We will demonstrate the latest techniques for binary exploitation of 64-bit ARM devices which are used for mobile devices and IOT hardware, including disabling or bypassing DEP (Data Execution Protection), bypassing ARLR (Address Space Layout Randomization), bypassing NX (non-executable stack protection), using ROP (Return Oriented Programming) techniques. We will be running actual assembler code (machine language) instructions verses emulated ARM devices as well as using the Python pwntools package. We will also cover some of the differences between (AMD/Intel)X86_64 and ARM64 when writing in Assembler. By understanding these techniques we can better secure mobile and IOT from those who are using these techniques in the wild for evil, as well as understand how to pen test our own solutions and devices to harden them or ensure when they fail, they fail "closed".
