Hacking Firmware & Hardware: Software Exploitation Via Hardware Exploitation

"Software Exploitation via Hardware Exploitation" is an intensive hands-on course covering tools and methods for manipulating, modifying, debugging, reverse engineering, interacting with, and exploiting the software (firmware) and hardware of embedded systems. These embedded systems include COTS "IoT ("Internet Of Things") products (such as routers, webcams, etc) and Industrial/Enterprise devices. Participants will gain hands-on experience with real-world devices and products, learning to interface with them on a low level. Participants will also be walked through the process of finding several of the 0-day found and disclosed by the instructors. Found to be vulnerable in millions of devices worldwide.

Some skills taught include:

Bus spying, tampering, spoofing, injection on simple serial interfaces like UART, SPI, I2C and others
Finding, identifying, analyzing, and interfacing with JTAG, Serial, and other interfaces
Configuring, Interfacing, Using, Misusing, and Abusing JTAG for reverse engineering, manipulation, and exploitation
Writing your own simple shellcode to successfully exploit IoT and embedded devices.
Non-destructively extracting firmware via software, JTAG and serial interfaces
Invasively extracting firmware by directly accessing or physically removing flash storage
Parsing, extracting, and analyzing firmware images
Manipulating firmware images to embed backdoors or other functionality
Binary analysis of executables on firmware to enable software exploitation

A COMPLETE CLASS SYLLABUS IS AVAILABLE ON: http://sexviahex.com
Students will get hands-on experience with tools like:

USB serial cables
Bus Pirate
The Shikra JTAG interface
Logic Analyzers
Multimeters
JTAGULATOR
OpenOCD
UrJtag
GDB
IDA

Penetration Testers, Forensic Investigators, reverse engineers, software security auditors/analysts, software exploitation engineers, "Makers", Tinkerers, Developers, IT Professionals, Mobile Developers, Hackers, jail breakers, and anyone interested.

No prior experience with hardware based exploitation necessary.
Novice or Intermediate software exploitation experience recommended (ARM, x86, etc.)
Familiarity with IDA or disassemblers recommended.
Understanding of software development, executable file formats, and debuggers recommended.
Familiarity with assembly (ARM, x86, etc) recommended.
Novice to Intermediate knowledge of a powerful scripting language required (Ruby, Python, Java, etc.)
Familiarity with C and C++ recommended.

Laptop with:
Wireless and wired connectivity
4+ gb of RAM
3+ usb ports or a reliable USB hub
VMWare player or workstation

Patience (hardware can be hard ;-)

Students will be provided with a Lab manual and USB drive with the virtual machine and all software installed. Each student will be provided a lab kit for the duration of the class containing target embedded systems including wireless routers, NAS devices, android tablets, and embedded development boards, as well as tools for identifying and interfacing with test, debug, and peripheral interfaces including serial cables, bus pirates, logic analyzers, multimeters, jtag adapters, etc.

Students will receive their own hardware to take home after the course.
A COMPLETE CLASS SYLLABUS IS AVAILABLE ON: http://sexviahex.com