This 3-day training is focused on the advanced topics that arise when you reverse engineer and exploit embedded devices based on the
microcontrollers. The main focus will be real-world tasks and questions that arise when you are performing a security assessment of
Harvard-architecture microcontroller firmware. For example, you could find such devices in automotive (e.g. inside engine control units or
electronic fuel injections subsystems) and smart home systems, input devices (e.g. wireless keyboards), IoT sensors and security access
control devices. All of them share the same "feature" -- separate storage and signal pathways for instructions and data combined with
small memory size. This creates a lot of challenges during reverse engineering and exploit creation, which will be topics for this course.
Microchip/Atmel AVR-based devices including ATmega32U4, ATmega4809 and AT90USB162
- pentesters who want to learn how to assess and exploit small-memory size and Harvard-architecture microcontrollers
- security researches.
- embedded developers who want to understand how discover and fix related vulnerabilities during development process.
- everyone who wants to learn how hackers may reverse engineer and exploit your product.
- Warming up: AVR MCUs review, instruction set, reverse engineering
- How to develop your exploit blindly, without knowing registers andmemory content of the device
- Exploiting buffer overflows in protocol parsers that receive data from UART
- Finding vulnerabilities: static and dynamic way, fuzzing and crash detection
- Gaining more information: debug and I/O points, firmware extraction, debugging interfaces
- Bootloaders and bootloader vulnerabilities
- Common weaknesses in USB device stack implementations
- Reverse engineering and finding flaws in [small-memory sized, low power] cryptographic algorithms impementation
- Attacking CAN-BUS message parsers
- Reverse engineering and finding flaws in state machines
- Exfiltrating protected information from EEPROM, firmware or external secure devices
- Exploitation of home automation protocols parsers
- Exploitation of simple buffer overflow in UART-based protocol packetprocessin
- More advanced parsers hacking: fuzzing and exploiting vulnerability in home automation protocol parse
- Leaking fuel maps from a simple EFI(electronic fuel injection) controller using weaknessed in CAN-BUS message parsin
- Extracting firmware using vulnerabilities in serial bootloade
- Reverse engineering of cryptographic algorithm implementatio
- Exploitation of vulnerabilities in USB HID device firmwar
- Attacking a system with external secure authentication device
- Understanding of reverse-engineering and basic knowledge of (at least one) assembly language
- Basic knowledge of IoT and/or embedded systems security
- Laptop with your favorite disassembler and internet connection
Remote participation (due to the current circumstances)
This training is intended for online (remote) participation. If it
will not be possible to carry on offline training, participants will
be provided with hardware kits and instructions on how to setup / use
them. On the day of training, students will receive information about
how to access online class.
ABOUT THE TRAINER
Alexander is a Senior Security Consultant for F-Secure. He holds a
Ph.D. in computer security and his research interests lie in
distributed systems, mobile, ICS and embedded systems security. He has
presented at various conferences including Black Hat USA/EU/UK/Asia,
t2.fi, hardwear.io, ZeroNights, CONFIdence, and S4.