TRAINER: ANDRÁS KABAI
/ Cyber Security Services – Deloitte Hungary
András works for Deloitte’s Cyber Risk Services. He has over 15 years of professional penetration testing background, he has a special focus on hardware hacking and automotive security. His interest in hardware security is coming from his studies in electronics, DIY and hobby projects, reversing and hacking. He is the designer and lecturer of custom car hacking and hardware hacking training programs (including custom electronics, PCBs, simulated ECUs) made for different Automotive OEMs and other clients. Andras established and leading Deloitte Hungary’s hardware hacking service line and he is also responsible for the cyber practice’s car hacking services. He and his team delivered hardware hacking projects worldwide and have clients from Automotive, IoT and FSI sector.
Underlying hardware is often the forgotten weak point of systems, which are otherwise considered secure. This makes the hardware a valuable target for attackers and this is why it is important to be aware of potential related issues and vulnerabilities. Whether you are on blue team or red team side, you can benefit from this class and develop your skills to understand your target, analyze and interface with its communication channels, manipulate the electronics, identify and to exploit issues.
In this three-day comprehensive class, we will cover the tools, reverse engineering and hacking techniques commonly used in the hardware hacking process. The training contains lectures, however the main focus will be on the practical hands-on exercises. During the lab exercises, you will work on a custom hardware hacking training badge (which you can keep after the class) and other COTS devices.
The course contains a final hardware hacking challenge, where trainees have to apply what they have learned, to find weaknesses in the targeted system and to circumvent the applied security implementation. No electrical background or hardware hacking experience is required. The main aim of the training and the tailored agenda is to provide valuable hardware hacking knowledge to trainees, even in a limited timeframe.
Topics covered, but not limited to:
- Product teardown and component identification
- Data sheets
- PCB reverse engineering
Signal measuring / analysis, tools and techniques
- Logic analyzer
Soldering and desoldering
Generic communication interfaces and buses (analysis, manipulation, attack)
Identifying and using debug interfaces (debugging, coding, firmware extraction)
Interfacing and manipulating external memory chips (extraction, manipulation, attack)
Basic side channel and fault injection attacks
- Power glitching
- Timing attacks
Typical issues and pitfalls in HW security
Using combination of SW/HW tools to attack hardware
Hardware hacking challenges for different topics
WHO SHOULD TAKE THIS COURSE
- Penetration testers who want to open to hardware hacking
- Security professionals who want to build hardware hacking skills
- Red team members with embedded/IoT/other electronic components in focus
- Bug hunters who want to find vulnerabilities in IoT or embedded systems
- Embedded / IoT developers
- Embedded / IoT security enthusiasts
- Anyone interested in hardware hacking
- No electrical background or hardware hacking experience is required.
- Generic knowledge on digital electronics, MCUs, prototyping platforms (e.g. Arduino) are helpful, but not necessary.
- Expect to make simple code (with every help and guidance) in C, Python or other script languages.
WHAT STUDENTS SHOULD BRING
Students must bring their own laptop with administrative access and containing fully functional USB, Ethernet and WiFi interfaces. The laptop must be prepared to run VMWare virtual machine (min. 30GB HDD, 4GB RAM).
WHAT STUDENTS WILL BE PROVIDED WITH
- Training slides
- Custom hardware hacking training badge (one for each participant to keep)
- Linux virtual machine, prepared for the hands-on exercises
- Every necessary tool and equipment (e.g. multimeter, logic analyzer, soldering iron, interfaces, electronic components, breadboard, cables) during the course, for the hands-on exercises