The first day of this course will take a look at the embedded systems landscape, the different types of devices, various industries which use them, and some common embedded hardware and software platforms. While there are several different types of embedded systems, there are certain commonalities that are important to point out. Firmware layout will be covered in-depth, allowing you to understand the popular ways in which firmware is constructed, such that you can apply that knowledge to all different types of devices. We will also run labs to analyze firmware components and run firmware in emulation mode; setting you up to do some further analysis.
Module 1: What is an embedded system?
- Examples of embedded systems in various categories
- Why we should care about embedded systems security
- Anatomy of Embedded Systems Vulnerabilities & Attacks
- Attack Examples
Module 2: What is firmware?
- Examples of various embedded systems firmware and operating systems
- Firmware layout and operating systems
- Introduction to binwalk
- Lab #1.1: Obtaining & Analyze Firmware (binwalk)
- Embedded Systems Hardware Overview
- Embedded Processors Overview
- Homework: Download Firmware From The Internet and Analyze The Structure
Module 3: Analyzing Firmware Offline
- Running Firmware in Emulation
- Introduction to Qemu
- Lab #3.1: Running OpenWrt in Qemu
- Introduction to the Firmware Modification Toolkit
- Lab #4.1: Using The Firmware Modification Toolkit
- "Scanning" Embedded Systems
- Lab #5.: Nmap Scanning Embedded Systems
- Discovering Authentication Backdoors Lab
- #6: Scan live targets!
- Homework: Scan an Embedded System You Own (or have permission to scan)
Day 2 of this course will focus on more in-depth means of vulnerability identification. We will review some of the common file system types and extract them from firmware. Mounting the file system is the first step, as once mounted you will learn ways in which to discover more vulnerabilities and information about the device. Building on your skills learned in this course we will extract and run binaries from the firmware. Web applications will also be covered, allowing the students to learn and develop attacks specific to web applications running on embedded systems. The day will come to a close with a discussion of defensive techniques organizations and vendors can implement to apply more security to embedded systems.
This day will include several "Capture the flag" exercises, applying what you learned in Day 1! (Complete with prize giveaways!)
- Analyzing Firmware: More In-Depth
- Embedded System Filesystem Types
- Extracting & Mounting File Systems
- Lab #2.1: Locating, Extracting, File Systems
- Finds binary files from firmware
- Extracting binaries from firmware
- Building the environments for binaries
- Lab #2.2: Locating, Extracting & Running Binaries
- Updating Firmware
- Embedded Systems Hardening
- Authentication Management
- Common Embedded Systems Protocols (Attack & Defense)
- Review the "Top Ten Embedded Systems Security Elements"
Knowledge and Experience with Linux-based Operating Systems. No really, we are serious about this one. If you are not familiar with using the Linux command line (Bash), editing files in Linux (vi is the editor), you may want to consider taking other courses that teach these skills before taking this course. Having familiarity with embedded systems hardware, firmware constructs, and scripting languages is helpful, it is not a requirement. However, in order to learn about embedded systems, you must have familiarity with Linux, as the embedded systems covered in this course will primarily run Linux, and given the small environment we have to work with, the most basic set of Linux tools is all that is available to us.
Basic knowledge of TCP/IP and various common protocols (Such as HTTP, TELNET, etc.)
VMware Player or VMware Workstation is required for the class. If you plan to use a Macintosh, please make sure you bring VMware Fusion.
Windows
The course includes a VMware image file of a guest Linux system that is larger than 2 GB. Therefore, you need a file system with the ability to read and write files that are larger than 2 GB, such as NTFS on a Windows machine.
IMPORTANT NOTE: You will also be required to disable your anti-virus (or any other host-based protection) tools temporarily for some exercises, so make sure you have the anti-virus administrator permissions to do so. DO NOT plan on just killing your anti-virus service or processes because most anti-virus tools still function even when their associated services and processes have been terminated. For many enterprise-managed clients, disabling your anti-virus tool may require a different password than the Administrator account password. Please bring that administrator password for your anti-virus tool.
Enterprise VPN clients may interfere with the network configuration required to participate in the class. If your system has an enterprise VPN client installed, you may need to uninstall it for the exercises in class.
VMware
You will use VMware to run a Linux operating system simultaneously when performing exercises in class. You must have either the free VMware Player 3 or later or the commercial VMware Workstation 6 or later installed on your system prior to coming to class.
Alternatively, if you want a more flexible and configurable tool, you can download a free 30-day trial copy of VMware Workstation. VMware will send you a time- limited license number for VMware Workstation if you register for the trial at their Web site. No license number is required for VMware Player.
We will give you a USB full of attack tools to experiment with during the class and take home for later analysis. We will also provide a Linux image with all of our tools pre-installed that runs within VMware Player or VMware Workstation.
Linux
You do not need to bring a Linux system if you plan to use our Linux image in VMware. However, you are required to bring VMware Workstation or VMware Player. The class does not support VirtualPC or other non-VMware virtualization products.
Mandatory Laptop Hardware Requirements
- x86- or x64-compatible 1.5 GHz CPU Minimum or higher
- DVD Drive (not a CD drive)
- A usable USB port (This is important, USB drives will be used to distribute the VM required for class!)
- 2 GB RAM minimum with 4 GB or higher recommended
- Ethernet adapter (A wired connection is required in class. If your laptop supports only wireless, please make sure to bring an Ethernet adapter with you.)
- 5 GB available hard drive space
- During the workshop, you will be required to connect to a network with your classmates (which could be one of the most hostile networks on planet Earth!) Your laptop might be attacked, despite our script warnings that students refrain from this activity. Do not have any sensitive data stored on the system.
By bringing the right equipment and preparing in advance, you can maximize what you'll see and learn as well as have a lot of fun.
