Please note: the training ticket does not include access to the conference. Similarly, the conference ticket does not grant access to the trainings. If you have any questions, reach out to us.
Training Objectives:
The significance of Automotive Security has been rapidly increasing, however, gaining entry into this research domain remains a challenging feat.
In this instructional program, we aim to impart fundamental knowledge on automotive protocols and systems that are required to understand all details and specialties of Electronic Control Units (ECUs). We provide physical ECUs for the purpose of hardware reverse engineering and elucidation. Moreover, we offer a virtualized environment that helps to overcome the typical difficulties encountered during practical work on hardware systems. In the automotive industry, each Original Equipment Manufacturer (OEM) follows a distinctive design philosophy. Hence, we introduce relevant tools and background information, necessary for the exploitation of actual cars and ECUs. Lastly, we exhibit automation strategies for the assessment of automotive network security and system security.
What to Expect? | Key Learning Objectives:
- How to identify attack surfaces on ECUs
- Introduction to Hardware Reverse Engineering of ECUs
- Understand low level CAN and CANFD communication and attacks
- Obtain an overview on common vehicle architectures and network topologies
- Know the most relevant protocols in vehicles
- Receive hands-on experience in automotive network scans
- Get an overview on toolchains of OEMs and their software update mechanisms
- Know basics about current immobilizer systems
- Deep-dive into automation strategies of automotive penetration tests
Training Detailed Description:
Schedule
Day 1:
| Time | Topic | Description |
|---|---|---|
| 09:00 - 09:15 | Intro | |
| 09:15 - 09:45 | Vehicle Networks | |
| 09:45 - 11:00 | CAN (FD) | Basics, Attacks | |
| 11:00 - 12:00 | CAN Exercise | Attacking CAN (Torcs) | |
| 12:00 - 13:00 | Lunch break | |
| 13:00 - 14:00 | Hardware Reverse Engineering | |
| 14:00 - 15:30 | Hardware Exercises | Reversing HW and attach CAN, talk to ECU | |
| 15:30 - 16:00 | ISOTP | |
| 16:00 - 17:00 | ISOTP Scanning |
Day 2:
| Time | Topic | Description |
|---|---|---|
| 09:00 - 10:00 | DoIP / HSFZ | |
| 10:00 - 12:00 | UDS / GMLAN | |
| 12:00 - 13:00 | Lunch break | |
| 13:00 - 15:00 | UDS Exercise | Scanning | |
| 15:00 - 16:00 | OEM Specifics | |
| 16:00 - 17:15 | Free Hacking | Break SA, Flash ECUs, Exploitation |
Day 3:
| Time | Topic | Description |
|---|---|---|
| 09:00 - 10:00 | Firmware Extraction | |
| 10:00 - 12:00 | Firmware Reverse-Engineering | |
| 12:00 - 13:00 | Lunch Break | |
| 13:00 - 14:30 | Exploitation (Security Access) | |
| 14:30 - 17:00 | Exploitation (Remote Code Execution) |
Who Should Attend? | Target Audience:
Researchers and Engineers either with a Background in Security or in Automotive.
What to Bring? | Software and Hardware Requirements:
- Laptop with WiFi or Ethernet and Admin / root privileges
- (Arch) Linux is the preferred OS
- SSH client - Installation of latest Ghidra version
- Installation of Wireshark and Python3
What to Bring? | Prerequisite Knowledge and Skills:
- Basic knowledge of programming (C, Python)
- Basic knowledge of Linux
- Basic knowledge of embedded systems is a plus, but not required
- Basic knowledge of firmware reversing with Ghidra is a plus, but not required
- Basic knowledge of Wireshark or Scapy is a plus, but not required
Resources Provided at the Training | Deliverables:
Students will be provided with real world ECUs, a Virtual Machine and access to our comprehensive online book for automotive security topics
ABOUT THE TRAINERS
Dr. Nils Weis, researcher in Automotive Security with over 7 years of experience, currently spearheading dissecto GmbH, a spin-off from the Laboratory for Safe and Secure Systems (las3.de) at the University of Applied Sciences in Regensburg.
Dr. Weiss’s passion for Automotive Security was ignited during his internship at the industry giant, Tesla Motors, which eventually led him to embark on a journey toward revolutionizing the field of automotive security research. During his bachelor’s and master’s programs, he delved into the world of penetration testing and explored the vulnerabilities in entire vehicles.
In addition to his contributions towards penetration testing of automotive systems, Dr. Weiss has also been actively involved in developing open-source penetration testing frameworks for automotive systems such as the revolutionary Scapy.
Enrico has worked as an automotive penetration tester since 2016. Together with Nils Weiss, he built the automotive security research lab at the OTH Regensburg and worked with several automotive manufacturers and insurance companies to find vulnerabilities and build exploit demonstrations.
