9.4 KiB
9.4 KiB
Awesome ARM Exploitation
!Awesome (https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg) (https://github.com/sindresorhus/awesome)
A collection of awesome videos, articles, books, tools and resources about ARM exploitation.
Contents
⟡ Conference Talks / Videos (#conference-talks--videos)
⟡ Articles / Papers (#articles--papers)
⟡ Resources (#resources)
⟡ CTF / Training Binaries (#ctf--training-binaries)
⟡ Books (#books)
⟡ Tools (#tools)
⟡ Courses (#courses)
⟡ Related Awesome Lists (#related-awesome-lists)
⟡ Contributing (#contributing)
Conference Talks / Videos
⟡ Exploitation on ARM (https://www.youtube.com/watch?v=kykVyJ0dm8Y) - Itzhak Avraham - Defcon 18 (2010)
⟡ ARM Exploitation ROPMAP (https://www.youtube.com/watch?v=VDyf_tJ8IUg) - Long Le - Blackhat USA (2011)
⟡ Advanced ARM Exploitation (https://www.youtube.com/watch?v=gdsPydfBfSA) - Stephen Ridley & Stephen Lawler - Blackhat USA (2012)
⟡ ARM Assembly and Shellcode Basics (https://www.youtube.com/watch?v=BhjJBuX0YCU) - Saumil Shah - 44CON (2017)
⟡ Heap Overflow Exploits for Beginners (ARM Exploitation Tutorial) (https://www.youtube.com/watch?v=L8Ya7fBgEzU) - Billy Ellis (2017)
⟡ Introduction to Exploitation on ARM64 (https://www.youtube.com/watch?v=xVyH68HFsQU) - Billy Ellis - Codetalks (2018)
⟡ Make ARM Shellcode Great Again (https://www.youtube.com/watch?v=9tx293lbGuc) - Saumil Shah - Hack.lu (2018)
⟡ ARM Memory Tagging, how it improves C++ memory safety (https://www.youtube.com/watch?v=iP_iHroclgM) - Kostya Serebryany - LLVM (2018)
⟡ Breaking Samsung's ARM Trustzone (https://i.blackhat.com/USA-19/Thursday/us-19-Peterlin-Breaking-Samsungs-ARM-TrustZone.pdf)
⟡ Hacker Nightmares: Giving Hackers a Headache with Exploit Mitigations (https://www.youtube.com/watch?v=riQ-WyYrxh4) - Azeria - Virtual Arm Research Summit (2020)
Articles / Papers
⟡ ARM Assembly Basics Series (https://azeria-labs.com/writing-arm-assembly-part-1/) - Azeria
⟡ ARM Binary Exploitation Series (https://azeria-labs.com/writing-arm-shellcode/) - Azeria
⟡ Smashing the ARM Stack (https://www.merckedsecurity.com/blog/smashing-the-arm-stack-part-1) - Mercked Security
⟡ Introduction to ARMv8 64-bit Architecture (https://quequero.org/2014/04/introduction-to-arm-architecture/) - pnuic
⟡ Alphanumeric RISC ARM Shellcode (http://phrack.org/issues/66/12.html) - (Phrack) - Yves Younan, Pieter Philippaerts
⟡ Return-Oriented Programming on a Cortex-M Processor (https://ieeexplore.ieee.org/document/8029521)
⟡ 3or ARM Exploitation Series (https://blog.3or.de/arm-exploitation-return-oriented-programming.html) - Dimitrios Slamaris
⟡ Developing StrongARM/Linux Shellcode (http://www.phrack.com/issues/58/10.html) - (Phrack) - funkysh
⟡ Reversing and Exploiting ARM Binaries (http://www.mathyvanhoef.com/2013/12/reversing-and-exploiting-arm-binaries.html) - Mathy Vanhoef
⟡ ARM Exploitation for IoT Series (https://quequero.org/2017/07/arm-exploitation-iot-episode-1/) - Andrea Sindoni
⟡ Reverse Engineering of ARM Microcontrollers (https://rdomanski.github.io/Reverse-engineering-of-ARM-Microcontrollers/) - Rdomanski
⟡ ARM64 Reversing and Exploitation Part 1 - ARM Instruction Set + Simple Heap Overflow
(http://highaltitudehacks.com/2020/09/05/arm64-reversing-and-exploitation-part-1-arm-instruction-set-heap-overflow/) - HighAltitudeHacks
Resources
