Back to All Events

ONLINE


  • Online United States (map)

HUNTING ZERO-DAYS IN EMBEDDED DEVICES - FROM ELECTRICAL PINS TO ROOT SHELLS

3 Days ONLINE Training

28 July 2023 09:00 AM - 30 July 2023 05:00PM
Timezone: USA Pacific Time (Pacific Daylight Time, PDT, GMT - 7)

 

COURSE DESCRIPTION

Hunting Zero-Days in Embedded Devices is a unique, hands-on training course that teaches students how to find and exploit vulnerabilities in embedded devices such as routers, cameras, industrial devices, televisions, microcontrollers, automotive, etc.

As a student, you will be taught the essential tips and tricks on how to debug an embedded device and extract firmware, and you will also be taught some exploitation techniques for ARM and MIPS. But the main aim of this course is to provide students with the necessary knowledge to find a zero day vulnerability in a device and exploit it.

The course will go in depth into several classes of vulnerabilities, with practical exercises on real and emulated devices of different CPU architectures. Each vulnerability class will be described, studied and then exploited in a variety of different ways.

Students will be given unique and publicly unknown tips from the trainers, which have a proven and public track record of finding and exploiting hundreds of zero days in embedded devices and other commercial products, as well as winning several prizes in Pwn2Own competitions.

Have you ever wondered how real hackers are finding and exploiting vulnerabilities in embedded devices? Would you like to include those methodologies into your own product security testing? Are you an enthusiast that loves taking things apart, understanding and breaking them? Or are you a security specialist in another area that wants to dip your toes into embedded device hacking?

If you answered yes to any of the above, this is the right course for you.

There are many hardware hacking and exploit development courses in the market. But none of them provide a full top down view of how to find, understand and exploit vulnerabilities in embedded devices.

This course aims to bridge the gap between hardware hacking and exploitation, giving students the necessary knowledge they need to become product security experts, embedded device reverse engineers and / or vulnerability researchers.

Our mottos are “NO FAKE VULNS” and “PoC || GTFO”!

Course Outline  

Day 1: Hardware Hacking and Firmware Extraction

On the first day of the course, students will be introduced to embedded devices, which are omnipresent these days, and how to open, access and understand the hardware that they run on. Students will have an opportunity to experiment with different techniques for hardware analysis, firmware extraction and control. We will give detailed and high quality live demos on real hardware, with training exercises conducted on logs, captures and firmware extracted from these devices.

  • Course Introduction

  • Embedded Device Landscape

  • Intro to Hardware Hacking, Hardware / Software Tools and Storage Media

  • Identifying and Making Use of Debug Interfaces (UART, JTAG, etc.)

  • Analysing Analog and Digital Signals

  • NOR Flash Firmware Extraction

  • NAND Firmware Extraction

  • eMMC Firmware Extraction

 

Day 2: Firmware Analysis and Emulation

The second day of the course focuses on understanding how embedded devices work with regards to their firmware. Common and advanced techniques for analysing firmware will be shown, as well as approaches to identifying suitable targets for exploitation. The day will finalise with an introduction to vulnerability discovery and exploitation, which is the main focus of the third day.

  • Introduction to MIPS and ARM

  • RTOS: Loading and Analysing

  • Embedded Device File Systems and Formats

  • Emulating and Debugging Firmware

  • Knowing Your Target (Reconnaissance)

  • Embedded Device Fuzzing

  • Introduction to Vulnerability Hunting

 

Day 3: Finding and Exploiting Vulnerabilities

On the third and final day, we go full on into how we discover and exploit vulnerabilities. We will teach a generic approach and techniques that can be applied to any target, but focusing our efforts on common vulnerability classes in embedded devices which lead to remote code execution. The vulnerabilities will be exploited on emulated devices, which behave in (almost) exactly the same way as real devices.

  • Buffer and Integer Over / Underflows

  • Owning Parsers

  • Directory Traversal

  • Information Leaks and Logic Flow Bypasses

  • Command Injection

  • Insecure Configuration, Hardcoded Accounts and Backdoors

 

What a Typical Day Looks Like

  • 55% Practical hands on exercises in real and emulated hardware

  • 40% Theory

  • 5% Live demonstrations of advanced techniques

 

Requirements

  • We recommend you use a Linux operating system, but are free to use any other OS as long as you have the latest version of Ghidra (https://ghidra-sre.org).

  • A high speed, stable Internet connection.

  • Camera and microphone.


Warning

This is an Intermediate level course. You are not required to have experience in vulnerability discovery, exploitation or hardware hacking.  

However we recommend knowledge in the following topics:

  • Linux command line

  • Python and / or Ruby scripting

  • Assembly language (x86 or any other architecture)

  • Basic understanding of buffer overflows and common security vulnerabilities

  • Basic working proficiency with Ghidra or IDA Pro

The course will be difficult at times, but the trainers will make sure no-one is left behind. 

 

Embrace the lifestyle of a vulnerability researcher, where one minute you are crying out of desperation and the other you are jumping around because you just owned your target!

  

Important Note

We cannot accept students from Russia, North Korea, Cuba, Syria, Iran or any other US or EU sanctioned country. We reserve the right to cancel your training at any time for non-compliance reasons.


Previous
Previous
21 May

Offensivecon23

Next
Next
30 November

ONLINE