This website is split into two parts: APT Lifecycle Basics and ARM Exploit Development Basics. This is a personal project that is meant to contribute to the infosec community by helping interested folks to understand the concepts of complex topics. The APT part contains an introduction into certain stages of the APT lifecycle and shows real world examples of tactics used by well-known APT groups to highlight the concept of TTPs (Tactics, Techniques, and Procedures). The ARM part is a continuous project that starts with a tutorial series on ARM assembly basics and continues with an introduction to exploit development on the ARM platform.
ARM Assembly Basics
The ARM Assembly Basics section of this site is meant for people who want to get the familiar with the ARM Assembly language. These tutorials do not require prior knowledge about ARM platform and are a good starting point for future ARM reverse engineers or exploit developers.
ARM Exploit Development
The ARM Exploit Development section is for those who have enough knowledge about ARM assembly language and want to learn how to write exploits for ARM. We will cover the most common vulnerabilities, ways to exploit them, and tips on how to write/modify your shellcode, etc.
Even the most skilled professionals forget stuff. To make your life easier while reverse engineering or exploiting ARM applications a few cheat sheets will be published which you can use during your work/research for quick lookup on data structures, ARM assembly language, and debugging commands.
Describes how attackers prepare for their campaign. This step mainly includes information gathering through OSINT, passive and active fingerprinting, etc.
Step where the initial foothold is established. The most common approaches include Spear-Phishing, Water Hole attacks or direct exploitation.
Persistence is deployed for maintaining the access to compromised systems. Common techniques rely on file system and registry changes.
Command & Control
Communication between infected system and attacker is controlled via a central server. Some techniques involve cloud based services.
Allows stealthier persistence and effective credential harvesting. Achieved due to insecure configuration or attacking system via a Zero-Day vulnerability.
Propagation over the target infrastructure by abusing collected credentials or exploiting unpatched systems. Facilitates asset discovery.
Stage where attackers try to discover valuable information. Performed by file search, gaining access to specific systems, etc.
Describes exfiltration of sensitive data that was collected during the campaign. Outlines techniques of copying files to attacker’s server.