This 4-day training is focused on learning fault injection techniques using our own pulse generator - Raiden (open sourced during Black Hat Asia 2020). We build it, we know it inside out, and we can share this knowledge with students. During training we want to teach you not only how to use Raiden but also how to apply gained knowledge for real attack scenarios. We want to show you attack vectors like: Voltage glitching, Electromagnetic Field Injection. You will learn how to build test setup, trigger fault injection attacks on UART/USB packets. Labs will include real CVEs reported in 2020 by us.
NXP 11xx series, STM32CubeX Microcontrollers
Note: Labs will be available remotely via VPN access. Students will have chance to work with advanced devices and configurations in order to solve provided challenges and tasks. Labs will include real vulnerabilities with CVEs that trainers found during they research work. This will give students necessary skills to start their own hardware research journey after training and ability to reuse gained skills
Grzegorz Wypych is a 37 year old security researcher, tool inventor, speaker at hardwear.io, SecurityPWNing - Poland. He specializes in reverse engineering binaries and fault injection attacks. He is the author of blogs on securityintelligence.com, reporting 0-day vulnerabilities for IoT devices. Before joining X-Force Red, he worked as a Software Developer and Network Engineer/Architect.
Adam Laurie is an old school hacker, DEF CON Quartermaster who specializes in embedded systems and OTA protocols. He also runs the hardware live hacking contest called Hardpwn at hardwear.io