On This Page

Software Exploitation via Hardware Exploits

Xipiter | August 1-4


Software Exploitation via Hardware Exploits is a hands-on course covering tools and methods for manipulating, modifying, debugging, reverse engineering, interacting with, and exploiting the software and hardware of embedded systems. Participants will gain hands-on experience with real-world devices and products, learning to interface with them on a low level to perform tasks such as:

  • Bus spying, tampering, spoofing, injection on simple serial interfaces like UART, SPI, I2C and others
  • Finding, identifying, analyzing, and interfacing with JTAG, Serial, and other interfaces
  • Configuring, Interfacing, Using, Misusing, and Abusing JTAG for reverse engineering, manipulation, and exploitation
  • Non-destructively extracting firmware via software, JTAG and serial interfaces
  • Invasively extracting firmware by directly accessing or physically removing flash storage
  • Parsing, extracting, and analyzing firmware images
  • Manipulating firmware images to embed backdoors or other functionality
  • Binary analysis of executables on firmware to enable software exploitation
  • Perform simple Timing and Power side channel attacks on an embedded microcontroller
  • Harden baremetal firmwares against sidechannels

Students will get hands-on experience with tools like:

  • USB serial cables
  • Bus Pirate
  • JTAG Adapters
  • Logic Analyzers
  • Multimeters
  • OpenOCD
  • UrJtag
  • GDB
  • IDA


Who Should Take this Course

This course is geared towards software penetration testers, reverse engineers, security auditors/analysts, exploitation engineers, jail breakers, and developers would like to understand more about how hardware access can be leveraged to enable software exploitation.


Student Requirements

  • No prior experience with hardware based exploitation necessary.
  • Novice or Intermediate software exploitation experience recommended (ARM, x86, etc.)
  • Familiarity with IDA or disassemblers recommended.
  • Understanding of software development, executable file formats, and debuggers recommended.
  • Familiarity with assembly (ARM, x86, etc) recommended.
  • Novice to Intermediate knowledge of a powerful scripting language required (Ruby, Python, Java, etc.)
  • Familiarity with C and C++ recommended.

What Students Should Bring

Laptop with:
  • Wireless and wired connectivity
  • 4+ gb of RAM
  • 3+ usb ports or a reliable USB hub
  • VMWare player or workstation

What Students Will Be Provided With

Students will be provided with a Lab manual and USB drive with the virtual machine and all software installed. Each student will be provided a lab kit for the duration of the class containing target embedded systems including wireless routers, NAS devices, android tablets, and embedded development boards, as well as tools for identifying and interfacing with test, debug, and peripheral interfaces including serial cables, bus pirates, logic analyzers, multimeters, jtag adapters, etc.



At1as is four time winner of Defcon capture-the-flag and retired captain of the team "1@stplace", over the past decade, atlas has proven expertise in programmatic reverse-engineering, automated vulnerability discovery and exploitation, and breaking into or out of nearly every type of computer system/subsystem. Areas of specialty include embedded/IoT exploitation, power systems and industrial control systems exploitation, automotive exploitation, and client/server/application exploitation. At1as is also the author of the RfCat firmware (www.rfcat.com) that researchers to attack and snoop on IoT and embedded systems that make use of low-power RF.

Stephen A. Ridley is a security researcher at Xipiter. He has more than 10 years of experience in software development, software security, and reverse engineering. Prior to Xipiter, Mr. Ridley served as the Chief Information Security Officer of a financial services firm and prior to that was a Senior Researcher at Matasano. He also was Senior Security Architect at McAfee, and a founding member of the Security and Mission Assurance (SMA) group at a major U.S defense contractor where he did vulnerability research and reverse engineering in support of the U.S. intelligence community. He has spoken about reverse engineering and software security at Black Hat, ReCon, CanSecWest, EuSecWest, Syscan and other prominent information security conferences. Stephen is a co-author of "The Android Hacker's Handbook" published by Wiley & Sons.