HUNTING ZERO-DAYS IN EMBEDDED DEVICES - FROM ELECTRICAL PINS TO ROOT SHELLS

COURSE DESCRIPTION

Hunting Zero-Days in Embedded Devices is a unique, hands-on training course that teaches students how to find and exploit vulnerabilities in embedded devices such as routers, cameras, industrial devices, televisions, microcontrollers, automotive, etc.

As a student, you will be taught the essential tips and tricks on how to debug an embedded device and extract firmware, and you will also be taught some exploitation techniques for ARM and MIPS. But the main aim of this course is to provide students with the necessary knowledge to find a zero day vulnerability in a device and exploit it.

The course will go in depth into several classes of vulnerabilities, with practical exercises on real and emulated devices of different CPU architectures. Each vulnerability class will be described, studied and then exploited in a variety of different ways.

Students will be given unique and publicly unknown tips from the trainers, which have a proven and public track record of finding and exploiting hundreds of zero days in embedded devices and other commercial products, as well as winning several prizes in Pwn2Own competitions.

Have you ever wondered how real hackers are finding and exploiting vulnerabilities in embedded devices? Would you like to include those methodologies into your own product security testing? Are you an enthusiast that loves taking things apart, understanding and breaking them? Or are you a security specialist in another area that wants to dip your toes into embedded device hacking?

If you answered yes to any of the above, this is the right course for you.

There are many hardware hacking and exploit development courses in the market. But none of them provide a full top down view of how to find, understand and exploit vulnerabilities in embedded devices.

This course aims to bridge the gap between hardware hacking and exploitation, giving students the necessary knowledge they need to become product security experts, embedded device reverse engineers and / or vulnerability researchers.

Our mottos are “NO FAKE VULNS” and “PoC || GTFO”!

RomHack24
Sep
24
to 27 Sep

RomHack24

HUNTING ZERO-DAYS IN EMBEDDED DEVICES - FROM ELECTRICAL PINS TO ROOT SHELLS

4 Days Onsite

by Pedro Ribeiro & Radek Domanski

View Event →
Munich24
Dec
1
to 31 Dec

Munich24

HUNTING ZERO-DAYS IN EMBEDDED DEVICES - FROM ELECTRICAL PINS TO ROOT SHELLS

4 Days Onsite

by Pedro Ribeiro & Radek Domanski

View Event →
ONLINE
Nov
30
to 3 Dec

ONLINE

HUNTING ZERO-DAYS IN EMBEDDED DEVICES - FROM ELECTRICAL PINS TO ROOT SHELLS

4 Days

by Pedro Ribeiro & Radek Domanski

View Event →
ONLINE
Jul
28
to 30 Jul

ONLINE

HUNTING ZERO-DAYS IN EMBEDDED DEVICES - FROM ELECTRICAL PINS TO ROOT SHELLS

3 Days

by Pedro Ribeiro & Radek Domanski

View Event →

Testimonials

  • Awesome training. Keep up the good work !

    Munich 2022

  • The course was super interesting and engaging! I feel that I gained a lot of value from the course overall, especially with respect to working with the hardware side of things, and with techniques for vulnerability hunting. It was nice how eager Radek and Pedro were to answer all questions. The course was a good level of difficulty, and Radek and Pedro were accommodating of those who moved at faster and slower paces. It's a shame that we didn't have enough time to finish the final couple of exercises, but I'm glad we got an overview of them. Thanks for the training!

    Munich 2022

  • I enjoyed the course and meeting you get much. I wish I could hang out with you both more!

    Munich 2022

  • Excellent quality training materials - slides pair well with instructors presenting. (The instructors don't just simply read slides verbatim). It's really fun knowing that the exercises are from real world vulnerabilities (No Fake Vulns!). The material covers a lot of topics and gives enough information to begin doing reverse engineering, while also giving students enough knowledge to research the nuances of any specific topic in greater depth outside of the course.

    Online 2023

  • The single greatest embedded vulnerability research course ever. My reverse engineering skills and confidence have risen dramatically. I cannot wait to apply the skills I have learned here to real-world applications and hone them even further. Pedro and Raek are fantastic instructors and made the experience phenomenal.

    Online 2023

  • This is by far the best embedded device hacking course I have participated. The whole concept / atmosphere is excellent! Also the part where trainer are challenging students to try harder is exactly how it should be.st Item

    OffensiceCon 2023

Past Events

  • Online Edition - November 2023

  • Online Edition - July 2023

  • OffensiveCon, Berlin, Germany - May 2023

  • FlashbackCon, Munich, Germany - November 2022

  • HardwareIO, Santa Clara, CA, USA - June 2022

  • TyphoonCon, Seoul, South Korea - June 2022