Training

19th - 20th Sept | 2 Days
Trainer
Joseph FitzPatrick
This course introduces and explores attacks on several different relatively accessible interfaces on x86 systems. Attendees will get hands-on experience implementing and deploying a number of low-cost hardware devices to enable access, privilege, and deception which is in some cases imperceptible from software.
The course has several modules. Each begins with an architectural overview of an interface, and follows with a series of labs for hands-on practice understanding, observing, interacting with, and exploiting the interface, finishing with either potentially exploitable crashes or directly to root shells.
Depending on allotted time, topic interest, and class pace, not all topics will be covered completely, but all materials are included for reference and individual practice.
This course targets an x86-based windows tablet and an x86-based development board. Together they are representative of a wide range of x86 platforms that span tablets, laptops, desktops, and servers. While there are many shared concepts and tools, the content of Applied Physical Attacks on Embedded Systems stands on its own and is more relevant to consumer electronics, medical devices, industrial control hardware, and mobile devices.
This course is geared toward pen testers, developers and others with a security background who wish to learn how to take advantage of physical access to systems to assist and enable other attacks. No hardware or electrical background is required. Computer architecture knowledge and low-level programming experience helpful but not required.
20% lecture
70% Lab
10% discussion
1. USB
2. BIOS and SPI
3. SMBUS
4. PCIe
5. JTAG
1. DRAM (planned for mid 2017)
2. SATA (planned for late 2017)
Joseph FitzPatrick (@securelyfitz)
Joseph FitzPatrick (@securelyfitz) has spent a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He develops and delivers hardware security training at https://SecuringHardware.com, including Applied Physical Attacks on x86 Systems. In between, he keeps busy with contributions to the NSA Playset and other misdirected hardware projects, which he presents at all sorts of fun conferences.