This course is a deep dive into Embedded/IoT firmware where we will start from the very basics – understand the multistage boot process, the kernel and root filesystem, how to build them with a custom toolchain and how they can be compromized with user and kernel mode backdoors/rootkits. We will be using the latest 4.15.x kernel for this course on an ARM architecture board.
A non-exhaustive list of topics to be covered include:
- Embedded/IoT device architecture basics
- Understanding the Boot Process
- Multi-stage Bootloaders
- Creating a custom toolchain with crosstool-NG
- U-boot build and deep dive
- Booting a device manually with u-boot
- Kernel and Device Tree basics
- Custom Kernel and DTB builds
- Building the runtime C library (uClibc)
- Building the root filesystem and BusyBox
- Debugging the system over UART
- Understanding Kernel mode rootkits
- Embedded/IoT system constraints
- Kernel mode rootkits on IoT/Embedded devices
- Syscall monitoring and hijacking
- Process manipulation
- Network stacking hooking with Netfilter
- Kernel mode Network backdoor with C&C
- and many others
