Hacking Firmware & Hardware: Software Exploitation Via Hardware Exploitation
Overview
"Software Exploitation via Hardware Exploitation" is an intensive hands-on course covering tools and methods for manipulating, modifying, debugging, reverse engineering, interacting with, and exploiting the software (firmware) and hardware of embedded systems. These embedded systems include COTS "IoT ("Internet Of Things") products (such as routers, webcams, etc) and Industrial/Enterprise devices. Participants will gain hands-on experience with real-world devices and products, learning to interface with them on a low level. Participants will also be walked through the process of finding several of the 0-day found and disclosed by the instructors. Found to be vulnerable in millions of devices worldwide.
Some skills taught include:
Bus spying, tampering, spoofing, injection on simple serial interfaces like UART, SPI, I2C and others
Finding, identifying, analyzing, and interfacing with JTAG, Serial, and other interfaces
Configuring, Interfacing, Using, Misusing, and Abusing JTAG for reverse engineering, manipulation, and exploitation
Writing your own simple shellcode to successfully exploit IoT and embedded devices.
Non-destructively extracting firmware via software, JTAG and serial interfaces
Invasively extracting firmware by directly accessing or physically removing flash storage
Parsing, extracting, and analyzing firmware images
Manipulating firmware images to embed backdoors or other functionality
Binary analysis of executables on firmware to enable software exploitation
A COMPLETE CLASS SYLLABUS IS AVAILABLE ON: http://sexviahex.com
Students will get hands-on experience with tools like:
USB serial cables
Bus Pirate
The Shikra JTAG interface
Logic Analyzers
Multimeters
JTAGULATOR
OpenOCD
UrJtag
GDB
IDA
Who Should Take this Course
Penetration Testers, Forensic Investigators, reverse engineers, software security auditors/analysts, software exploitation engineers, "Makers", Tinkerers, Developers, IT Professionals, Mobile Developers, Hackers, jail breakers, and anyone interested.
Student Requirements
No prior experience with hardware based exploitation necessary.
Novice or Intermediate software exploitation experience recommended (ARM, x86, etc.)
Familiarity with IDA or disassemblers recommended.
Understanding of software development, executable file formats, and debuggers recommended.
Familiarity with assembly (ARM, x86, etc) recommended.
Novice to Intermediate knowledge of a powerful scripting language required (Ruby, Python, Java, etc.)
Familiarity with C and C++ recommended.
What Students Should Bring
Laptop with:
Wireless and wired connectivity
4+ gb of RAM
3+ usb ports or a reliable USB hub
VMWare player or workstation
Patience (hardware can be hard ;-)
What Students Will Be Provided With
Students will be provided with a Lab manual and USB drive with the virtual machine and all software installed. Each student will be provided a lab kit for the duration of the class containing target embedded systems including wireless routers, NAS devices, android tablets, and embedded development boards, as well as tools for identifying and interfacing with test, debug, and peripheral interfaces including serial cables, bus pirates, logic analyzers, multimeters, jtag adapters, etc.
Students will receive their own hardware to take home after the course.
A COMPLETE CLASS SYLLABUS IS AVAILABLE ON: http://sexviahex.com
Trainers
The Senrio Research Team cumulatively has decades of experience in software/hardware reverse engineering and exploitation. The team is responsible for finding and disclosing numerous public and private critical vulnerabilities in software and embedded devices. The Senrio Research Team's device vulnerability disclosures have been found to effect millions of devices worldwide. Along the way the team has written and edited several seminal books and pioneered exploitation techniques . The team largely comes from Xipiter LLC which developed the industry renown courses SexViaHex.com and ARMExploitation.com which have sold out at every public offering (including Blackhat) for over five years!