"The growth of the events (conferences, trainings, webinars) dedicated to hardware security demonstrates a positive impact on the communities which are brought together (academics, hacking scene, infosec professionals…) and I have always been very thankful to the Hardwear.io team for making all this possible.
All these years, I have been participating as a speaker or an attendee and Hardwear.io (especially the NL conference) is an event I wait for and I cannot miss. The lineups are always amazing, and as a hardware and radio security enthusiast, I am interested in 100% of the talks, which is kind of unusual in other events. More importantly, I met people which are both among the best in their technical fields and very kind and open minded persons. The spirit and the scale of the event gives the opportunity to reach people and the time to exchange views."
by José Lopes Esteves, ANSSI
"This past week I attended the hardwear.io - Hardware Security Conference and Training on Advanced Microcontrollers Firmware Exploitation. The instructors, Alexander Bolshev & Tao Sauvage were beyond excellent. This conference helped further my knowledge and understanding of how to conduct non-invasive exploitation methods (buffer overflows, fuzzing, bootloader vulnerabilities, & much more). The material taught was very understanding with plenty of time to complete the labs. The instructors were extremely helpful when a topic was unclear and answered every question with ample knowledge. I have left this conference with much more knowledge than I had before. I highly recommend a hardwear.io - Hardware Security Conference and Training to anyone who wants to further their knowledge on the latest exploitation methods."
by Layne Magee
"Really great training, thank you very much! I particularly enjoyed the hands-on parts (attacking the PLC and the RF capture/replay)."
by Tim auf der Landwehr, Fox-IT
"Everything was genuinely great! I am really satisfied, learned a lot, had fun and will definitely recommend it to anyone who is interested. Thank you!"
by Ben Burkatovsky
"Software-Defined Radio is a very complex topic and the four day training offered by Sébastien covers nearly all aspects of SDR applied against physical intrusion systems. The training was well structured and Sébastien was a great instructor who explained all aspects of the training from both a theoretical and a practical perspective, ensuring that all participants understood the subject. He also explained how to solve all those tricky cases very professionally and patiently, giving us various hands-on exercises laying emphasis on the real world targets. I believe the training was very useful as it will help us in our daily work and enables us to further explore the realm of RF and SDR. I would highly recommend this training to other security professionals be it someone in comms security, Redteam or an SDR enthusiast!"
by Appar Thusoo
"The online course on side-channel attacks by Stjepan and Lejla, which was held in the Spring of 2021, and organized by Hardwear.io, was a great learning experience. Not only were the theoretical topics covered in a pedagogical manner, but the provided Python code for performing classical side channel analysis as well as more advanced techniques in the realm of machine and deep learning, has shown to be invaluable in the aftermath for self study and further exploration and experimentation. They have also been very helpful if I had any questions after the course was finished, issues that arise once you delve deep into the material on your own. Another positive note is that the virtual classroom worked surprisingly well. I would highly recommend this course if you are looking for a lab-oriented covering of classical and modern (read: machine learning and deep learning) side channel analysis Approaches."
by Tomas S
"The online training given by Olivier Thomas at Hardwear.io about IC Reverse Engineering & Code Dump reaches two main goals : pedagogy & in-depth knowledge about how to efficiently identify integrated circuit parts and how to reverse engineer them. I highly advise this training for any risk analyst that should take in account in-depth attacks."
by Mohammed Ismail, CSEM
"I have 20+ years of experience in ASIC development and testing, and took the course IC Reverse Engineering & Code Dump by Olivier Thomas to get an insight in doing my previous work, but in reverse. It was clear from the first day of the course that Olivier is very experienced and knows what he is doing, and he proved to be an excellent tutor. The course was well planned out to work as a remote session and covered everything from sample preparation, transistor reverse engineering basics, reverse engineering of more complex cells as well as giving a great overview in the required next steps to analyze an ASIC design. In the four days of the course, Olivier also provided lots of useful tips and hints of many common pitfalls that I can’t see that I would have learned from someone that didn’t have the experience that Olivier has. I would have happily spent another four days to soak in even more of all the details."
by Björn Ärleskog
"I’m a device penetration testing team manager. The information provided by Olivier Thomas at Hardwear.io were of really high quality and really acted as an eye opener. Even though I won’t be using the techniques directly, I highly enjoyed the training and have found useful information for risk evaluation while studying new devices."
by Simon Gillet
"Eric's Ghirdra training was great. The content was very well structured and the hands-on exercises really pushed you to learn quickly. The event organization was flawless, one can see that the Hardware.io team has gathered lots of experience. I'm definitely looking forward for my next training session."
by Pablo Endres, SevenShift GmbH
"Outstanding training. The labs are very well organized, very easy to use, in a cloud environment. The trainers are always willing to give help, and also they provide us with videos explaining how to solve some particular exercise.
Each lab is a docker container, and the different boot images are emulated using Qemu. In order to solve the labs you need to analyze the serial output obtained in the boot process, maybe do some modification in the image using an hex editor, to do the reversing we used Ghidra, and we also did some debugging and memory patching using gdb.
The slides explain the structure and different configurations of the boot process in embedded devices, how Secure Boot works, some cryptographics principles related to Secure Boot, and also more advanced techniques like fault injection and glitching attacks are covered.
Also in the exercises Secure Boot attacks are covered and fault injection and glitching attacks are emulated using Python scripts. It was a great experience for me. I’ve learned a lot of new things."
by Damian A. Ulanowicz