⟡ ARM Architecture Reference Manual (http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.subset.architecture.reference/index.html)
⟡ Online ARM Assembler (https://azm.azerialabs.com/)
⟡ ARM TEE Reversing and Exploitation (https://github.com/enovella/TEE-reversing)
CTF / Training Binaries
⟡ Exploit Me (https://github.com/bkerler/exploit_me)
⟡ Exploit Challenges (https://github.com/Billy-Ellis/Exploit-Challenges)
⟡ Azeria ARM Lab (https://azeria-labs.com/emulate-raspberry-pi-with-qemu/)
Books
⟡ Practical Reverse Engineering
(https://www.wiley.com/en-us/Practical+Reverse+Engineering%3A+x86%2C+x64%2C+ARM%2C+Windows+Kernel%2C+Reversing+Tools%2C+and+Obfuscation-p-9781118787311) (Chapter 2) - Bruce Dang, Alexandre Gazet and Elias Bachalany
⟡ Beginners Guide to Exploitation on ARM (https://zygosec.com/book.html) - Volumes 1 & 2 - Billy Ellis
⟡ ARM Assembly Language: Fundamentals & Techniques (https://www.amazon.co.uk/ARM-Assembly-Language-Fundamentals-Techniques/dp/1439806101) - William Hohl
Tools
⟡ Ropper (https://github.com/sashs/Ropper)
Courses
⟡ Azeria ARM Training (https://training.azeria-labs.com/)
⟡ Pentest Academy ARM Assembly (https://www.pentesteracademy.com/course?id=46)
⟡ Pentest Academy Reverse Engineering for ARM Platforms (https://www.pentesteracademy.com/course?id=49)
⟡ IHackArm Offensive ARM Exploitation (https://ihackarm.com/)
Related Awesome Lists
⟡ Awesome Android Security (https://github.com/ashishb/android-security-awesome)
⟡ Awesome iOS Security (https://github.com/ashishb/osx-and-ios-security-awesome)
⟡ Awesome IoT Hacks (https://github.com/nebgnahz/awesome-iot-hacks)
⟡ Awesome Exploit Development (https://github.com/FabioBaroni/awesome-exploit-development)
Contributing (CONTRIBUTING.md)
Your contributions are always welcome!
!Awesome (https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg) (https://github.com/sindresorhus/awesome)
A collection of awesome videos, articles, books, tools and resources about ARM exploitation.
Contents
⟡ Conference Talks / Videos (#conference-talks--videos)
⟡ Articles / Papers (#articles--papers)
⟡ Resources (#resources)
⟡ CTF / Training Binaries (#ctf--training-binaries)
⟡ Books (#books)
⟡ Tools (#tools)
⟡ Courses (#courses)
⟡ Related Awesome Lists (#related-awesome-lists)
⟡ Contributing (#contributing)
Conference Talks / Videos
⟡ Exploitation on ARM (https://www.youtube.com/watch?v=kykVyJ0dm8Y) - Itzhak Avraham - Defcon 18 (2010)
⟡ ARM Exploitation ROPMAP (https://www.youtube.com/watch?v=VDyf_tJ8IUg) - Long Le - Blackhat USA (2011)
⟡ Advanced ARM Exploitation (https://www.youtube.com/watch?v=gdsPydfBfSA) - Stephen Ridley & Stephen Lawler - Blackhat USA (2012)
⟡ ARM Assembly and Shellcode Basics (https://www.youtube.com/watch?v=BhjJBuX0YCU) - Saumil Shah - 44CON (2017)
⟡ Heap Overflow Exploits for Beginners (ARM Exploitation Tutorial) (https://www.youtube.com/watch?v=L8Ya7fBgEzU) - Billy Ellis (2017)
⟡ Introduction to Exploitation on ARM64 (https://www.youtube.com/watch?v=xVyH68HFsQU) - Billy Ellis - Codetalks (2018)
⟡ Make ARM Shellcode Great Again (https://www.youtube.com/watch?v=9tx293lbGuc) - Saumil Shah - Hack.lu (2018)
⟡ ARM Memory Tagging, how it improves C++ memory safety (https://www.youtube.com/watch?v=iP_iHroclgM) - Kostya Serebryany - LLVM (2018)
⟡ Breaking Samsung's ARM Trustzone (https://i.blackhat.com/USA-19/Thursday/us-19-Peterlin-Breaking-Samsungs-ARM-TrustZone.pdf)
