Applied Physical Attacks on Embedded & IoT Systems: 3-Day Course (Abu Dhabi, United Arab Emirates - October 13-15, 2019)

Thursday, 12. September 2019 13:15

Dublin, Sept. 12, 2019 (GLOBE NEWSWIRE) -- The "Applied Physical Attacks on Embedded and IoT Systems" training has been added to ResearchAndMarkets.com's offering.

This course introduces and explores attacks on several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience implementing and deploying a number of low-cost hardware devices to enable access, privilege, and deception which is in some cases imperceptible from the software.

The course has several modules. Each begins with an architectural overview of an interface and follows with a series of labs for hands-on practice understanding, observing, interacting with, and exploiting the interface, finishing with either potentially exploitable crashes or directly to root shells.

The extended 3rd day will dive deeper into some more difficult scenarios. Depending on time and interest, we'll get JTAG up and running on a black-box target, we'll get bits of firmware running inside an emulator, and we'll talk more about black-box analysis of boards, interfaces, and components.

This course targets a MIPS-based network router, and multiple ARM-based mobile and IoT devices. Together they are representative of a wide range of embedded devices that span consumer electronics, medical devices, industrial control hardware, and mobile devices. While there are many shared concepts and tools, the content of Applied Physical Attacks on x86 Systems stands on its own and is more relevant to fully-featured desktops, servers, and laptops.

Who Should Attend?

This course is geared toward pen testers, developers and others with a security background who wish to learn how to take advantage of physical access to systems to assist and enable other attacks.

Prerequisites

No hardware or electrical background is required. Computer architecture knowledge and low-level programming experience helpful but not required.

Familiarity with Linux command line allows students to focus on the tools being used instead of struggling with the command line itself.

Hardware & Software Requirements

To avoid the thrash of compatibility, software installation, virtual machines, and bootable images, attendees will be provided with all equipment for use during the class, including laptops preconfigured with all necessary software.

Bring:

  • Your own favored writing instrument, keyboard, and mouse if you have strong preferences (otherwise provided)
  • USB drive to take home copies of course files
  • Your own laptop if you prefer to use it for note-taking and internet access

Agenda

UART:

  • Background: UART History, Architecture, and Uses
  • UART Lab 1: Connecting to a known UART
  • UART Lab 2: Identifying and analyzing an unknown UART
  • UART Lab 3: Escalating and persisting UART privilege

JTAG:

  • Background: JTAG History and Purpose
  • JTAG Lab 1: Hardware and Software Setup
  • JTAG Lab 2: Escalating Privilege via Kernel
  • JTAG Lab 3: Escalating Privilege via a Process

SPI:

  • Background: Flash storage and the SPI interface
  • SPI Lab 1: Accessing Flash from software
  • SPI Lab 2: Sniffing and Parsing SPI
  • SPI Lab 3: Dumping SPI from Hardware
  • SPI Lab 4: Firmware Analysis

Firmware:

  • Background: More types of Flash, Storage, and Firmware
  • Firmware Lab 1: Dumping Firmware from Software
  • Firmware Lab 2: Manipulating firmware images
  • Firmware Lab 3: Finding software bugs in firmware

Advanced (day 3 as time permits):

  • Background: Black-Box Analysis of Hardware
  • Advanced Lab 1: Identify a new system and configure a toolchain for it
  • Advanced Lab 2: Taking embedded binaries to an emulator
  • Advanced Lab 3: Identify unknown chips and protocols

For more information about this training visit https://www.researchandmarkets.com/r/4fm0z1

Research and Markets also offers Custom Research services providing focused, comprehensive and tailored research.

CONTACT: ResearchAndMarkets.com
         Laura Wood, Senior Press Manager
         press@researchandmarkets.com
         For E.S.T Office Hours Call 1-917-300-0470
         For U.S./CAN Toll Free Call 1-800-526-8630
         For GMT Office Hours Call +353-1-416-8900

Primary Logo

Related Links: 
Author:
Copyright GlobeNewswire, Inc. 2016. All rights reserved.
You can register yourself on the website to receive press releases directly via e-mail to your own e-mail account.