Hacking the USB World with FaceDancer 2-Day Hacking the USB World with FaceDancer

28 November 2018 - 29 November 2018
Hosted by
Seaport Conference Center
459 Seaport Ct, Redwood City, CA 94063
View on Google Maps
Kate Temkin and Dominic Spill

Course Description

HardwareSecurity.Training has invited Kate Temkin and Dominic Spill to present Hacking the USB World with FaceDancer to round out the offerings at our training event in Redwood City, CA in November.

Course Description

USB connectivity has become ubiquitous: the sheer variety of usb-connected devices— ranging from computers and game consoles to resource-constrained embedded systems— has resulted in a wide variety of vendor-specific protocols and custom USB software stacks – presenting a unique and omni-present attack surface. The ability to able to fuzz, monitor, mitm, or emulate USB can often be a foot in the door for working with black box systems; whether your goal is to build tools that work with existing hardware and software, find vendor interfaces or vulnerabilities to execute custom code, or to play NSA.

This exercise-driven training covers the basics of USB, and explores the role of USB in attack and defense using open-source hardware and software, including FaceDancer and GreatFET. Over the span of two days, you’ll explore the tools and techniques relevant to modern USB security, learn how to craft and defend from real-world exploits, and explore the depths of the USB security model. Course instructors will share real-world experience developing both USB tools (including FaceDancer and USBProxy) and USB exploits (including the Tegra RCM exploit that completely compromises devices using NVIDIA’s embedded processors, such as the Nintendo Switch).


In this training, we’ll teach you what you need to get into USB hacking– including:

  • Fundamentals of USB: how USB hosts and devices communicate, from the physical layer to the basics of enumeration and standard device classes
  • Understanding existing USB devices: how you can use open-source software and hardware tools to reverse engineer and understand existing USB devices
  • Understanding the USB attack suface: understanding the (lack of a) USB trust model, and understanding how misbehaving hosts and devices can wreak havoc
  • Rapid construction of new USB devices: how to use the FaceDancer tool kit to rapidly create new USB devices– including creation of misbehaving USB devices
  • Manipulation of existing USB devices: including using USBProxy to man-in-the-middle USB communications to tamper with target hosts and devices
  • Using USB skills offensively and defensively: using the skills developed thus far to attack USB hosts and devices, and understanding the challenges of securing USB hardware
  • Advanced USB techniques: including discussion and demonstration of real USB attacks developed by the trainers

This training is primarily excercise-driven, and will primarily consist of hands-on, CTF-style excercises interspersed with short lectures. Students will gain experinence with open-source hardware and software– including GreatFET, FaceDancer, and USBProxy– and learn how they can apply these tools to their own development, research, and pentration testing work.


This training is targeted towards a technical audience, and aims to introduce USB tools and techniques to developers, IT professionals, and security professionals. Anyone with an interest in security and who works with USB systems will benefit.


Attendees should have basic proficiency in a scripting language, with a casual familiary with Python preferred. Course exercises will involve simple Python development, but a very basic familiarity with a scripting language should be sufficient.

A laptop with at least three USB ports (or a USB hub).

Registration Soon

Sorry, registration for this course has not yet opened. If you are interested in this course please email us and we will let you know as soon as registration is open.
Cancellation requests by paid registrants must be made at least 45 days before the event and may be subject to an administration fee. In the event of course cancellation by the trainer, students may choose to attend an alternate course (space pending) or receive a full refund.

Onsite Training

Can't make it? Training is also available at a location of your choice.
Request an Onsite Quote