An Azure Sphere Security Breakdown
Offered By: nullcon via YouTube
Course Description
Overview
Explore a comprehensive breakdown of Azure Sphere IoT platform security in this 38-minute conference talk from Nullcon International Security Conference March 2021. Dive into Microsoft's approach to IoT security, examining lightweight security features in the custom SoC and patched Linux kernel. Learn about the Azure Sphere Security Research Challenge and discover 16 vulnerabilities identified by Cisco Talos, including a privilege escalation chain. Gain insights into IoT security, vulnerability research, and the specific challenges posed by Azure Sphere's architecture. Follow the speaker's journey through various security aspects, from app manifests to unsigned code execution and privilege escalation techniques.
Syllabus
Intro
The Azure Sphere Security Research Challenge ASSF
Azure Sphere Overview
App_manifest.json
For the Managers
For the Nerds
ASSRC Program Scope
Cool Vulns Discovered
READ_IMPLIES_EXEC
Unsigned Code Execution - PACKET_MMAP
The Escalation Chain - ASXipFS
The Escalation Chain - /dev/mtdblock1
The Escalation Chain - /mnt/config/uid_map
The Escalation Chain - Ptrace & Caps
Taught by
nullcon
Related Courses
AZ-220 - Microsoft Certified: Azure IoT Developer SpecialtyA Cloud Guru Advanced IoT Systems Integration and Industrial Applications
LearnQuest via Coursera AWS IoT: Developing and Deploying an Internet of Things
Amazon Web Services via edX Assessing and Managing Secure IoT Applications and Devices
LearnQuest via Coursera Securing the IoT Landscape: From Inception to Architecture
LearnQuest via Coursera