applied security conferences and training: CanSecWest | PacSec | EUSecWest |

Security Masters Dojo

Advanced and intermediate security training and technology enhancement for information security professionals.

CanSecWest: Security Masters Dojo Vancouver

Advanced Physical Attacks and Hardware Pentesting

Register for March 12-13 Course

Joseph FitzPatrick


You've learned about JTAG, UART, and SPI in your Intro to IOT Hacking class - but how does this apply to the real world devices you encounter on actual engagements?

This course will put what you've already learned into context. We'll analyze how and why hardware hacks belong in the scope of certain pen tests, and what that means to threat modeling and deliverables. Building upon your basic skills, we'll show you how more advanced hardware and firmware analysis tells us more about the software vulnerabilities in a system, and prototype some hardware exploits into compelling demos or helpful red-team tools.

This course focuses on approaching hardware as part of a pen test or red team engagement, implementing advanced hardware hacks, and managing the hardware "problem." This two-day course builds directly upon the skills covered in Physical Attacks on Embedded Systems from last year. If you've already taken another class that covers the basics of embedded/IOT/hardware hacking, including UART, JTAG, and SPI, you should have sufficient background.

Key Learning Outcomes:

This course targets a multiple arm-based embedded device, representative of a wide range of consumer electronics, medical devices, industrial control hardware, and mobile devices.

PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.

Course Outline

Based on time and depth of student interest, we may not complete every topic in class:

Part 1: Recon and passive analysis Part 2: Threat modeling and system analysis Part 3: Hardware vulnerability analysis and exploitation Part 4: Firmware vulnerability analysis and exploitation

To avoid the thrash of compatibility, software installation, virtual machines, and bootable images, attendees will be provided with all equipment for use during the class, including laptops preconfigured with all necessary software.

Who Should Take This Course:

Pen Testers, Red Teamers, Exploit Developers, and Product Developers looking to incorporate hardware elements into their daily operations. Security Researchers and enthusiasts unwilling to "just trust the hardware" will gain deeper insight into how the hardware works and can be undermined.


This two-day course builds directly upon the skills covered in Applied Hardware Attacks: Embedded Systems. Taking them together should work well. If you've previously taken that or another class that covers the basics of embedded/IOT/hardware hacking, including UART, JTAG, and SPI, you should be prepared for this class.

If, in a class or in other experience, you have manipulated an embedded system over a console, tampered with a live system over JTAG, and dumped a devices firmware at least once, you are also prepared for this class.