Sleight of ARM- Demystifying Intel Houdini - Brian Hong - Ekoparty 2021- Hardware Hacking Space
Offered By: Ekoparty Security Conference via YouTube
Course Description
Overview
Explore Intel's proprietary Houdini binary translator, used in Android on x86 platforms, in this 36-minute conference talk from Ekoparty 2021's Hardware Hacking Space. Delve into the high-level workings and loading process of Houdini, followed by an in-depth examination of its low-level internals and memory model. Discover security weaknesses introduced by Houdini and learn methods to escape its environment, execute arbitrary ARM and x86 code, and create Houdini-targeted malware that evades existing platform analysis. Gain insights from security consultant Brian Hong's expertise in hardware penetration testing, reverse engineering, and embedded systems security.
Syllabus
Introduction
Android
Background on Android
Houdini
Houdini Uses
How Houdini Works
Houdini Explanation
Houdini Shared Object
Android Native Bridge
Android x86 Project
Java Native Interface
Native Bridge RuntimeCallbacks
Initialize Load Library
Native Code
Native Bridge
Memory
Memory Map
Execution Loop
Decompile
Processor State
Syscalls
Detection
Escape to x86
Rwx pages
Sidechannel code execution
Detection and analysis
Malware behavior
Recommendations
Static Analysis
Conclusion
Disclosure Timeline
Special Thanks
Taught by
Ekoparty Security Conference
Related Courses
Malicious Software and its Underground Economy: Two Sides to Every StoryUniversity of London International Programmes via Coursera Palo Alto Networks Cybersecurity Essentials II
Palo Alto Networks via Coursera Introducción al Análisis del Malware en Windows
National Technological University – Buenos Aires Regional Faculty via Miríadax Android Malware Analysis - From Zero to Hero
Udemy How to Create and Embed Malware (2-in-1 Course)
Udemy