This course is a deep dive into Embedded/IoT firmware where we will start from the very basics - understand the multistage boot process, the kernel and root filesystem, how to build them with a custom toolchain and how they can be compromized with user and kernel mode backdoors/rootkits. We will be using the latest 4.15.x kernel for this course on an ARM architecture board.
A non-exhaustive list of topics to be covered include:
Embedded/IoT device architecture basics
Understanding the Boot Process
Multi-stage Bootloaders
Creating a custom toolchain with crosstool-NG
U-boot build and deep dive
Booting a device manually with u-boot
Kernel and Device Tree basics
Custom Kernel and DTB builds
Building the runtime C library (uClibc)
Building the root filesystem and BusyBox
Debugging the system over UART
Understanding Kernel mode rootkits
Embedded/IoT system constraints
Kernel mode rootkits on IoT/Embedded devices
Syscall monitoring and hijacking
Process manipulation
Network stacking hooking with Netfilter
Kernel mode Network backdoor with C&C
and many others
Download:
