Applied Physical Attacks on Embedded Systems and IoT 2-Day Applied Physical Attacks on Embedded Systems and IoT
- Date
- 23 April 2018 - 24 April 2018
- Hosted by
- Hilton Washington DC/Rockville (click for group rate)
- Location
-
1750 Rockville Pike, Rockville, MD, 20852-1699
View on Google Maps - Trainer
- Joe Fitzpatrick
- Language
- English
- Capacity
- 15
Course Description
This course introduces and explores attacks on several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience implementing and deploying a number of low-cost hardware devices to enable access, privilege, and deception which is in some cases imperceptible from software.
The course has several modules. Each begins with an architectural overview of an interface, and follows with a series of labs for hands-on practice understanding, observing, interacting with, and exploiting the interface, finishing with either potentially exploitable crashes or directly to root shells.
Depending on allotted time, topic interest, and class pace, not all topics will be covered completely, but all materials are included for reference and individual practice.
Targets
This course targets a MIPS-based network router, and multiple ARM-based mobile and IOT devices. Together they are representative of a wide range of embedded devices that span consumer electronics, medical devices, industrial control hardware, and mobile devices. While there are many shared concepts and tools, the content of Applied Physical Attacks on x86 Systems stands on its own and is more relevant to fully-featured desktops, servers, and laptops.
Audience
This course is geared toward pen testers, developers and others with a security background who wish to learn how to take advantage of physical access to systems to assist and enable other attacks. No hardware or electrical background is required. Computer architecture knowledge and low-level programming experience helpful but not required.
Format
- 20% lecture
- 70% Lab
- 10% discussion
Outline
- UART
- Background: UART History, Architecture, and Uses
- UART Lab 1: Connecting to a known UART
- UART Lab 2: Identifying and analyzing an unknown UART
- UART Lab 3: Escalating and persisting UART privilege
- JTAG
- Background: JTAG History and Purpose
- JTAG Lab 1: Hardware and Software Setup
- JTAG Lab 2: Escalating Privilege via Kernel
- JTAG Lab 3: Escalating Privilege via a Process
- SPI
- Background: Flash storage and the SPI interface
- SPI Lab 1: Accessing Flash from software
- SPI Lab 2: Sniffing and Parsing SPI
- SPI Lab 3: Dumping SPI from Hardware
- SPI Lab 4: Firmware Analysis
- Firmware
- Background: More types of Flash, Storage, and Firmware
- Firmware Lab 1: Dumping Firmware from Software
- Firmware Lab 2: Manipulating firmware images
- Firmware Lab 3: Finding software bugs in firmware
Registration
$2200 (until March 26th)$2900 (after March 26th)
Cancellation requests by paid registrants must be made at least 45 days before the event and may be subject to an administration fee. In the event of course cancellation by the trainer, students may choose to attend an alternate course (space pending) or receive a full refund.
Purchase Both Classes
Applied Physical Attacks and Hardware Pentesting picks up where this course leaves off, and covers more in-depth topics. Get a discounted rate by registering for both classes together.
Pay by Check/Wire or
Request a Group Discount
Group discounts are available for 3 or more registrations.
Onsite Training
Can't make it? Our trainings are also available at a location of your choice.