The new reality that we’re all adapting to means there will be big changes to how travel, events, and training works for the foreseeable future.
We’ve spent the past few months figuring out how to take hands-on hardware hacking training online, while still keeping the same level of quality instruction SecuringHardware.com is known for.
The first offering will be this August as one of Black Hat’s online trainings. If all goes well, other offerings will follow in the fall, and a self-paced version may be available.
Converting to an online remote format
In order to teach this class remotely, there were several challenges to overcome:
Keeping engaged in online classes
Delivering deep technical content is already a challenge. For in-person training, we try and stick to 30 minute lectures followed by 90 minute labs which works well. By presenting only the necessary information to set the context and get you started, the majority of the learning happens in the lab time, which has much higher retention than lecture material.
Online training needs to break this up into smaller blocks. The new class is based around 5 minute lectures and 20 minute labs. In addition, videos of each short lecture are available on demand so that you can revisit them as you work through the lab exercises.
Keeping attendees on track
One benefit to shorter labs is that there’s less room to get left behind. In addition to breaking the lab activities into smaller chunks, there’s a walk-through video of each lab available after completion.
Without the advantage of very distinct time set aside away from home and work, there’s a much larger risk of interruptions. The shorter modules should make it easier to stay on track, and the on-demand lectures should make it possible to catch up once distractions have subsided.
Keeping hardware working
When teaching a face to face class, it’s easy to pack several spare pieces of hardware. There are a bunch of changes to the course that help to avoid broken hardware and fix it if it happens:
- Kits include a non-conductive mat for designating your work surface and helping you keep it clear
- Target boards have been more robustly prepared for poking and probing
- Probe clips are higher quality and less likely to bridge connections
- Instructions are much more explicit about when to connect and disconnect power
- Kits include a microscope to help instructors diagnose issues remotely
- All hardware is tested before packing and shipping.
- A spare router is included for emergencies.
Participating in Class
There will multiple portals used for the class - one for the course material, and one for the meeting portion, and an optional one for discussion
All materials, including supplemental lectures, labs, notes, and support files will all be hosted at http://learn.securinghardware.com. Bear with us, as we’ve focused on the material instead of the registration process:
- Visit http://learn.securinghardware.com/my-account/#login
- “Register an account” with the email you’d like to use for the class
- Email us letting us know your username and the MAC address of your router (found on the outside of the black box) to verify you’ve got your kit
- We’ll enable access to the course material about a week ahead of the class.
Meeting, Lecture, and Discussion
The meeting, lecture, and discussion portions will take place via video conferencing. For Black Hat, this will be via GoToTraining. Again, you’ll receive details via email.
You are welcome to visit the discussion forum for the course at http://discourse.securinghardware.com/my-account/#login
The forum is open to the public with no registration required unless you’d like to post. This is optional and not necessary for the class, but might be helpful for providing feedback and discussing techniques presented in class.
After registering for the class, you’ll recieve a box containing most of the equipment for the class. In addition, there are a few things you’ll need to provide and prepare, incuding setting up your work computer
You’ll get a kit including most of the equipment you’ll need to use for class - hopefully well ahead of time. Feel free to open it and look inside, but please be careful and don’t start using the tools before our training - it would be unfortunate to have something break and be unavailable when it’s needed in class.
What You Need to Provide
There are a handful of things you will need to complete the class that aren’t included in the box:
- Workspace for both your laptop and your target hardware
- Reliable Internet access for the duration of the course
- A computer with:
- Ubuntu 20.04
- 3 USB ports
- 1 Ethernet port
- Webcam (optional, but very helpful for remote debugging)
- VMs and other operating systems may work but aren’t guaranteed and we won’t be able to help debug issues
- A small phillips head screwdriver to install the multimeter battery
Again, a native install of Ubuntu 20.04 will be necessary. A fresh install is best, and we will add all the necessary tools and files as part of the course procedures.
Details for downloading and installing Ubuntu 20.04 are available on their website.
Black Hat Trainings will be held August 1-2 in an all-online format. Register Now.
We’ll see how Black Hat goes - hopefully we’ll find out what we did right as well as what needs improvement. Soon after, we’ll make the call whether to offer additional synchronous trainings this fall, or to open it up to asynchronous self-paced study.
Once we realize what the new normal of travel and gatherings looks like, it is likely we’ll keep offering this introductory Applied Physical Attacks online, but resume teaching our advanced classes in-person.
Do I need a webcam?
No, but it is very helpful, especially when trying to debug hardware issues. Your kit does have a microscope for sharing close-up images to help with debugging, and cell phone cameras are also particularly handy.
Can I use Ubuntu 18.04 or Debian or OSX or….
You can try - but we will be installing a number of tools from the package manager that are up-to-date and tested on 20.04 that might need to be compiled from scratch on other systems. When issues come up, instructors and assistants priorities are to help with class content issues before dealing with incompatibe systems
Can I just use a VM?
You can try - but my experience is that, with constant plugging and unplugging of USB devices, you will encounter all sorts of reliability issues and have to frequently reboot both your host and guest OS
Do I really need 3 USB ports?
3 is ideal, but you absolutely must have 2 ports to interact with (via Tigard) and observe (via BitMagic) your target system. The third is helpful for your webcam, microscope, or usb-ethernet adapter if needed
Can I just watch the lectures and skip the labs?
Yes - but you’re missing the best part, and this might not be the right class for you. Labs are where the learning happens, and over 75% of our time will be spent working on the labs
Ethernet? Can’t I use wifi?
We’ll use ethernet as an easy way to flash firmware to the target boards; wifi is not an option. If you don’t have an ethernet port, you could fall back on much more manual, invasive methods to get this done.