With currently over 25 Billion devices and a projected 50 Billion devices by the end of 2020 deployed in homes, offices, healthcare facilities, vehicles and industrial control systems, this course will put you at the very forefront of Cybersecurity skill sets. This course is open to everyone with a basic understanding of electronics and security principals as well as seasoned Cybersecurity professionals who want to take their existing methodologies and expand them into the most up to date and desired skill set on the market.  The skills gained by successfully completing the course will assure that you are at the bleeding edge of Cybersecurity research today

The goal of this course is to provide you with the practical skills required to conduct a penetration test in a Hardware/IoT platform. This course is focused on developing practical skills in the areas of IoT penetration testing and IoT forensic. Filled with real world examples and taught by real world practitioners this course will equip you will be knowledge and skills required to perform an IoT/Hardware penetration testing. Within this course you will learn what an IoT/Embedded system is and how it functions, along with the how to perform various hardware attacks to extract, and analyse, data. The course is five days in length and makes use of real-world examples to allow the students to develop a mature understanding of the subject.

The delivery of this course makes use of a blended learning environment that seeks to mentor the students in the development and delivery of their IoT/hardware hacking skills. The basic course pedagogy of the five-day course is practice-based approach with expert mentoring as the best way to fill this major skills gap and develop the experience industry needs, efficiently.

During this course the candidate will develop the following key skills:
• The ability to engage with key stakeholder and construct and scope/statement of work.
• The ability to analyse a PCB and identify debug ports
• The ability to test debug ports using a variety of technologies
• The ability to extract and manipulate firmware
• The ability to analyse and reverse engineering firmware

Who is it for?

This course is open to everyone with a basic understanding of electronics and security principals as well as seasoned Cybersecurity professionals who want to take their existing methodologies and expand them into the most up to date and desired skill set on the market.  The skills gained by successfully completing the course will assure that you are at the bleeding edge of Cybersecurity research today.

What's included?

Each candidate will receive a hardware hacking lab, used throughout the course, which will allow them to perform hardware penetration testing exercises. The lab is valued at over £600 and will be sent to the candidates prior to the commencement of the training. Of course, this is for the candidates to keep and is included in the cost of training. The contents of the lab includes:

• Various cables and connectors
• Jtagulator
• Segger J-Link
• DSD USB to TTL (FTDI)
• Virtual Oscilloscope
• Beagle Bone Black + JTAG
• SOC SPI Board
• SPI Test IC/Flash
• SOC Test Rig

Skills Covered

• How to Scope and Stage and IoT Hacking/Forensic activity
  o User engagement and project management
  o Legal and Ethical issues
  o PCB analysis and component identification
  o Open source analysis
  o Threat surface identification
  o Managing user expectations and report writing
• Basic Electronics for Embedded Systems
  o Basic electronics and Integrated Circuit Design
  o What is an embedded system and how does it function?
  o An introduction to ARM cores and ARM core programming
  o Loading and Running an embedded operating system
  o The ARM Tool chain and building ARM applications
  o GCC and GDB (local and remote debugging)

• UART hacking
  o Signal Analysis via a logic analyse
  o Timing diagrams
  o Identifying and Connecting to a UART
  o UART programming in Python
• SPI and I2C
  o Introduction to Flash memory
  o SPI and I2C via a logic analyse
  o Dumping and Flashing the firmware with SPI and I2C
  o Using tool such as Flashrom
  o SPI and I2C programming in Python
• JTAG from basics to expert
  o Identifying JTAG pins
  o Validation of JTAG via a logic analyser
  o Dumping the memory with JTAG
  o Using JTAG and GDB
  o Debugging and dumping the memory with GDB
  o Using tool such as OpenOCD and GDB
• Reverse Engineering
  o Types of Embedded operating systems (Linux and Windows)
  o Extracting a File System and Types of File Systems (EXT4, NTFS and Squashfs)
  o Reverse Engineering ELF and PE binaries/libraries
  o Using tools such as radare2, objdump, readelf, nm, hexedit, strings, gcc etc.
  o Introduction to ghidra

Course Dates

All courses are currently being run from a virtual environment and are presented from 0930 - 1700 BST, Mon to Fri. Candidates labs will be sent via courier to their nominated address in the week prior to attendance and once payment has been made in full.

• 2 Nov - 6 Nov 2020
• 16 Nov - 20 Nov 2020
• 14 Dec - 18 Dec 2020
• 11 Jan - 15 Jan 2021
• 25 Jan - 29 Jan 2021
• 8 Feb - 12 Feb 2021
• 22 Feb - 26 Feb 2021
• 8 March - 12 March 2021
• 22 March - 26 March 2021

Prerequisites

No hardware hacking experience is required, as this course will take the attendees from zero to hero and provide the theoretical and practical skills needed to assess any embedded software or other IoT device they mayencounter.  

It is advantageous to have a background knowledge in the principals ofs ecurity engineering, penetration testing or other related Cybersecurity activities.  It is worth considering attending the Merimetso CyberScheme Team Member (CSTM) course or our Security Engineering Principles course, to gain a foundation in Cybersecurity methodology. However, this is not a pre-requisite.