The ARM IoT Exploit Laboratory 

Instructor:Saumil Shah
Dates:  May 30- June 2  2022
Location:  Hotel Monville  
Capacity:  30 Seats

"There's an Intel on every desktop, but an ARM in every pocket." 


"There's an ARM on every desktop, and Intel in the iPhone baseband" 


The world of ARM IoT devices is growing rapidly. Routers, IP cameras, Network video recorders, VoIP systems and several other "smart" appliances are now running on ARM SoCs. While the hardware is the latest and greatest, the software running on it is a different story. 


The ARM IoT Exploit Laboratory is a brand new class. This class takes a closer look at the hardware and the firmware running on it. Students shall learn how to analyse, emulate and exploit the firmware on a variety of ARM IoT devices. The class starts with extracting the firmware directly from the devices, moves on to creating an emulated test environment for fuzzing and debugging, and writing end to end exploits for the devices. The class shall feature an array of hardware targets of varying complexity. Students shall have ample time for hands on exercises to sharpen their exploitation skills. 






Class Requirements


- A conceptual understanding of how functions work in C programming 

- Knowledge of how a stack works, basic stack operations

- Familiarity with GDB 

- Not be allergic to command line tools

- If none of the above apply, then enough patience to go through the pre-class tutorials


Pre-Class Tutorials:

The following tutorials have been specially prepared to get students up to speed on essential concepts before coming to class. 

- Operating Systems - A Primer

- How Functions Work

- Introduction to Debuggers

Hardware Requirements:

- A working laptop (no Netbooks, no Tablets, no iPads) 

- Intel Core i3 (equivalent or superior) required 

- 8GB RAM required, at a minimum 

- Wireless network card 

- 40 GB free Hard disk space 


Software Requirements:


- Linux / Windows / Mac OS X desktop operating systems 

- [Docker]) installed and working 

- Command line git client installed and working 

- Administrator / root access MANDATORY 


Students will be provide with :


Students will be provided with all the lab images used in the class. Students will also be provided with the [fully loaded version of EMUX] which is not available publicly.


 The ARM IoT Exploit Laboratory uses a "Live Notes" system that provides a running transcript of the instructor's system to all the students. Our lab environment, plus about 800MB of curated reading material, will be made available to all attendees to take with them and continue learning after the training ends. 


Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients around the globe. Saumil is an internationally recognised speaker and instructor, having regularly presented at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest,, Hack-in-the-box and others. He has authored two books titled "Web Hacking: Attacks and Defense" and "The Anti-Virus Book". Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world and taking pictures. 

To Register

Click here to register.