Expanding Exploitation Beyond X86 And ARM

Expanding exploitation beyond X86 and Arm, into the realm of Xtensa: A comparative short study by Carel van Rooyen and Philipp Promeuschel

With over 100 million Xtensa devices distributed by January 2018, it is clear that this is becoming a very popular platform for IoT devices. This talk will assist security researchers in the future analysis of these devices (reverse engineering application code, developing exploits) to better understand the fundamental differences between ARM and Xtensa architectures. We will show the major differences in these two (embedded) architecture, from an exploiters / attackers point of view. The security mechanisms supported by the OSes for these architectures and the difference in the very basic assembly instructions for both platforms will be shown. Searching for gadgets are discussed, in addition to stackless architecture and getting post-boot persistence.

Thanks for watching this video and you can join us on various social networking sites. Website: http://nullcon.net/website/ Facebook: http://www.facebook.com/nullcon Twitter: http://twitter.com/nullcon