applied security conferences and training: CanSecWest | PacSec | EUSecWest |

Security Masters Dojo

Advanced and intermediate security training and technology enhancement for information security professionals.

CanSecWest: Security Masters Dojo Vancouver

Applied Hardware Attacks: Hardware Implants

Register for March 18-19, 2019 (2-day Course)

Instructor(s):
Joseph FitzPatrick

Description

Hardware-based Evil Maid, Interdiction, and other attacks sound fancy and exotic. They might make headlines, but many of the techniques are accessible to hobbyists.. They may not be as small as a grain of rice, but in this two-day course you’ll combine hardware hacking with rapid prototyping to build real custom hardware implants.

In the span of two days, you will design, build, and program:

This class builds upon the previous Applied Hardware Attacks classes, combining the hardware hacking basics and the rapid prototyping skills into one end product. Combining this course with either Applied Hardware Attacks 1: Embedded Systems or Applied Hardware Attacks 3: Rapid prototyping should help you fill in any background you need.

Key Learning Outcomes:

  1. End-to-end experience building a malicious hardware device
  2. Realization of the flexibility and impact a hardware implant can have
  3. Understanding of how easy it really is to build these devices.

PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.

Course Outline

This course is still in development. The format will be less linear than my other classes.

We’ll start off by introducing four cases. Individually or in groups, you will be guided through the process of:

  1. Identifying the target and measure it mechanically and electrically
  2. Designing the circuit to interface with the protocol
  3. Laying out and milling a PCB to help them interface
  4. Designing and printing an enclosure/jig for the implant
  5. Coding the microcontroller to perform the malicious action
  6. Testing and demonstrate the result.

There should be sufficient time to complete 2 of the test cases within the class time, possibly more depending on prior background. In the unlikely even that all the prototyping equipment fails, reference designs will be available.

The case studies are still in development but will likely be:

Who Should Take This Course:

This course is specifically geared towards attendees who have some hardware hacking under their belt plus familiarity with rapid prototyping techniques.

Pre-requisites:

This two-day course assumes some experience:

~ ~