YoVDO

An Azure Sphere Security Breakdown

Offered By: nullcon via YouTube

Tags

nullcon Courses IoT security Courses Security Vulnerabilities Courses Security Research Courses

Course Description

Overview

Explore a comprehensive breakdown of Azure Sphere IoT platform security in this 38-minute conference talk from Nullcon International Security Conference March 2021. Dive into Microsoft's approach to IoT security, examining lightweight security features in the custom SoC and patched Linux kernel. Learn about the Azure Sphere Security Research Challenge and discover 16 vulnerabilities identified by Cisco Talos, including a privilege escalation chain. Gain insights into IoT security, vulnerability research, and the specific challenges posed by Azure Sphere's architecture. Follow the speaker's journey through various security aspects, from app manifests to unsigned code execution and privilege escalation techniques.

Syllabus

Intro
The Azure Sphere Security Research Challenge ASSF
Azure Sphere Overview
App_manifest.json
For the Managers
For the Nerds
ASSRC Program Scope
Cool Vulns Discovered
READ_IMPLIES_EXEC
Unsigned Code Execution - PACKET_MMAP
The Escalation Chain - ASXipFS
The Escalation Chain - /dev/mtdblock1
The Escalation Chain - /mnt/config/uid_map
The Escalation Chain - Ptrace & Caps


Taught by

nullcon

Related Courses

AZ-220 - Microsoft Certified: Azure IoT Developer Specialty
A Cloud Guru
Advanced IoT Systems Integration and Industrial Applications
LearnQuest via Coursera
AWS IoT: Developing and Deploying an Internet of Things
Amazon Web Services via edX
Assessing and Managing Secure IoT Applications and Devices
LearnQuest via Coursera
Securing the IoT Landscape: From Inception to Architecture
LearnQuest via Coursera