There’s no doubt that the IT security world is incredibly diverse and fascinating. And among the host of major vendors providing almost every kind of service, there’s a very important niche of self-made, privately owned security companies that are evolving quickly and providing very specific, high-quality and totally unique services.
I'm pleased to announce a partnership with one such company – Azeria Labs.
Driven by the realization that Arm-based devices were going to take over the world and nobody was looking very closely at how to secure them, Azeria Labs was founded in 2017 with the goal of educating the next generation of security experts to defend and exploit these Arm-based devices and the software they run.
I met Maria Markstedter at one of the SAS conference and was blown away by her pecha-kucha talk exploring new depths of threat hunting. She effortlessly captivated the audience in a format that can be challenging even for seasoned speakers, especially when the content is highly technical.
To cut a long story short, we’ve since become great friends and have now formed a partnership. I am happy to introduce Maria Markstedter, Founder and CEO of Azeria Labs, partner and friend, who has kindly agreed to chat about business, cybersecurity and her life values.
Who or what is ‘Azeria’?
‘Azeria’ is the Basque word for ‘fox’. Foxes are curious, chaotic and know what they want.
How did you come to own a business?
Being my own boss means I get to work on problems I enjoy solving and it also gives me the freedom to allocate some of my time to contribute to the community without attaching a price tag, such as writing free tutorials and giving free workshops. When you own a business, you get paid what your services are worth without underselling yourself to a corporation.
Why these particular training courses?
The market share of Arm-based devices has been exploding over the past few years. Many people are familiar with more popular instruction sets like Intel’s x86 and want to advance their skillset with Arm. For this reason, the courses I provide range from IoT exploitation, reverse engineering A32 and A64, and mobile exploitation.
What makes your courses stand out from other similar courses?
My courses have a unique structure. The learning experience is incredibly important to me. Every student gets an extensive lab workbook, full of step-by-step instructions laying out the process of solving a given problem so that nobody falls behind. Additionally, the slides are filled with technical graphics detailing the inner workings of complex subjects. I’m a visual learner and experience has shown that students learn much better and faster when you add visual illustrations to the seemingly dry content you are trying to teach them. This way, my attendees learn much faster, which enables me to put more content into a course without overwhelming anyone.
Who is the target audience for your courses?
That depends on the course. I work with different types of organizations, from forensics departments at law enforcement agencies and tech companies, to developer-focused organizations. My clients get a portfolio of subjects they can choose from and decide what they want to focus on. For example, developers might choose an Arm assembly course combined with reverse engineering and exploit mitigations from a defensive perspective to learn how hackers think and what makes each mitigation important. Another example might be an automotive company that wants to level up the skills of their red team so they can come up with better defense mechanisms for their products. Forensics departments might want to understand the internals of specific attacks to understand how attackers can break into specific devices and reverse-engineer implants they found.
What was your first thought when I told you about itrainsec? Why did you agree to the partnership?
I’ve known you {Dasha Diaz, Founder of itrainsec} for many years and know what a great organizer you are! I have faith in your ability to make this company a success and am honored to be part of it.
Thank you:) Tell me about your plans for the future, what's there?
For the near future, I’d like to finish my two upcoming books on Arm reverse engineering and vulnerability discovery and make them the best on the market. I am also working on online training with the aim of creating the perfect virtual learning experience that doesn’t just consist of videos. Students will get their own virtual lab environment, including in-browser terminal and step-by-step instructions to guide them through the material. I’m excited about this.
What are the values of Maria Markstedter – as a woman, as a businesswoman, as a security expert?
As a businesswoman: I never compromise on quality, ever. I put my heart and soul into every project. Being detail-oriented and perfectionistic, this often means spending more time on a project than is expected, but the end result is always worth it.
On a personal level: Discipline, dedication, creativity, optimism, focus, diligence, open mindedness, willpower, loyalty.
As a security expert: seeing the bigger picture, sharing, inspiring change, encouraging others. Throughout my career, the most important aspects for me have always been contribution and education, which is why I work closely with Arm Ltd. to educate developers about IoT security. I rarely give conference talks, and only focus on those where I see a significant benefit for the audience. For example, I like giving talks at developer-focused embedded conferences where I can teach developers about the importance of exploit mitigations and inspire them to take security seriously.
For my blog, the value of my contribution to me is in relation to how many people I can help. The tutorials I publish are by no means the full extent of my knowledge, but they are made in a way that people don’t feel overwhelmed or “not smart enough for this”. It is more important for me to help as many beginners as possible and inspire them to get started in this field than showing off some niche trick that only five people understand and profit from.
Thank you!
Packed with practical labs and hands-on examples, our AMR Reverse Engineering course is designed to give students a deep understanding of Arm 32-bit and Arm 64-bit assembly, and to perform both static and dynamic analysis of compiled programs.
Our reverse-engineering courses are based around a series of reverse engineering labs, including pure reverse-engineering of compiled binaries through to offensive-security-focused vulnerability discovery and vulnerability class hunting.
This course begins with an introduction into the Arm architecture and assembly language, and how to build shellcode that can be used in exploits against Arm targets. Students then learn how to debug vulnerable processes, build advanced ROP chains, and bypass exploit mitigations like XN, ASLR, and Stack Canaries.
The course ends with an introduction to Heap Exploitation where students exploit a UAF and a linear heap overflow to ultimately bypass all exploit mitigations that can be enabled on the IoT device.
This course is optimized for students just starting out in exploit development or security engineering for Android on ARM.
Our course begins with a detailed introduction to the Arm 64-bit processor and assembly language, with labs covering more advanced shellcoding techniques targeted specifically at Android. Students will deploy their own shellcode and learn how to debug and develop complex functionality for use in their own exploits.
About the trainer
Maria Markstedter is a security researcher focusing on Arm security and reverse engineering. She is the CEO of Azeria Labs, and has trained hundreds of security engineers on mobile & IoT security and exploitation by providing private trainings all over the world and is partnering with many of the industry-leading security conferences. She holds a Bachelor’s degree in Corporate Security and a Master’s degree in Enterprise Security. In 2018, Maria became a Forbes “30 under 30” list member for technology and has been featured in Vogue Business Magazine. She is a member of both the Black Hat® EU and US Trainings and Briefings Review Board and is partnering with Arm Ltd. to educate developers around the world on exploit mitigation internals. In 2023 Maria published her insightful and comprehensive guide to ARM assembly language, “ARM assembly. Internals and reverse engineering”.
#cybersecurity #infosec #cybersecuritytraining #reverseengineering #threathunting #itrainsec #womenintech #womeninsecurity #womenincybersecurity #iot
Comments