Back to All Events

Offensivecon23


  • Hilton Hotel 30 Mohrenstraße Berlin, BE, 10117 Germany (map)

SOLD OUT! Check our other training dates.

COURSE OUTLINE

DAY 1: HARDWARE HACKING AND FIRMWARE EXTRACTION

On the first day of the course, students will be introduced to embedded devices, which are omnipresent these days, and how to access and understand the hardware that they run on. Students will have an opportunity to experiment with different techniques for hardware analysis, firmware extraction and control.

    • Course Introduction

    • Embedded Device Landscape

    • Intro to Hardware Hacking, Hardware / Software Tools and Storage Media

    • Identifying and Making Use of Debug Interfaces (UART, JTAG, etc)

    • Analysing Analog and Digital Signals

    • Firmware Extraction Techniques (Internal Flash, NOR, NAND, eMMC)

DAY 2: FIRMWARE ANALYSIS AND EMULATION

The second day of the course focuses on understanding how embedded devices work with regards to their firmware. Common and advanced techniques for analysing firmware will be shown, as well as approaches to identifying suitable targets for exploitation. We will present and practice ways to root a device, as well as teach you the power of emulation when a device is not present, or you wish to perform intrusive analysis which is difficult to do on-device.

    • Understanding Firmware

    • Bare Metal: Loading and Analysing

    • RTOS: Loading and Analysing

    • Embedded Device File Systems and Formats

    • Emulating and Debugging Firmware

    • Rooting Devices for Debug Access

DAY 3: FINDING AND EXPLOITING VULNERABILITIES - PART I

On the third day, we go full on into how we discover and exploit vulnerabilities. We will teach a generic approach and techniques that can be applied to any target, but focusing our efforts on common vulnerability classes in embedded devices which lead to remote code execution. The vulnerabilities will be exploited on actual physical devices, with emulation being used for certain unique devices which are very hard to acquire. 

    • Introduction to MIPS and ARM

    • Knowing Your Target (Reconnaissance)

    • Embedded Device Fuzzing

    • Introduction to Vulnerability Hunting

    • Buffer and Integer Over / Underflows

    • Owning Parsers

DAY 4: FINDING AND EXPLOITING VULNERABILITIES - PART II

On the fourth and final day, we continue our journey learning techniques and methodologies to find and exploit common vulnerabilities classes on embedded devices, with unique tips from the accumulated years of real world experience that the trainers have.

    • Directory Traversal

    • Information Leaks and Logic Flow Bypasses

    • Command Injection

    • Insecure Configuration, Hardcoded Accounts and Backdoors

    • Research Challenges and Ideas for the Future

WHAT A TYPICAL DAY LOOKS LIKE

  • 55% Practical hands on exercises in real and emulated hardware

  • 40% Theory

  • 5% Live demonstrations of advanced techniques

REQUIREMENTS

Please bring a laptop with a “bare metal” Linux install. We highly recommend Ubuntu 22.04+, Debian 11+ or the latest Kali Linux, unless you are very familiar with other distros and can fulfil the requirements below and fix problems yourself. Note that Linux really needs to be installed on the computer natively (either as the only operating system or as "dual boot").

This is a hard requirement, as the hardware tools we will be using do not work properly with Linux virtual machines. We will NOT BE ABLE TO HELP YOU if you encounter any problems and don’t have a native Linux installation. You have been warned!

Further requirements will be provided by email before the start of the course.

WARNING

This is an Intermediate level course. You are not required to have experience in vulnerability discovery, exploitation or hardware hacking.
However we recommend knowledge in the following topics:

    • Linux command line

    • Python and / or Ruby scripting

    • Assembly language (x86 or any other architecture)

    • Basic understanding of buffer overflows and other security vulnerability concepts

    • Basic working proficiency with Ghidra (preferably) or IDA

The course will be difficult at times, but the trainers will make sure no-one is left behind.

Embrace the lifestyle of a vulnerability researcher, where one minute you are crying out of desperation and the other you are jumping around because you just owned your target!

Next
Next
28 July

ONLINE