On This Page

Applied Physical Attacks on x86 Systems

Joe FitzPatrick, SecuringHardware.com | July 30-August 2


This course introduces and explores attacks on several different relatively accessible interfaces on x86 systems. Attendees will get hands-on experience implementing and deploying a number of low-cost hardware devices to enable access, privilege, and deception which is in some cases imperceptible from software.

The course has several modules: USB, SPI/BIOS, I2C/SMBus, PCIe, and JTAG. Each begins with an architectural overview of an interface, and follows with a series of labs for hands-on practice understanding, observing, interacting with, and exploiting the interface, finishing with either potentially exploitable crashes or directly to root shells.


USB Overview
  • USB Lab 1: Mapping out USB
  • USB Lab 2: Sniffing and Parsing USB
  • USB Lab 3: Attacking via USB
  • USB Lab 4: Fuzzing via USB

SPI Overview
  • SPI Lab 1: Dumping SPI from Software
  • SPI Lab 2: Sniffing and Parsing SPI
  • SPI Lab 3: Dumping SPI from Hardware
  • SPI Lab 4: Firmware Analysis

SMBus Overview
  • SMBus Lab 1: Mapping out SMBus
  • SMBus Lab 2: Sniffing and Parsing SMBus
  • SMBus Lab 3: Attacking SMBus as a Master
  • SMBus Lab 4: Attacking SMBus as a Slave

PCIe Overview
  • PCIe Lab 1: Mapping out PCIe
  • PCIe Lab 2: Dumping and Analyzing Memory
  • PCIe Lab 3: Bypassing Authentication

JTAG Overview
  • JTAG Lab 1: Hardware and Software Setup
  • JTAG Lab 2: Escalating Privilege via Kernel
  • JTAG Lab 3: Escalating Privilege via a Process

Who Should Take this Course

This course is geared toward pen testers, developers and others with a security background who wish to learn how to take advantage of physical access to systems to assist and enable other attacks.

Student Requirements

No hardware or electrical background is required. Computer architecture knowledge and low-level programming experience helpful but not required.

What Students Should Bring

Students should bring their own laptop for internet access for researching material. All equipment, including configured laptops, will be provided.

What Students Will Be Provided With

All equipment, including laptops, are provided for use during the class. Attendees get printed lab manuals and slides, plus all of the software used in the course.


Joe FitzPatrick (@securelyfitz) is an Instructor and Researcher at https://SecuringHardware.com. Joe has spent over a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He has spend the past 5 years developing and leading hardware security related training, instructing hundreds of security researchers, pen testers, hardware validators worldwide. When not teaching Applied Physical Attacks on x86 Systems, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.