RF Hacking with SDR for Physical Intrusion Systems and Red Teams (Ams)

During this 3-day training, students will learn about Software-Defined Radio applied to security and will get survival reflexes and methods to test real-world radio devices such as intercoms, alarms, various remotes, and other IoT systems, and how to turn legitimate devices into bugs depending on the radio communication.

$3,299.00

Duration

3 days

Delivery Method

virtual

Level

intermediate

Seats Available

20

Duration

3 days

Delivery Method

virtual

Level

intermediate

REGISTRATION CLOSED

DATE: 17-19 April 2023

TIME: 09:00 to 17:00 CEST/GMT+2

Date Day Time Duration
17 Apr Monday 0900-17:00 CEST/GMT+2 8 Hours
18 Apr Tuesday 0900-17:00 CEST/GMT+2 8 Hours
19 Apr Wednesday 0900-17:00 CEST/GMT+2 8 Hours

All students will receive a PlutoSDR which is an ideal RF kit to start with as it allows full-duplex transmission. After the training students can put it in standalone mode, or continue to hack and optimize to upgrade it.

You may wonder if your product is sending wireless data safely or want to test the robustness of the communication. Or you may wish to advise your clients about their products, but you are stuck because public tools are not adapted, obsolete, or even non-existent.
This course will drive you to scenarios you can use for future engagements.

Compared to other courses that teach how to use public tools, this class is more about understanding how these tools work and building proper tools to analyze and attack targeted systems. All techniques here will demonstrate real uses-cases encountered in pentests and Red Teams, but also techniques that aim to be applied to future systems by teaching essential steps when dealing with unknown targets.

The first day will be a mixture of 50% theory and 50% practice, to do a few radio reminders and see essential concepts for our exercises.

Starting on day 2, students will have to develop tools using GNU Radio for different scenarios. These different exercises will make them confident in developing the framework and show how to create even tools that do not exist on exotic systems to perform reverse engineering on different types of signals but also to interact by generating and sending their signal.

Agenda

Why You Should Take This Course

During this 3-day training, students will learn about Software-Defined Radio applied to security and will get survival reflexes and methods to test real-world radio devices such as intercoms, alarms, various remotes, and other IoT systems, and how to turn legitimate devices into bugs depending on the radio communication.

Who Should Attend

  • Digital police investigators
  • Security researcher and consultant interested in hardware and wireless
  • Government Services
  • Developers in embedded systems who want to secure their devices
  • Radio enthusiasts who want to learn applied security using SDR

Key Learning Objectives

  • Learn how radio works and about actual technologies using this interface

  • Find and analyze a signal

  • Modulate and demodulate a signal

  • Encode and decode data meant to be transported over-the-air

  • Capture, generate, replay and analyze a signal

  • Interface with a signal using SDR devices and software

  • Get primary reflexes to attack embedded and IoT systems

  • Create your own tools with the GNU Radio framework and its alternatives

  • Learn how to use SDR and classical attacks on mobile 2G/3G/4G, sub-GHz remotes/alarms, and other similar or custom technologies
  • Prerequisite Knowledge

    • Knowledge of Linux and a programming language such as C, C++, C# or Python is necessary.
    • Understanding of pentesting (network and applications) or Red teaming
    • Basic knowledge of radio is not mandatory but is a plus

    Hardware / Software Requirements

    All attendees will need a machine capable of running VMware virtual machine (8GB of RAM is a minimum)

    Your Instructor

    S├ębastien Dudek is a security researcher at Trend Micro and is also the founder of the PentHertz consulting company which specializes in wireless and hardware security.

    He has been particularly passionate about flaws in radio-communication systems, and published researches on mobile security (baseband fuzzing, interception, mapping, etc.), and on data transmission systems using the power-line (Power-Line Communication, HomePlug AV) like domestic PLC plugs, as well as electric cars and charging stations. He also focuses on practical attacks with various technologies such as Wi-Fi, RFID, and other systems that involve wireless communications.