19th - 20th Sept | 2 Days
This course introduces and explores attacks on several different relatively accessible interfaces on x86 systems. Attendees will get hands-on experience implementing and deploying a number of low-cost hardware devices to enable access, privilege, and deception which is in some cases imperceptible from software. The course consists of several modules. Each begins with an overview of an interface and its architecture, followed by 2 or more labs focused in interacting and exploiting the interface using current tools.nees will also work on real-world devices guided by our experienced instructors. This includes an introduction to common software tools that hardware hackers use. After successfully completing this training, the attendees will be able to find basic attack vectors on the physical layer of an embedded system.
This is a tentative outline. Labs are currently in development. Labs, modules, and contents are subject to change based on classroom feasibility and class time constraints
Module 1: USB
Background: USB Architecture and background:
USB Lab 1: GoodUSB and BadUSB:
USB Lab 2: USB Impersonation and Fuzzing:
Module 2: BIOS and SPI
Background: Early Boot and SPI interface:
BIOS Lab 1: BIOS dumping and analysis:
BIOS Lab 2: BIOS patching to modify CPU/OS features:
Module 3: SMBUS
Background: Uses of SMBUS in x86 systems:
SMBUS Lab 1: Software Map of SMBUS devices:
SMBUS Lab 2: Snooping and Injecting via Hardware:
Joseph FitzPatrick (@securelyfitz)
Joseph FitzPatrick (@securelyfitz) has spent a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He develops and delivers hardware security training at https://SecuringHardware.com, including Applied Physical Attacks on x86 Systems. In between, he keeps busy with contributions to the NSA Playset and other misdirected hardware projects, which he presents at all sorts of fun conferences.
Subscribe with us by submitting your email address and know more about our future events and updated information.