Maria Markstedter is a renowned Arm reverse engineering and exploitation expert. She is the founder and CEO of Azeria Labs, providing training services to both the public and private sectors. Her training courses have earned a reputation for being of the highest quality in the field, making them highly sought after.

Participants of her courses benefit from her comprehensive understanding of the subject matter and her ability to effectively communicate complex concepts. Her training sessions are designed to be engaging, hands-on, and tailored to the specific needs of the participants, ensuring a rich learning experience.

Maria is the author of the bestselling book, “Blue Fox: Arm Assembly internals & reverse engineering,” which has become a staple resource for aspiring and experienced professionals in the field.

She has worked in various cybersecurity sectors, including penetration testing, threat intelligence, reverse engineering, and exploit development. Previously, she served as Chief Product Officer of Arm virtualization startup Corellium.

Maria was included in the Forbes 30 under 30 in Tech list for 2018 and received the “Forbes Person of the Year in Cybersecurity” award in 2020.

She has collaborated with Arm Ltd. on exploit mitigation research in Cambridge and has delivered keynote speeches at conferences like the Arm Research Summit and Black Hat USA.

Packed with practical labs and hands-on examples, our AMR Reverse Engineering course is designed to give students a deep understanding of Arm 32-bit and Arm 64-bit assembly, and to perform both static and dynamic analysis of compiled programs.

Our reverse engineering courses are based around a series of reverse engineering labs, ranging from pure reverse engineering of compiled binaries to offensive security-focused vulnerability discovery and vulnerability class hunting.

Day 1: Assembly Internals and Shellcoding
This module is dedicated to providing attendees with a strong understanding of the Arm 32-bit instruction set, based on the Armv8-A architecture (which includes new instructions for A32). Participants will learn how to perform static and dynamic analysis of compiled programs and learn how to write shellcode from scratch. Through hands-on labs, students will reverse engineer binaries, write shellcode, and exploit memory corruption vulnerabilities.

Day 2: Exploit Development for Firmware N-Days, Advanced ROP Techniques
This module focuses on practical exploitation of two real-world router firmware targets. Students will learn the process of building memory corruption exploits and debugging real world processes from scratch. They will also develop advanced null-free mprotect() ROP chains to bypass the XN exploit mitigation, avoiding noisy techniques like ret2libc through the system() API. Debugging and analyzing real-world processes will teach students how to overcome common obstacles and handle process forks.

Day 3: Advanced Heap Exploit Engineering (A32)
This module provides an in-depth study of exploit categories and techniques for improving exploit reliability. Students will focus on the heap-overflow vulnerability category, engaging in exercises that cover advanced heap exploitation techniques. They will apply these skills to develop a fully functional exploit that bypasses all available exploit mitigations on the target. Concepts taught include heap grooming, creating relative and arbitrary read primitives, and constructing fake vtables.

Day 4: A64 Assembly Internals and Shellcoding
This module is tailored to provide students with a solid foundation of the A64 instruction set. Building up on the initial A32 Assembly module, this module teaches students the differences between A32 and A64, as well as new instructions unique to A64. To solidify their understanding, students will write their own A64 shellcode. Due to the lack of Thumb mode in A64, writing null-free A64 shellcode is an interesting challenge to test their knowledge and explore less common instructions.

Day 5: A64 Reverse Engineering & Memory Corruptions
This module brings the students’ understanding of the A64 instruction set to the test, as they apply their knowledge to reverse engineering challenges designed to teach them how to trace user-input statically. The second part of this module focuses on the difference between exploiting memory corruptions in A32 and A64.
Bonus Material (5-day version): Two extra days of content for self-paced learning (total of 7 days of material)

Bonus Day 6: A64 Exploit Development & Mitigation Bypasses
In this module, students are challenged to exploit different vulnerability types on the second day. This includes labs where students exploit an uninitialized stack variable to bypass ASLR, exploit a stack buffer overflow, and leverage an Out-of-Bounds read bug to defeat stack canaries.

Bonus Day 7: A64 Vulnerability Analysis
This module focuses on debugging vulnerable targets to identify three types of vulnerabilities: an out-of-bounds read bug, a buffer overflow via global index value, and a heap overflow.

Key takeaways:

• Disassemble and debug real-world applications

• Perform vulnerability discovery and learn about different vulnerability classes

• Understand control flow of real-world applications

• Learn to use disassembly tools like Ghidra, radare2, Frida, and GDB

​

Prerequisites: RE concepts

​

What you get after the training:

• itrainsec shareable certificate, signed by the trainer (add it to your LinkedIn profile) 

• Course materials 

• Practical skill to elevate your career to the next level 

• After-training consultancy and support 

• Expansion of your professional network in the cybersecurity industry 

• Stronger cybersecurity posture of your business