Vulnerability Research and Exploitation on Edge Devices: Memory Corruption Edition // Marco Ortisi

Virtual | March 22-31 | 32 Hours

BOOK NOW

ABSTRACT

Attacks targeting edge devices are steadily increasing. Because these systems are intentionally exposed to the internet, they often serve as easily identifiable entry points for attackers. Edge devices span a broad range of technologies (including VPN servers, firewalls, load balancers, routers, and email gateways) which makes them highly attractive targets for both cybercriminals and nation-state actors seeking initial access to enterprise environments. Bug bounty programs are also placing growing emphasis on vulnerabilities in these systems.

In hands-on training, participants will walk through the complete process of vulnerability research and exploitation on a real-world embedded edge device commonly deployed within Fortune 500 environments. Starting from restrictive shells and locked-down filesystems, participants will progress through fuzzing, crash triage, and root-cause analysis, and ultimately weaponize memory-corruption bugs to achieve remote code execution.

The course focuses heavily on practical exploitation workflows: jailbreak techniques for analysis, bypassing vendor-specific protections, adapting fuzzers to embedded attack surfaces, and converting “unexploitable” crashes into reliable exploitation primitives. By the end of the training, participants will have both the methodology and practical skills needed to independently discover and exploit vulnerabilities in edge devices.

INTENDED AUDIENCE

Security researchers, security analysts, penetration testers, red/blue/purple team members, exploit developers

KEY LEARNING OBJECTIVES

• Examination of real-world use cases and vulnerability discovery through fuzzing sessions, reflecting how the bugs were originally uncovered in practice.
• Five total case studies, three of which involve unpublished vulnerabilities.
• Weaponization of the identified vulnerabilities.
• No vulnerabilities are presented in administrative management consoles, as these are less relevant as case studies and often not directly exposed online.
• All selected vulnerable components are internet-facing and tied to the user-accessible interface of the target platform—components that, by design, must be reachable from the internet.
• Advanced debugging techniques.

COURSE OUTLINE

Jailbreak & Environment Setup

• Gaining control of the targeted device
• Root filesystem extraction
• Jailbreak strategies to escape restrictive shells
• Persistent backdooring techniques
• Unlocking read-only filesystems for analysis and modification
• Leveraging vendor libraries and APIs to perform meaningful system operations
• Identifying CVE-2023-46805 entry points prior to patch release

Attack Surface Mapping & Fuzzing

• Identification of exposed components
• Case Study 1: CVE-2025-0282 — Analysis & Weaponization
• Case Study 2: CVE-2025-22457 — Analysis & Weaponization
• Preparing the environment for fuzzing and crash analysis
• Fuzzing self-contained C/C++ libraries for isolated crash discovery
• Extending fuzzing over the network and triaging remote crashes
• Case Study 3: CVE-2022-35258

Crash Analysis & Exploit Development

• Refining fuzzers to improve coverage and trigger deeper bugs
• Case Study 4: CVE-2022-35254
• Case Study 5 Part 1: CVE-2026-XXXXX (0-day currently under coordination and pending fix)
• Turning the “unexploitable” into exploitable
• Methodology for pivoting from benign reads to dangerous writes
• Exploitation workflows tailored to embedded system constraints
• Overcoming practical challenges to achieve remote code execution: consolidated overview

Knowledge Prerequisites

Students should have basic web application hacking knowledge, reverse engineering and C skills and familiarity with Python. Basic Knowledge about memory corruption mitigations & bypasses (ASLR, DEP, RELRO, stack canaries, etc...) is suggested, although the trainer will quickly go through such concepts during the training course.

System Requirements

• Students should have access to a computer with 8 GB RAM (16 GB suggested) and at least 40 GB free disk space.
• Students should install a disassembler of their choice (e.g., IDA or Ghidra), the web proxy Burp Community Edition as well as a virtualization software (VMware Workstation Pro advised).

YOUR INSTRUCTOR: Marco Ortisi

Marco has been working in IT security professionally since 1999. After several roles in Italy and abroad as a penetration tester, vulnerability researcher, team leader, and eventually red team manager, he went through a midlife crisis that led him to return to vulnerability research and analysis (especially 0days). He rediscovered the joy of reporting to no one but himself. Marco is a former speaker and trainer at TyphoonCon, BlackHat, BruCON, HackInBo, BlackAlps and many other conferences.

Ringzer0’s Virtual Training Experience & FAQ

What can I expect from a virtual training delivered by Ringzer0, and answers to frequently asked questions.

Ringzer0Ringzer0

OTHER VIRTUAL TRAINING COURSES