BootPwn: Breaking Secure Boot by Experience [ATTEND ONLINE AMS2022]

$4,299.00

Duration

4 days

Delivery Method

hybrid

Level

beginner

Seats Available

20 Duration

4 days

Delivery Method

hybrid

Level

beginner

This 4-day BOOTPwn course is one of two Raelize’s Pwn training courses. The other is TEEPwn which will be conducted in Singapore this year. To find out more about this August’s 2-day TEEPwn course, click here.

ATTEND IN-PERSON: Onsite in Amsterdam

ATTEND ONLINE: Virtual via Zoom and Discord

DATE: 9-12 May 2022

TIME: 09:00 to 17:00 CEST/GMT+2

Date	Day	Time	Duration
09 May	Monday	0900-17:00 CEST/GMT+2	8 Hours – Presentations & Hands-on exercises
10 May	Tuesday	0900-17:00 CEST/GMT+2	8 Hours – Presentations & Hands-on exercises
11 May	Wednesday	0900-17:00 CEST/GMT+2	8 Hours – Presentations & Hands-on exercises
12 May	Thursday	0900-17:00 CEST/GMT+2	8 Hours – Hands-on Exercises [Optiional]

Please note:

The 4^th day is an optional day, which may be used by the attendees to complete the left-over exercises. During this day, only online support is available via Discord. No in-person presence is available from the trainers nor required by the attendees.

Secure Boot is fundamental for assuring the authenticity of the Trusted Code Base (TCB) of secure devices. Recent attacks on Secure Boot against a wide variety of devices such as video game consoles and mobile phones, are a clear indicator that Secure Boot vulnerabilities are widespread.

Are you interested in learning and experiencing what it takes to break Secure Boot leveraging more than just software vulnerabilities?

Then, this is THE experience for you!

The BootPwn experience puts you in the attacker’s seat in order to explore the attack surface of Secure Boot while identifying and exploiting interesting vulnerabilities applicable to real-world devices. The experience itself is exercise-driven and gamified using an exciting jeopardy-style Capture-The-Flag (CTF).

Using an emulated device, which is based on publicly available code bases, you will be challenged to identify and exploit interesting vulnerabilities specific to Secure Boot. Even though the emulated device implements the ARMv8 (AArch64) architecture, many exercises are at the same time architecture independent.

Do not worry if your reverse engineering or exploiting skills are rusty or non-existing. You do not need to be an software security expert nor do we aim to make you one. Nevertheless, most exercises can be completed in various ways which are interesting for experienced attendees as well. Moreover, hardware attacks like Fault Injection, which is a very relevant threat for Secure Boot, are discussed and simulated where possible.

Deliverables

During the training we will provide you with the following:

cloud-based virtual machine with all the required tooling installed
access to the exercise modules and instructions
walk through videos for the hands-on exercises

We will also provide you the following in order to continue with the exercises after the training:

offline virtual machine with all tooling preinstalled
ability to copy the exercise modules and instructions
ability to run the exercise modules forever

Format

This BootPwn experience will be given in a hybrid format where attendees are able to join in-person and online at the same time. Attendees need to select the desired format before the start of the training.

Option1: The in-person format requires attendees to join us on-site in Amsterdam for 3 days full of lectures and practical exercises. The lectures and support are provided in-person using a classroom setting.
Option 2: The online format requires attendees to join us online for 3 days full of lectures and practical exercises. The lectures from the in-person classroom are virtually streamed using Zoom. Support is provided virtually via Discord.

Both formats include an optional 4^th day which may be used by the attendees to complete the left-over exercises. During this day, for both formats, only online support is available via Discord. No in-person presence is available from the trainers nor required by the attendees.

Topics Covered

Secure Boot introduction
Secure Boot fundamentals
– Embedded technology
– Flash image parsing
– Cryptography (e.g. authentication or decryption)

Secure Boot attack surface
Real-world Secure Boot attacks
Identify Secure Boot vulnerabilities by analyzing
– Design information
– Flash dumps
– Source code
– Binary code
Exploit Secure Boot vulnerabilities related to
– Insecure designs
– Vulnerable software
– Using weak or incorrect cryptography
– Too flexible configurations
– Incorrect checks
– Insecure parsing
– Vulnerable hardware
– Anti-Rollback
– Fault injection

This 4-day BOOTPwn course is one of two Raelize’s Pwn training courses. The other is TEEPwn which will be conducted in Singapore this year. To find out more about this August’s 2-day TEEPwn course, click here.

Why You Should Take This Course

Who Should Attend

Anyone with an interest in breaking Secure Boot on secure devices
Security enthusiasts with an interest in embedded device security
Designers of Secure Boot interested in an offensive perspective

Key Learning Objectives

Prerequisite Knowledge

Anyone with a technical background should be able to complete the BootPwn experience. Less- experienced attendees will rely on hints and/or solutions available during the hands-on exercises whereas more-experienced attendees will not. Nonetheless, familiarity with the following is helpful:

Embedded technologies and devices
Basic programming (Python and C)
Reverse engineering (ARM AArch64)
Cryptography (RSA, AES and SHA)
Linux command line

Hardware / Software Requirements

Any modern computer system with sufficient memory
We advise to install and use the Chrome browser
A stable Internet connection with sufficient bandwidth

Your Instructor

No data was found

BootPwn: Breaking Secure Boot by Experience [ATTEND ONLINE AMS2022]

Duration

4 days

Delivery Method

hybrid

Level

beginner

Seats Available

20

Duration

4 days

Delivery Method

hybrid

Level

beginner

This 4-day BOOTPwn course is one of two Raelize’s Pwn training courses. The other is TEEPwn which will be conducted in Singapore this year. To find out more about this August’s 2-day TEEPwn course, click here.

ATTEND IN-PERSON: Onsite in Amsterdam

ATTEND ONLINE: Virtual via Zoom and Discord

DATE: 9-12 May 2022

TIME: 09:00 to 17:00 CEST/GMT+2

Please note:

Secure Boot is fundamental for assuring the authenticity of the Trusted Code Base (TCB) of secure devices. Recent attacks on Secure Boot against a wide variety of devices such as video game consoles and mobile phones, are a clear indicator that Secure Boot vulnerabilities are widespread.

Are you interested in learning and experiencing what it takes to break Secure Boot leveraging more than just software vulnerabilities?

Then, this is THE experience for you!

This 4-day BOOTPwn course is one of two Raelize’s Pwn training courses. The other is TEEPwn which will be conducted in Singapore this year. To find out more about this August’s 2-day TEEPwn course, click here.

Why You Should Take This Course

Who Should Attend

Key Learning Objectives

Prerequisite Knowledge

Hardware / Software Requirements

Your Instructor

HACK IN THE BOX LIMITED

Masdar City, United Arab Emirates