⟡ Hacker Nightmares: Giving Hackers a Headache with Exploit Mitigations (https://www.youtube.com/watch?v=riQ-WyYrxh4) - Azeria - Virtual Arm Research Summit (2020)
Articles / Papers
⟡ ARM Assembly Basics Series (https://azeria-labs.com/writing-arm-assembly-part-1/) - Azeria
⟡ ARM Binary Exploitation Series (https://azeria-labs.com/writing-arm-shellcode/) - Azeria
⟡ Smashing the ARM Stack (https://www.merckedsecurity.com/blog/smashing-the-arm-stack-part-1) - Mercked Security
⟡ Introduction to ARMv8 64-bit Architecture (https://quequero.org/2014/04/introduction-to-arm-architecture/) - pnuic
⟡ Alphanumeric RISC ARM Shellcode (http://phrack.org/issues/66/12.html) - (Phrack) - Yves Younan, Pieter Philippaerts
⟡ Return-Oriented Programming on a Cortex-M Processor (https://ieeexplore.ieee.org/document/8029521)
⟡ 3or ARM Exploitation Series (https://blog.3or.de/arm-exploitation-return-oriented-programming.html) - Dimitrios Slamaris
⟡ Developing StrongARM/Linux Shellcode (http://www.phrack.com/issues/58/10.html) - (Phrack) - funkysh
⟡ Reversing and Exploiting ARM Binaries (http://www.mathyvanhoef.com/2013/12/reversing-and-exploiting-arm-binaries.html) - Mathy Vanhoef
⟡ ARM Exploitation for IoT Series (https://quequero.org/2017/07/arm-exploitation-iot-episode-1/) - Andrea Sindoni
⟡ Reverse Engineering of ARM Microcontrollers (https://rdomanski.github.io/Reverse-engineering-of-ARM-Microcontrollers/) - Rdomanski
⟡ ARM64 Reversing and Exploitation Part 1 - ARM Instruction Set + Simple Heap Overflow
(http://highaltitudehacks.com/2020/09/05/arm64-reversing-and-exploitation-part-1-arm-instruction-set-heap-overflow/) - HighAltitudeHacks
Resources
⟡ ARM Architecture Reference Manual (http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.subset.architecture.reference/index.html)
⟡ Online ARM Assembler (https://azm.azerialabs.com/)
⟡ ARM TEE Reversing and Exploitation (https://github.com/enovella/TEE-reversing)
CTF / Training Binaries
⟡ Exploit Me (https://github.com/bkerler/exploit_me)
⟡ Exploit Challenges (https://github.com/Billy-Ellis/Exploit-Challenges)
⟡ Azeria ARM Lab (https://azeria-labs.com/emulate-raspberry-pi-with-qemu/)
Books
⟡ Practical Reverse Engineering
(https://www.wiley.com/en-us/Practical+Reverse+Engineering%3A+x86%2C+x64%2C+ARM%2C+Windows+Kernel%2C+Reversing+Tools%2C+and+Obfuscation-p-9781118787311) (Chapter 2) - Bruce Dang, Alexandre Gazet and Elias Bachalany
⟡ Beginners Guide to Exploitation on ARM (https://zygosec.com/book.html) - Volumes 1 & 2 - Billy Ellis
⟡ ARM Assembly Language: Fundamentals & Techniques (https://www.amazon.co.uk/ARM-Assembly-Language-Fundamentals-Techniques/dp/1439806101) - William Hohl
Tools
⟡ Ropper (https://github.com/sashs/Ropper)
Courses
⟡ Azeria ARM Training (https://training.azeria-labs.com/)
⟡ Pentest Academy ARM Assembly (https://www.pentesteracademy.com/course?id=46)
⟡ Pentest Academy Reverse Engineering for ARM Platforms (https://www.pentesteracademy.com/course?id=49)
⟡ IHackArm Offensive ARM Exploitation (https://ihackarm.com/)
Related Awesome Lists
⟡ Awesome Android Security (https://github.com/ashishb/android-security-awesome)
⟡ Awesome iOS Security (https://github.com/ashishb/osx-and-ios-security-awesome)
⟡ Awesome IoT Hacks (https://github.com/nebgnahz/awesome-iot-hacks)
⟡ Awesome Exploit Development (https://github.com/FabioBaroni/awesome-exploit-development)
Contributing (CONTRIBUTING.md)
Your contributions are always welcome!