Public Mobile Exploitation Training – Fall 2023
2023-8-5 00:8:34 Author:查看原文) 阅读量:13 收藏

We are pleased to announce that the researchers of Exodus Intelligence will be providing publicly available training in person on November 14 2023 in London, England.

This 4 day course is designed to provide students with both an overview of the Android attack surface and an in-depth understanding of advanced vulnerability and exploitation topics. Attendees will be immersed in hands-on exercises that impart valuable skills including static and dynamic reverse engineering, zero-day vulnerability discovery, binary instrumentation, and advanced exploitation of widely deployed mobile platforms.

Taught by Senior members of the Exodus Intelligence Mobile Research Team, this course provides students with direct access to our renowned professionals in a setting conducive to individual interactions.


Hands on with privilege escalation techniques within the Android Kernel, mitigations and execution migration issues with a focus on MediaTek chipsets.


  • Computer with the ability to run a VirtualBox image (x64, recommended 1GB+ memory)
  • Some familiarity with: IDA Pro, Python, C/C++.
  • ARM ASM fluency strongly recommended.
  • Installed and usable copy of IDA Pro 6.1+, VirtualBox, Python 2.7+.

Course Information

Attendance will be limited to 18 students per course.

Cost: $5000 USD per attendee

Dates: November 14-17, 2023

Location: the London, UK area


Android Kernel

  • Process Management
  • General overview
  • Important structures
  • Memory Management
  • General overview
  • Virtual memory
  • Memory allocators
  • Build the kernel
  • Boot and Root the kernel
  • Kernel debugging
  • demo
  • Samsung Knox/RKP
  • Type of kernel vulnerabilities
  • Exploitation primitives
  • kernel vulnerabilities overview
  • heap overflows, UAF
  • Info leakage
  • Mali GPU
  • Vulnerability overview
  • Exploitation
  • Vulnerability overview
  • Exploitation
  • type confusion to write access to globally shared memory
  • UAF which can lead to arbitrary read and write of kernel memory
  • Vulnerability overview
  • Exploitation – convert the double free into a use-after-free of a struct page

Mediatek / Exynos baseband

  • Introduction
  • exynos baseband overview
  • mediatek baseband overview
  • Previous researches
  • Analyze modem
  • Emulation / Fuzzing
  • Rogue base station
  • secure boot
  • mediatek boot rom vulnerability
  • Vulnerability overview
  • Exploitation
  • use brom exploit to patch the tee
  • write the modem physical memory from EL1

Vulnerability and risk assessment

  • NDay risk and patching timelines
  • Vulnerability terminology: CVE, CVSS, CWE, Mitre Attack, Impact, Category
  • Risk assessment
  • Vulnerability mitigation

Web-based vulnerabilities

  • Basics of HTTP
    • Format of HTTP request and response, URI
    • Command Injection and Directory Traversal attacks
    • Cross-site scripting and cross-site request forgery
  • XML External Entity attacks
  • Request Smuggling
  • SQL Injection
  • Deserialization

Modules include examples of affected CVEs and practicals.

Binary exploitation

  • Basics of binaries
    • Platformns: Linux and Windows
    • x86 assembly, PE, and ELF formats
    • Stack, Heap, Dynamic modules
    • PIE, ASLR, DEP
  • Tools
    • Ghidra, WinDBG, and gdb
  • Stack buffer overflow
    • OS/Theme: Linux
    • Return to shellcode, Return to libc, Stack pivot, etc.
    • Linux-based practical and demo
  • Use after free
    • OS/Theme: Windows
    • Overview of NT Heap, LFH
    • Practical and demo