With continued uncertainty about everchanging travel guidelines, combined with the success of our current online offerings, we’ve brought a second full course - Applied Physical Attacks and Hardware Pentesting - online.

We’ve run self-paced online courses for over a year, and have conducted this course remotely several times. We think all the major kinks have been worked out and so it’s ready for general availability.

We didn’t just paste the existing course online - the entire course has been refactored and update based on new advances in hardware plus the experience of running the course for the last 4 years.


What’s New?

A more formalized ‘Process’

Previously, the course covered the pentesting process through 4 ‘practicals’ completed individually or with group discussions. The process itself has been refactored to match the phases of the PTES - Penetration Testing Execution Standard. This isn’t the only process and we don’t actually recommend changing your existing one - but we found this to be a general enough series of phases that could map effectively into any organizations current web, software, or IoT pentesting process.

More context

Rather than keeping the ‘practicals’ separate - they’re incorporated right into the target hardware labs. After we walk through a quick beginning-to-end example of executing the process, the course proceeds through two complete iterations of the process against two separate hardware targets - solidly preparing you to repeat it, start to finish, on your own.

Updated Tools

When we refactored Applied Physical Attacks #1, we switched to BitMagic Basic as our logic analyzer and Tigard as our multi-purpose I/O interface board. Continuing with our trend of preferring inexpensive, robust, open-hardware solutions, we’re adding Xiaomao as our microcontroller platform of choice. It has a wide operating range, some I/O protection, and works as a flexible protocol interface or hardware implant.

Updated Targets

While we’re sticking with the same SSD as one of our case studies, we’ve got a new and updated mock IoT thermostat as a second target. We put lots of time and effort into making sure the BEST(tm) Model F thermostat made enough questionable hardware security design decisions that you’re sure to find a few.

Bundle Deal

The 2-day course is priced at US$2000, but when bundled with Applied Physical Attacks #1, the full 4 days of training is discounted to $3000. In addition for a limited time, those who’ve already completed APA#1 online and have their kit are welcome to add the second course at that discounted price.

Sign up below for more notifications, or get in touch if you’ve got a large group interested in either self-paced or live synchronous training.