploits on real Android devices
• Construct your own ARM 64-bit shellcode
• Turn multiple N-days into exploits
• Write and chain multiple exploits together
• Exploit a heap vulnerability to get on the device
• Build and chain a kernel exploit to elevate privileges

Level: Medium
Duration: 3 days
Prerequisites: None