Mobile Exploitation Training

We are pleased to announce that the researchers of Exodus Intelligence will be providing publicly available training in person on November 14 2023 in London, England.

This 4 day course is designed to provide students with both an overview of the Android attack surface and an in-depth understanding of advanced vulnerability and exploitation topics. Attendees will be immersed in hands-on exercises that impart valuable skills including static and dynamic reverse engineering, zero-day vulnerability discovery, binary instrumentation, and advanced exploitation of widely deployed mobile platforms.

Taught by Senior members of the Exodus Intelligence Mobile Research Team, this course provides students with direct access to our renowned professionals in a setting conducive to individual interactions.

Emphasis

Hands on with privilege escalation techniques within the Android Kernel, mitigations and execution migration issues with a focus on MediaTek chipsets.

Prerequisites

Computer with the ability to run a VirtualBox image (x64, recommended 1GB+ memory)
Some familiarity with: IDA Pro, Python, C/C++.
ARM ASM fluency strongly recommended.
Installed and usable copy of IDA Pro 6.1+, VirtualBox, Python 2.7+.

Course Information

Attendance will be limited to 18 students per course.

Cost: $5000 USD per attendee

Dates: November 14-17, 2023

Location: the London, UK area

Syllabus

Android Kernel

Process Management
General overview
Important structures
Memory Management
General overview
Virtual memory
Memory allocators
Build the kernel
Boot and Root the kernel
Kernel debugging
demo
Samsung Knox/RKP
Type of kernel vulnerabilities
Exploitation primitives
kernel vulnerabilities overview
heap overflows, UAF
Info leakage
Mali GPU
Vulnerability overview
Exploitation
Vulnerability overview
Exploitation
type confusion to write access to globally shared memory
UAF which can lead ..

Support the originator by clicking the read the rest link below.