Radio Exploitation

HotWAN | August 2-3

On This Page


This course takes a software defined radio for hacking approach. Students will be able to intercept, demodulate, decode and reverse engineer RF signals as well as have the knowledge how to find and take advantage of vulnerabilities in systems that use RF. We will be targeting Smartphone and Embedded Radio technologies that include:

Day 1:

Day 2: For further questions, please contact:

Tactical Radio Exploitation

1. Conceptsa. RF vs Wifi vs Othersb. What/Where/Whyc. Testing

2. Introduction To Hardware and Termsa. Important Terms and Definitionsb. The Hardwarec. Capture the Signal

3. How Signals and Tactical Uses a. Detection b. Reconc. Fingerprinting

4. Toolsa. Capturing b. Generating c. Testing

This leads to specific use cases (GPS/WIFI/LTE/Drones)

The game "Capture the Signal" is a capture the flag type game with SDRs. Its suppose to drive home the concepts while offering a competitive environment. I plan on hands drills after every unit in the form of a new "Capture the Signal" challenge.

Who Should Take This Course

• Mobile Hackers
• Penetration testers
• Security professionals who work in critical infrastructure
• Mobile Security folks who want to take RF to the next level

Student Requirements

Mac, Linux, Windows experience helpful. Attendees bring their own laptops.

What Students Should Bring

We will be using iPads, Android Galaxy Smartphones and a variety of SDR equipment such as USRP N2xx and RTL-SDRs.

Participants should bring their own variety of lab smartphones / tablets and use at their own 'risk'. Though unlikely, one such risk is that your device may get 'bricked' in a lab exercise and may not function ever again. Caution will be given for specific labs.

For more seasoned mobile hackers, bring your already rooted / jailbroken devices to class.

Students are also encouraged to bring additional SDR hardware or target devices for show and tell. Often times, the trainers use a Mac Air, running Maverick, 8 Gig of RAM, with the latest VMFusion installed with Xcode. If you have a Mac, use the latest version of VMFusion.

Windows 7 and 8.x laptops are also supported with the latest version of VMWare.

Around 100 Gig of drive space is needed.

What Students Will Be Provided With

White Papers, Presentations, Tools, Images, lab exercises. Students receive a free RTL-SDR in class.The ThunderCell 2.x VM Image (a cutting edge mobile and radio hacking distribution) will also be provided.


Drew Porter (@IAmRedShift) Drew “RedShift" Porter is a Senior Security Analyst at Bishop Fox (formerly Stach & Liu). Drew’s current roles include preforming a wide range of RF security assessments, hardware security, and penetration tests of financial and critical infrastructure organizations. Drew’s background stems from developing offensive cellular and cognitive radio systems for DoD agencies, creating man-portable cellular communication platforms for DoD and DHS agencies, and leading cellular security research teams. Drew is a sought after speaker and instructor and has been quoted in multiple publications.

David Maynor is the Chief Scientist of Bastille Networks. Previously Mr Maynor was the CTO of Errata Security. In addition to RF research and development Mr. Maynor has a strong background in reverse engineering and exploit development to produce Hacker Eye View reports. Mr. Maynor has previously been the Senior Researcher for Secureworks and a research engineer with the ISS Xforce R&D team where his primary responsibilities included reverse engineering high risk applications, researching new evasion techniques for security tools, and researching new threats before they become widespread. Before ISS Maynor spent the 3 years at Georgia Institute of Technology (GaTech), with the last two years as a part of the information security group as an application developer to help make the sheer size and magnitude of security incidents on campus manageable. Before that Maynor contracted with a variety of different companies in a widespread of industries ranging from digital TV development to protection of top 25 websites to security consulting and penetration testing to online banking and ISPs.

Blake Turrentine