ARM Reverse Engineering & Exploitation Primer

Oct 4th and 5th, 2023
Grand Hyatt, Kochi, India


ARM Reverse Engineering & Exploitation Primer

These days, due to relatively large amount of prerequisites, intrinsically subtle nature of memory corruption bugs and decades of evolution in software security area, it can get quite challenging to keep the first-foot in the world of exploitation.

This 2-day hands-on workshop is designed to fill that gap and help the attendees kickstart their exploitation journey in ARM environment, which is almost everywhere in IoT world. It starts with familiarising the attendees with ARM ecosystem (intricacies of architecture and instruction set) and move into reverse engineering ARM binaries to develop a higher-level understanding of software components. On day-2, we demonstrate how exploitation of a vulnerable component in software can lead to compromise of victim machine. After achieving code execution, we dive into crafting custom shellcode allowing us to control victim machine according to our will.

Course Content (ToC):

Topic marked as (*) are optional and are subject to time constraints.

  • Day-1 (ARM assembly and Software Reverse Engineering)
    • Understanding ARM Assembly
      • Introduction to ARM Architecture
      • ARM Instruction Set Architecture
        • Data Processing Instructions
        • Data Movement Instructions
        • Control Flow instructions
      • ARM Function calling conventions
        • Procedure Call Standard (AAPCS)
        • Stack Operations
      • System calling conventions
      • RTFM
    • Introduction to Software Reverse Engineering – Reconstructing Source Code
      • Static Analysis using Ghidra
      • Dynamic Analysis
    • *RE challenge
  • Day-2 (Exploitation and Shellcoding)
    • Exploitation
      • Introduction to Process Memory Model
      • Introduction to Process Memory Model
        • jumping to legitimate feature.
        • jumping inside vulnerable buffer.
        • Case study - why does my exploit fails outside GDB ?
      • Achieving reliable shellcode execution using process environment
    • *Brief Introduction to Exploit Protections
      • ASLR
      • XN/NX/DEP
      • Stack canaries
      • RELRO
    • The Dark Art of Writing ARM Shellcode
      • Introduction to Position Independent Code
      • Constraints while crafting poison pills
      • execve shellcode
      • bind shell payload
      • reverse shell payload
    • *Demo – Dancing LEDs using bare-metal shellcode.



  • Familiarity with Linux command line.
  • Being able to read source code for C programming language

Participants Requirements:

  • Laptop with approx. 50 GB of free space.
  • Virtualbox installed on host OS (latest version – 7.x)
  • 8+ GB minimum RAM (4+GB for the VM).
  • Admin access to the laptop


2 Days (6-8 hours/day)

Who should attend

  • Software/Security Engineers.
  • Security Researchers
  • Penetration Tester
  • Anyone having keen interest in reverse engineering, exploit development and shellcoding.

What to expect

By the end of this workshop, attendees should independently be kickstart their journey into software security research. Attendees should expect solid foundation on -

  •  Reverse Engineer software targetted to run on ARM CPUs.
  • Software execution at CPU level.
  • Exploitation of stack buffer overflows
  • Writing custom shellcode.

What not to expect:

Becoming a software security expert overnight.


Abhinav Thakur

Security Researcher , Payatu Security Consulting Pvt. Ltd. , India

Abhinav Thakur is currently working as an IoT Security Researcher at Payatu. Having experience working with malicious software and binary analysis, he specializes in reverse engineering and breaking digital devices. Currently targeting IoT devices varying from simple bare-metal systems to complex OS-based systems. He spends most of the day understanding system internals and developing payload to achieve unintended behaviour on his targets.


Information Security Research Association Kerala Police


UNICEF UNICRI Centre for Artificial Intelligence and Robotics International Centre for Missing & Exploited Children WeProtect Global Alliance CESP | Conseil Européen des Syndicats de Police Kerala IT Mission


Federal Bank Synthite RP GRPUP


Keyzotrick Intelligence Pvt. Ltd National Critical Information Infrastructure Protection Centre Bharat Petroleum Palo Alto Networks Cyble - Cybersecurity Threat Intelligence Platform & Solutions Seqrite


Cochin Shipyard ICICI Bank State Bank of India SBI Life Geojit SFS Homes Cochin International Airport Manage Engine Resecurity: Cybersecurity Solutions and Services Fortinet Technologies India Pvt Ltd &


GAIL (india) LIMITED Canara Bank Elite Foods CSB Bank Petronet LNG Luker India Trend Micro AVT Natural CYFIRMA Indian Oil Corporation Cochin Port Trust Kerala State Industrial Development Corporation ESAF Bank The Kerala Minerals and Metals Limited


PureID Cyble - Cybersecurity Threat Intelligence Platform & Solutions Resecurity: Cybersecurity Solutions and Services Prophaze Manage Engine Darwis Fortinet Technologies India Pvt Ltd & Alibi Global Private Limited eSec Forte Technologies Palo Alto Networks Seqrite Innspark Enterprise Security C-DAC: Centre for Development of Advanced Computing, India ECS Biztech State Bank of India Kratikal Tech Pvt. Ltd. CYFIRMA TerraEagle Netskope Geojit


EliteCISOs GTech - Group of Technology Companies - Technopark, Infopark, Cyberpark BSides Odisha


WTC Kochi


Information Security Media Group The 420



Jet Suit demo partner


c0c0n @16

c0c0n is a 15 years old platform that is aimed at providing opportunities to showcase, educate, understand and spread awareness on Information Security, data protection, and privacy...

Where & When?

Oct 04th to 07th 2023
Grand Hyatt, Kochi, India

Reach us @

(+91) 974-690-6654