The course introduces students to exploit development in MIPS processor architecture. Exploit development on MIPS processor hasn’t seen the attention that other architectures such as x86 and ARM got. With the growing IoT devices, we have been seeing many embedded devices with MIPS architecture alongside ARM. Exploit development is getting harder and harder with exploit mitigation techniques in place. But, the good news is that it is not impossible to write working exploits as exploit mitigation techniques do not fix the underlying problem in the vulnerable source code. This practical training starts with the basics of MIPS Architecture and slowly moves towards writing own shell code and creating working exploits using Return Oriented Programming for a given target binary. To give a sense of real exploitation, real world examples will be discussed with proof of concept exploits. By the end of this training, students will be able to write Memory corruption exploits for MIPS architecture, understand how Return Oriented Programming can be used in MIPS for modern day exploit development and bypass some of the most common exploit mitigation techniques such as ASLR.
Syllabus
- Introduction to MIPS Architecture
- An overview of QEMU MIPS setup
- MIPS compared to x86 and ARM
- Basics of GDB
- Basics of MIPS assembly language
- Debugging MIPS Binaries
- Introduction to Memory corruption attacks
- Writing MIPS shellcode
- Avoiding Bad characters
- Stack based Buffer Overflows in MIPS
- Ret2Libc in MIPS
- Dealing with MIPS cache incoherence
- Exploit Mitigation techniques
- Return Oriented Programming
- Bypassing ASLR
- Introduction to Heap overflows in MIPS