Abstract :

ARM is at the heart of most mobile devices, and with the introduction of Apple’s M1 chip and ARM on Cloud servers, its use has become even more prevalent. Whether you're running apps on your phone or the world's fastest supercomputer, you're most likely running ARM. For security researchers, it becomes important to learn about the ARM architecture and it's instruction set which can assist in reverse engineering and exploit development.

In this 2-hour workshop , we will start with the ARM 64 instruction set and learn about some of the most important instructions and registers. We will look at some of the security mitigations that are present in the latest instruction sets, and its adaptance is real world devices. We will look at some of the different exploitation categories (Heap Overflow, Use-after-free, Uninitialized stack variable etc) , followed by a quick intro to reverse engineering. We will then look at reverse engineering some ARM64 binaries to find vulnerabilities.

This workshop is ideal for beginners who want to understand the fundamentals of Reverse engineering and vulnerability identification for the ARM platform

Prateek Gianchandani  

Prateek Gianchandani is currently working as Head of Product Security at Careem - An Uber Company. He has more than 10 years of experience in security research and penetration testing. His core focus area is mobile exploitation, reverse engineering and embedded device security. He is also the author of the open source vulnerable application named Damn Vulnerable iOS app. He has presented and trained at many international conferences including Defcon, POC, TyphoonCon, Blackhat USA, Brucon, Hack in Paris, Phdays, Appsec USA, etc. In his free time, he blogs at Prateek´s Blog.