TRAINER: ANDRÁS KABAI
/ Cyber Security Services – Deloitte Hungary
András works for Deloitte’s Cyber Risk Services. He has over 15 years of professional penetration testing background, he has a special focus on hardware hacking and automotive security. His interest in hardware security is coming from his studies in electronics, DIY and hobby projects, reversing and hacking. He is the designer and lecturer of custom car hacking and hardware hacking training programs (including custom electronics, PCBs, simulated ECUs) made for different Automotive OEMs and other clients. Andras established and leading Deloitte Hungary’s hardware hacking service line and he is also responsible for the cyber practice’s car hacking services. He and his team delivered hardware hacking projects worldwide and have clients from Automotive, IoT and FSI sector.
DURATION:
3 days
DATE:
22-24 October 2019
TIME:
08.00 – 17.00
VENUE:
MOM Cultural Center, Budapest
FREE PREMIUM ACCESS TO AVATAO TRAINING PLATFORM
Every Hacktivity Training participant will receive 1 month FREE Premium access to the Avatao training platform. The platform is designed by developers for developers and offers hands-on, job-relevant training exercises that enable users to learn new skills, gain new insights, and practice new approaches in software security.
The platform has over 800 challenges covering the entire SDLC. You will learn how to properly write and review code that will prevent unwanted data breaches and system vulnerabilities.
OVERVIEW:
Underlying hardware is often the forgotten weak point of systems, which are otherwise considered secure. This makes the hardware a valuable target for attackers and this is why it is important to be aware of potential related issues and vulnerabilities. Whether you are on blue team or red team side, you can benefit from this class and develop your skills to understand your target, analyze and interface with its communication channels, manipulate the electronics, identify and to exploit issues.
In this three-day comprehensive class, we will cover the tools, reverse engineering and hacking techniques commonly used in the hardware hacking process. The training contains lectures, however the main focus will be on the practical hands-on exercises. During the lab exercises, you will work on a custom hardware hacking training badge (which you can keep after the class) and other COTS devices.
The course contains a final hardware hacking challenge, where trainees have to apply what they have learned, to find weaknesses in the targeted system and to circumvent the applied security implementation. No electrical background or hardware hacking experience is required. The main aim of the training and the tailored agenda is to provide valuable hardware hacking knowledge to trainees, even in a limited timeframe.
Topics covered, but not limited to:
Reconnaissance
- Product teardown and component identification
- Data sheets
- Schematics
- PCB reverse engineering
Signal measuring / analysis, tools and techniques
- Multimeter
- Logic analyzer
- Oscilloscope
Soldering and desoldering
Generic communication interfaces and buses (analysis, manipulation, attack)
- UART
- I2C
- SPI
Identifying and using debug interfaces (debugging, coding, firmware extraction)
- JTAG
- SWD
Interfacing and manipulating external memory chips (extraction, manipulation, attack)
- Flash
- EEPROM
- eMMC
Basic side channel and fault injection attacks
- Power glitching
- Timing attacks
Typical issues and pitfalls in HW security
Using combination of SW/HW tools to attack hardware
Hardware hacking challenges for different topics
WHO SHOULD TAKE THIS COURSE
- Penetration testers who want to open to hardware hacking
- Security professionals who want to build hardware hacking skills
- Red team members with embedded/IoT/other electronic components in focus
- Bug hunters who want to find vulnerabilities in IoT or embedded systems
- Embedded / IoT developers
- Embedded / IoT security enthusiasts
- Anyone interested in hardware hacking
STUDENT REQUIREMENTS
- No electrical background or hardware hacking experience is required.
- Generic knowledge on digital electronics, MCUs, prototyping platforms (e.g. Arduino) are helpful, but not necessary.
- Expect to make simple code (with every help and guidance) in C, Python or other script languages.
WHAT STUDENTS SHOULD BRING
Students must bring their own laptop with administrative access and containing fully functional USB, Ethernet and WiFi interfaces. The laptop must be prepared to run VMWare virtual machine (min. 30GB HDD, 4GB RAM).
WHAT STUDENTS WILL BE PROVIDED WITH
- Training slides
- Custom hardware hacking training badge (one for each participant to keep)
- Linux virtual machine, prepared for the hands-on exercises
- Every necessary tool and equipment (e.g. multimeter, logic analyzer, soldering iron, interfaces, electronic components, breadboard, cables) during the course, for the hands-on exercises