2016.8.15 Safety Training Camp

1, the Android app reverse and security protection:

Learn the basics of cryptography, hardware architecture, side channel, and fault injection attacks in advance

Mainly focus on the reverse and security of the Protocol
Market conditions (listing Wooyun or some of the larger security incident profiles, indicating the importance of protocol security)
Reverse analysis tools and use (use of reverse tools, reverse development environment construction)
Protocol analysis Techniques (DEX, so reverse techniques, network protocol analysis techniques, algorithm identification)
Shelling (listing the main shell on the market and explaining the shelling method of the mainstream shell)
Security protection (DEX, so cryptography, obfuscation, anti-debug, dynamic loading, hook detection)

2, Chip physical security analysis--The theory and practice of chip physical security:

Focus on the chip physical security analysis technology, from the chip components and security requirements, the definition of algorithm security and physical security, as well as the complexity of measurement technology, and analysis of time consumption analysis, power analysis, electromagnetic analysis, as well as laser fault injection and other side channel and fault injection attack technology principles, On the basis of this, the physical security attack algorithms of the commonly used DES, AES, RSA, SM2 and RNG algorithms are discussed in detail, and some specific chip attack cases are described to deepen the students ' understanding of the actual safety of the chip. The curriculum is pragmatic and interactive, allowing students to operate physical security analysis equipment, experience the fun of analysis and the power of physical attack technology.

Learn the basics of cryptography, hardware architecture, side channel, and fault injection attacks in advance

3, Radio hardware security:

This training is divided into two parts: hardware and intelligent vehicle security attack.
Hardware defense Part according to the 360 Unicorn team (unicornteam) security research results and hardware development experience, such as hacknet, Hackid hardware design and development experience and process, with common open source hardware Arduino, Bus Pirate, HACKRF for example, This paper analyzes the development ideas and DIY methods of hardware security tools, takes mousejack as an example to explain the principle of hardware security analysis tools and hardware security analysis methods, on-site guide trainees How to develop and design a hardware security tool, and how to put the design documents into production, how to weld, debug the circuit board, And how to disassemble, read, and write Flash chip firmware.
Intelligent car Security Defense part relies on 360 in the Safety of automotive Network research results, to explain the network of cars, autonomous vehicles, car networking and other security threats (including sensor security, hardware security, bus security, car anti-theft system security, automotive cloud service security, etc.). In this paper, we will analyze the domestic and foreign automobile network attack cases first, then analyse the current research situation of the academia and industry in the aspects of bus safety, sensor security, hardware security, OTA update security authentication and so on, and explain how to design a secure network-connected automobile safety architecture. The training will also share the principles of vehicle intrusion detection and defense systems published by the instructor at the HITB Conference.

Automotive software, hardware, network applications and other related developers, architects, managers, who want to engage in automotive safety research personnel, information security-related professional students.

Intelligent Hardware Vulnerability mining and utilization:

This course introduces intelligent Device vulnerability mining techniques, and takes X86, ARM, MIPS and other architectures as examples to demonstrate and teach ROP-based memory exploit technology with real vulnerability cases. In particular, students will learn from the basics of running a binary program, gradually understand the various protection mechanisms on Linux systems such as address randomization, stack unavailability, and so on, to practice and master strategies and techniques for bypassing protection mechanisms. The course contains hands-on labs for writing exploit with vulnerability cases in real hardware.

There is a certain inverse basis for binary programs

How to Gongwubuke in penetration testing:

In the era of high-speed information development, most of the enterprise information assets gradually moved from offline to online, the problem is how to protect users and their own data security. More online business, asset informatization also means the expansion of the attack surface, in the past, hackers targeted large enterprises apt attack also began to appear in some high-value small and medium-sized enterprises. Previous penetration Testing solutions have been unable to meet security requirements. This course on the one hand is a malicious hacker in the perspective of how to make a regular unconventional attack on a target to obtain the most core data of the target, on the other hand, as a personal service to hundreds of companies in the security practitioners to explain some of the problems that enterprises can not reach the point of mind. Let learners know how to attack and how to prevent it.

Enterprise security, operations, development and other technical personnel, penetration testing practitioners, or have basic penetration skills of free people

Chrome Browser Vulnerability Advanced utilization technology in Android platform--world hacker competition experience Sharing:

Will take the Pwn2Own, Pwn2Own Mobile and other hacker contest in the actual combat vulnerability as an example, explain the Android Platform Chrome Browser vulnerability of advanced utilization technology. The training is divided into two parts: the first part introduces the exploitation of the Chrome Remote Code execution vulnerability, including the principles and security of the JavaScript V8 engine, how to use D8 to learn the internal principles of the V8 engine, Combine multiple vulnerability instances to explain in detail how to implement remote code execution in a sandbox through the JS Engine vulnerability. The second part introduces the chrome sandbox escape technology in Android platform, including the principle of chrome sandbox isolation technology, the chrome sandbox escape attack surface analysis in Android platform, and the method of multi-sandbox escape in detail with multiple vulnerability instances.

There are some basic browser security researchers, security researchers for Android.

Radio Communication Security:

The training will be based on the 360 Unicorn team (Unicornteam) "Radio security and Defense Big secret" as a clue to the GNU radio and related hardware platform (including USRP, Bladerf, HACKRF, etc.) as a research tool to explain the radio attack and various emerging security threats. including mobile communication-related security issues, to explain the various base station open source software, discuss the various attack methods of pseudo-base station, introduce Femtocell hacking, share HITB meeting and DEFCON24 meeting on the issue of LTE security; attacks on the NTP server clock source, As well as the discussion about GPS spoofing attack and defense, this paper introduces the basic knowledge of GNU radio, the characteristic comparison of mainstream SDR platform, the latest trend and so on.

Executives and engineers who want to learn more about wireless technology security, students with information security related majors, people who are interested in security and offensive equipment

64-bit iOS kernel exploits advanced exploit technology--hand in hand teach you to exploit the Pangu 9 Kernel Vulnerability:

NGU9 is currently the only jailbreak tool for iOS9. This training will be based on PANGU9 exploit kernel vulnerabilities, hands-on 64-bit iOS core static analysis and Ida script development, iOS Kernel Vulnerability Mining and analysis, iOS core advanced exploits and other technologies. Combined with PANGU9 real-world Kernel vulnerability cases, detailed analysis of exploit development techniques for exploit types such as post-release use (UAF) and race conditions (Race Condition).

2016.8.15 Safety Training Camp