Wireless communications are widely used by devices, especially IoT devices. This course aims to provide a strong understanding and feedback when assessing this kind of device during an intrusion or red team test. This course focuses on common RF attacks but tends to go beyond by teaching also the techniques and how to make new and custom tools for dedicated targets.
Comparing to other courses that teach how to use public tools, this class is more about understanding how these tools work and also how to build proper tools to analyze and attack targeted systems. All techniques here will demonstrate real uses-cases encountered in pentests and Red Teams, but also techniques that aim to be applied to future systems, by teaching important steps when dealing with unknown targets.
Day 1 is an introduction to radio that will help students to learn it’s concepts and the techniques used today to receive and transmit signals, but also the constraints that we have to deal with in heterogeneous environments: 1. Introduction to radio • History, evolution, and EU regulations • Radio waves • Digital Signal Processing • Software-Defined Radio • Antennas • Amplifiers and connectors 2. Software-Defined Radio devices • Specifications • How to choose them • Few tips and hacks 3. Observations • Waterfall and spectrum analyzers • Signal identification • Modulation/Demodulation • Encoding/Decoding 4. Faraday cages and how to design a very cheap one 5. Use of attenuators and software gain parameters
Day 2 will put the student in the playground of the Software-Defined Radio, where every idea can be written on a software to be simulated, and then concretized to realize receivers and transmitters depending on the chosen hardware limitations: 1. Introduction du GNU Radio 2. Software-Defined Radio processing in the chain 3. Practice with GNU Radio Companion • Block schemas • Parameters • Generators • Sinks and sources • Operators • Simulations • Modules • Executing a block in a real SDR device • Working with analogical and binary modulation • Transferring a simple signal • Optimizing samples processing • Features to process samples 4. Investigation and handy tools 5. Alternative to GNU Radio
Day 3 resumes and applies previous chapters to study physical intrusion systems and brings useful tricks for Red Team tests as well as pentests: 1. Common sub-GHz Remotes • Introduction • Capturing data • Replaying saved samples • Analyzing samples (manually and with powerful tools) • Rolling codes security 2. Devices using the mobile network (2G/3G/4G) • Introduction • Monitoring • Mobile security • Existing tools • Interception techniques • Our feedback in missions • Tooling with GNU Radio 3. RFID/NFC • Analyzing the communication • Public attacks on common technologies • Tools to perform intrusion test efficiently 4. Introduction to hardware hacking