Applied Physical Attacks and Hardware Implants 2-Day Applied Physical Attacks and Hardware Implants

04 December 2019 - 05 December 2019
Hosted by
Seaport Conference Center
459 Seaport Ct, Redwood City, CA 94063
View on Google Maps
Joe FitzPatrick

Course Description

Hardware-based Evil Maid, Interdiction, and other attacks sound fancy and exotic. They might make headlines, but many of the techniques are accessible to hobbyists.. They may not be as small as a grain of rice, but in this two-day course you’ll combine hardware hacking with rapid prototyping to build real custom hardware implants.

In the span of two days, you will design, build, and program:

  • A hardware man-in-the-middle device
  • A wireless ‘tap’ for a wired hardware protocol
  • A standalone hardware protocol payload delivery device
  • A malicious device embedded inside another device

This class builds upon the previous Applied Physical Attacks classes, combining the hardware hacking basics and the rapid prototyping skills into one end product. Combining this course with Applied Physical Attacks on Embedded Systems, Applied Physical Attacks and Rapid Prototyping, or both should help you fill in any background you need.


This course is specifically geared towards attendees who have some hardware hacking under their belt plus familiarity with rapid prototyping techniques.


  • 10% lecture
  • 80% Lab
  • 10% discussion

Course Outline

This course is still in development. The format will be less linear than my other classes.

We’ll start off by introducing four cases. Individually or in groups, you will be guided through the process of:

  1. Identifying the target and measure it mechanically and electrically
  2. Designing the circuit to interface with the protocol
  3. Laying out and milling a PCB to help them interface
  4. Designing and printing an enclosure/jig for the implant
  5. Coding the microcontroller to perform the malicious action
  6. Testing and demonstrate the result.

There should be sufficient time to complete 2 of the test cases within the class time, possibly more depending on prior background. In the unlikely even that all the prototyping equipment fails, reference designs will be available.

The case studies are still in development but will likely be:

  • UART MITM to filter traffic
  • JTAG-based implant that plays back a stored payload
  • Remotely-triggered I/O override
  • Malicious USB Cables (if feasible with the limited manufacturing precision available on-site)


This two-day course assumes some experience:


$2200 (until November 1st)
$2900 (after November 1st)
Cancellation requests by paid registrants must be made at least 45 days before the event and may be subject to an administration fee. In the event of course cancellation by the trainer, students may choose to attend an alternate course (space pending) or receive a full refund.

Pay by Credit Card

Purchase Both Classes

This course picks up where Applied Physical Attacks and Rapid Protoyping leaves off. Get a discounted rate by registering for both classes together.

Pay by Check/Wire or
Request a Group Discount

Group discounts are available for 3 or more registrations.
Request Invoice

Onsite Training

Can't make it? Our trainings are also available at a location of your choice.
Request an Onsite Quote