This course is about reversing firmwares and exploiting vulnerabilities in tiny microcontrollers (MCUs). There are many other microcontroller architectures that differ from ARM, MIPS and x86 worlds. Most of them are small, low-power, low-frequency, sometimes hard real time devices. Even if your circuit based on ARM CPU, you will definitely find the tiny "old-fashioned" AVR or MSP chip nearby. Temperature control in Solid State Drives, velocity control in hard disks, motor control in bikes, fieldbus communications in Industrial Control Systems, even compressor control in your new(or old) fridge -- they are totally everywhere. And you should not underestimate the importance of them from security point of view -- sometimes, firmware vulnerabilities there are even dangerous than in main CPU itself, because exactly these devices doing real job and interacting physical world.
Most of these devices have very small RAM size (sometimes just hundreds of bytes) and/or using Harvard architecture, which makes exploit writing very difficult. This training is focused on how to deal with it. Attendees will learn basic (plus some advanced) methods of reverse-engineering and exploitation firmwares in such tiny microcontrollers.
This course mainly targets Microchip/Atmel ATtiny85-based devices, however the principles that will be given, could be used with other architectures. Also, there is additional module focused on other architectures, like STM8, PIC, etc.
Information security professionals, software developers, embedded device developers, computer security researchers, ICS and electronic engineers and also everyone who wants to learn how hackers may reverse engineer and exploit your product.
Alexander is a Security Consultant for IOActive. He holds a Ph.D. in computer security and his research interests lie in distributed systems, mobile, hardware and industrial protocols security. He has presented at conferences including Black Hat USA/EU/UK/Asia, t2.fi, hardwear.io, ZeroNights, CONFIdence, and S4.
Tao is a Sr. Security Consultant for IOActive. He is interested in code review, firmware analysis and embedded systems. He enjoys finding new vulnerabilities and exploiting them. He maintains CANToolz in his spare time, a python framework for black-box CAN bus analysis.