Itzhak ‘Zuk’ Avraham (Founder, Zimperium)

Presentation Title Popping Shell On A(ndroid)RM Devices
Presentation Abstract

Attendees to this talk will gain in-depth knowledge on how to exploit ARM buffer overflows and use Ret2ZP attacks. We will demo a vulnerable application exploitation using Ret2ZP in two different scenarios as local and as remote attacker on Android devices. We will cover the problems with native/mixed code debugging, issues with current implementations of Android and how ARM exploits can still be used if better security prevention techniques are applied (XN bit). A shellcode creating script for Android using ret2zp technique will also be released.

About Itzhak (Zuk) Avraham

Itzhak Avraham (zuk) is a Computer & Network Security Expert who has done a wide variety of vulnerability assessments. Itzhak worked at the IDF as a Security Researcher and later as Security Researcher Training Specialist. Itzhak has worked at top penetration testing/research companies in Israel. Proud owner of where he does freelance work for special pentesting/hacking/research/reverse engineering projects. He’s interested in all hacking related topics and really dislikes writing about himself in the third person. Itzhak can be found on Twitter :@ihackbanme and on his personal hacking related blog at