Please note: the training ticket does not include access to the conference. Similarly, the conference ticket does not grant access to the trainings. If you have any questions, reach out to us.

Training Objectives:

Students will learn about Software-Defined Radio applied against common physical intrusion systems (alarms, intercoms, various remotes, etc.), and IoT devices. This course provides basics, survival reflexes when testing real-world radio devices, and methods to go further. Compared to other courses that teach how to use public tools, this class is more about understanding how these tools work and also how to build proper tools to analyze and attack targeted systems. In the end, we will also see how to go further with an introduction to RF signal analysis instrumentation with help of Machine Learning and Deep Learning, and how to deal with radio emanations and EM side-channel attacks.

Training Overview

In this 3-day training, students will learn about Software-Defined Radio applied against standard physical intrusion systems (alarms, intercoms, various remotes, etc.), and IoT devices. This course provides basics, survival reflexes when testing real-world radio devices, and methods to go further. Compared to other courses that teach how to use public tools, this class is more about understanding how these tools work and also how to build proper tools to analyze and attack targeted systems. In the end, we will also see how to go further with an introduction to RF signal analysis instrumentation with the help of Machine Learning and Deep Learning, and how to deal with radio emanations and EM side-channel attacks.

This course is intended for any:

• pentesters who do not want to be limited by public radio tools
• developers who want to debug and test their wireless devices
• people curious about SDR and security
• security researchers

Training Detailed Description:

Day 1

Day 1 introduces important concepts in radio that will be important to learn or remind then we will explore what is possible to do with Software-Defined Radio today with current tools and their limits.
but also the constraints that we have to deal with in heterogeneous environments:

• Remindings of radio & SDR
  • Introduction with essential concepts to remember
  • Tools in radio
  • Software-Defined Radio
• Introduction of existing tools with SDR for reverse engineering + limits
• Introduction du GNU Radio Software-Defined Radio
• Processing in the chain
• Playing with GNU Radio samples

Day 2

Day 2 will put the student in the playground of Software-Defined Radio, where every idea can be written to be simulated and then concretized to realize receivers and transmitters depending on the chosen hardware breaking previous limitations:

• Practice with GNU Radio Companion to create your own tools:
  • Block schemas
  • Generators
  • Sinks and sources
  • Operators
  • Simulations
  • Use of Modules
  • Executing a block in a real SDR device
  • Listening to simple AM and FM signals
  • Transferring signal
  • Optimizing samples processing
  • Features to process samples
  • Creating your own block
• Modulating and demodulating analogic radio (AM & FM)
• Working fully with numeric radio (ASK/OOK, FSK, PSK, etc.)
• with some exotic communications to reverse

During this day, there will be more than 90% practice doing little projects to play with the GNU Radio framework until we dive into bigger projects.

Day 3

Days 3 resumes and applies previous chapters to study common IoT communications and brings useful tricks for Industrial and Red Team tests as well as pentests.

• Common sub-GHz Remotes
  • Introduction
  • Capturing data
  • Replaying saved samples
  • Analyzing samples (manually and with powerful tools)
  • Rolling codes security and ways to break it
• LoRa
  • Introduction
  • Detect used bands
  • Capture signal
  • Optimize the interception process
  • Decode data and payloads
  • Security of LoRa
  • Transmitting packets
• Bonus on emanations depending on time
  • TEMPEST
  • EM side-channel attacks
  • Applying ML/DL in these contexts

Other bonus, or discussed during coffee breaks:

• Devices using the mobile network (2G/3G/4G) and mobile protocol stack hacking
• Zigbee
• Wi-Fi
• RFID
• etc.

What to Expect? | Key Learning Objectives:

Hands-on radio captures, interacting with real signals, creating custom tools for specific communications, identifying technologies, reversing even exotic communications, and interacting with them.

Who Should Attend? | Target Audience:

• pentesters who do not want to be limited by public radio tools
• developers who want to debug and test their wireless devices
• people curious about SDR and security
• security researchers

What to Bring? | Software and Hardware Requirements:

• a laptop with at least 8 GB memory to run a tooled VM

What to Bring? | Prerequisite Knowledge and Skills:

• good basics in Linux
• basics in security are a plus
• knowledge of radio is a plus but not required, day 1 is here to make sure we are on the same page

Resources Provided at the Training | Deliverables:

• Tooled VM
• Captures to study later
• A RF kit capable of transmitting and receiving signals in full-duplex

ABOUT THE TRAINERS

Sébastien Dudek is a security researcher at Trend Micro and is also the founder of the PentHertz consulting company specialized in wireless and hardware security. He has been particularly passionate about flaws in radio-communication systems, and published researches on mobile security (baseband fuzzing, interception, mapping, etc.), and on data transmission using the power-line (Power-Line Communication, HomePlug AV) like domestic PLC plugs, as well as electric cars and charging stations. He also focuses on practical attacks with various technologies such as Wi-Fi, RFID, and other systems that involve wireless communications.