applied security conferences and training: CanSecWest | PacSec | EUSecWest |

Security Masters Dojo

Advanced and intermediate security training and technology enhancement for information security professionals.

CanSecWest: Security Masters Dojo Vancouver

Applied Physical Attacks on x86 Systems

Register for March 12-13 Course
Register for March 14-15 Course

Instructor(s):
Joseph FitzPatrick

Description

This course introduces and explores attacks on several different relatively accessible interfaces on x86 systems. Attendees will get hands-on experience implementing and deploying a number of low-cost hardware devices to enable access, privilege, and deception which is in some cases imperceptible from software.

The course has several modules: USB, SPI/BIOS, I2C/SMBus, PCIe, and JTAG. Each begins with an architectural overview of an interface, and follows with a series of labs for hands-on practice understanding, observing, interacting with, and exploiting the interface, finishing with either potentially exploitable crashes or directly to root shells. Based on the pace and interest of the attendees, not all material may fit in 2 days but will still be available to attendees.

Target Audience

This course is geared toward pen testers, developers and others with a security background who wish to learn how to take advantage of physical access to systems to assist and enable other attacks. No hardware or electrical background is required. Computer architecture knowledge and low-level programming experience helpful but not required.

PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.

Course Outline

  • USB Overview
    • USB Lab 1: Mapping out USB
    • USB Lab 2: Sniffing and Parsing USB
    • USB Lab 3: Attacking via USB
    • USB Lab 4: Fuzzing via USB
  • SPI Overview
    • SPI Lab 1: Dumping SPI from Software
    • SPI Lab 2: Sniffing and Parsing SPI
    • SPI Lab 3: Dumping SPI from Hardware
    • SPI Lab 4: Firmware Analysis
  • SMBus Overview
    • SMBus Lab 1: Mapping out SMBus
    • SMBus Lab 2: Sniffing and Parsing SMBus
    • SMBus Lab 3: Attacking SMBus as a Master
    • SMBus Lab 4: Attacking SMBus as a Slave
  • PCIe Overview
    • PCIe Lab 1: Mapping out PCIe
    • PCIe Lab 2: Dumping and Analyzing Memory
    • PCIe Lab 3: Bypassing Authentication
  • JTAG Overview
    • JTAG Lab 1: Hardware and Software Setup
    • JTAG Lab 2: Escalating Privilege via Kernel
    • JTAG Lab 3: Escalating Privilege via a Process
  • Materials

    All equipment, including laptops, are provided for use during the class. Attendees get printed lab manuals and slides, plus all of the software used in the course.