Uncategorized

Securing Hardware: Applied Physical Attacks and Hardware Pentesting

Joe Fitzpatrick of Securing Hardware has announced a new course:

[…]This course focuses on approaching hardware as part of a pentest or red team engagement, implementing advanced hardware hacks, and managing the hardware ‘problem’. This two-day course builds directly upon the skills covered in Physical Attacks on Embedded Systems – consider taking the two together for a complete 4 days. If you’ve already taken another class that covers the basics of embedded/IOT/hardware hacking, including UART, JTAG, and SPI, you should have sufficient background.[…]

https://securinghardware.com/news/Announcing-Hardware-Pentesting-Course/

https://securinghardware.com/training/pentesting/

Standard
Uncategorized

Hardware security training at Black Hat

https://www.blackhat.com/us-17/training/index.html

Standard
Uncategorized

PCI Leech

 

https://github.com/ufrisk

Does not appear to be a public Github project yet.

 

Standard
Uncategorized

BIOS mod lab at upcoming SecuringHardware.com training

For those who need Evil Maid skills take note: Joe Fitzpatrick has added a BIOS mod lab to his Black Hat training on x86 physical attacks.

Applied Physical Attacks on x86 Systems
Joe FitzPatrick, SecuringHardware.com
July 30-August 2

This course introduces and explores attacks on several different relatively accessible interfaces on x86 systems. Attendees will get hands-on experience implementing and deploying a number of low-cost hardware devices to enable access, privilege, and deception which is in some cases imperceptible from software. The course has several modules: USB, SPI/BIOS, I2C/SMBus, PCIe, and JTAG. Each begins with an architectural overview of an interface, and follows with a series of labs for hands-on practice understanding, observing, interacting with, and exploiting the interface, finishing with either potentially exploitable crashes or directly to root shells.

https://www.blackhat.com/us-16/training/applied-physical-attacks-on-x86-systems.html

Standard
Uncategorized

Hardware security at Security B-Sides Seattle

This month is B-Sides Seattle, and there are 3 hardware workshops (Attacking USB, JTAG, and Arduino) one by Joe (SecurelyFitz) and two by Matt (CryptoMonkey):

http://www.securitybsides.com/w/page/103147483/BsidesSeattle2015
https://www.eventbrite.com/e/bsides-seattle-2016-tickets-19822367234

I think I heard Matt say this was the last time he was offering this  Attacking USB training…

Note that Joe also has training at CanSecWest and Black Hat, in addition to B-Sides Seattle..
https://www.blackhat.com/us-16/training/applied-physical-attacks-on-x86-systems.html
https://cansecwest.com/dojos/2016/advanced_hardware.html

Standard
Uncategorized

sigrok update

Thanks to JoeFitz at SecuringHardware.com for showing me about the libsigrok project!

New supported devices in libsigrok:

* Logic analyzers: AKIP-9101, BeagleLogic, LeCroy LogicStudio, mcupro Logic16 clone, Pipistrello OLS, SysClk LWLA1016
* Oscilloscopes: Rigol/Agilent DS1000Z series, Yokogawa DLM2000 series, Yokogawa DL9000 series, Hung-Chang DSO-2100, GW Instek GDS-800
* Multimeters: Agilent U1241A/B, Agilent U1242A/B, Brymen BM25x series, MASTECH MS8250B, Metrahit 16T/16U/KMM2002, PeakTech 3415, Tenma 72-7730/72-7732/72-9380A, Testo 435-4, UNI-T UT372, UNI-T UT71A/B/C/D/E, * * Velleman DVM4100, Voltcraft VC-870/VC-920/VC-940/VC-960
* Programmable power supplies: Fluke/Philips PM2800 series, HP 663xx series, Manson HCS-3xxx series, Motech LPS-30x series, Rigol DP800 series, Korad KAxxxxP series (a.k.a Velleman LABPS3005D and others)
* AC/DC sources: Agilent N5700A series (DC sources), Chroma 61600 series (AC sources), Chroma 62000 series (DC sources)
* Electronic loads: Maynuo M97 (and compatibles)
* LCR meters: DER EE DE-5000
* Scales: KERN EW 6200-2NM
* BeagleBone Black capes: BayLibre ACME (revA and revB)

http://sigrok.org/

https://www.sigrok.org/blog/major-sigrok-releases-libsigrok-libsigrokdecode-sigrok-cli-pulseview

Standard