Search
Switch Language
Reverse

Research and Exploitation - Embedded Linux Junior - 5 days

Description

The objectives of this training are:

  • Identify the hardware components and critical interfaces of an embedded Linux device.

  • Access the device via UART, interrupt its boot process, and extract its firmware.

  • Analyze and emulate firmware components using QEMU and containerization.

  • Perform static analysis and support bug hunting with scripts.

  • Set up and run a fuzzing campaign with AFL++ against a compiled program.

  • Analyze and exploit common vulnerabilities such as command injection and memory corruption.

  • Implement persistence mechanisms on a compromised embedded system.

Public and prerequisites

This training is intended for people working in information security or embedded systems development who are interested in the offensive security of embedded Linux systems.

To get the most out of this training, participants should have a solid foundation in the following areas:

  • Linux command line: comfortable navigating the filesystem, managing processes, and using common command-line tools.

  • Basic networking: understanding of core TCP/IP concepts, ports, and protocols such as HTTP.

  • Programming knowledge: familiarity with reading and writing simple Python scripts and a basic understanding of C programming concepts.

  • Reverse-engineering concepts: basic knowledge of computer architecture, ARM assembly language, and experience with a disassembler.

Content

Day 1: Getting started & extraction

Open-source information gathering, definition of the attack surface, and analysis of hardware components. Understanding the boot sequence and first firmware extraction.

Day 2: Firmware analysis & emulation

Software emulation techniques, environment configuration, and identification of target processes to analyze. Extraction and emulation of important software services from the firmware.

Day 3: Static analysis & exploitation

Static analysis using tools like Ghidra and Semgrep for differential analysis and vulnerability discovery. Exploitation methodology and writing a first script for command injection.

Day 4: Fuzzing

Introduction to fuzzing with AFL++. Creation of an input corpus, development of a harness, and launching a fuzzing campaign against a binary target.

Day 5: Advanced exploitation & persistence

Analysis of crashes produced by the fuzzer and identification of an exploitable vulnerability. Construction of a ROP chain, writing an exploit script, and study of persistence techniques on the system.

Contact us

Do not hesitate to contact us to tell us about your needs. Our sales team is at your disposal to answer all your questions.

Contact Us

Contact us

+33 1 45 79 74 75
contact@synacktiv.com
GPG key

PARIS

5 boulevard Montmartre
75002 Paris

TOULOUSE

4 Rue du Pont Guilhemery
31000 Toulouse

LYON

56 rue Smith
69002 Lyon

RENNES

7D Rue de Châtillon
35000 Rennes

LILLE

7 Boulevard Louis XIV
59000 Lille

BORDEAUX

4/6 Cours de l'Intendance
33000 Bordeaux
Copyright © Synacktiv 2025