Formally announcing 'Hardware Attacks, Threats, Risks, and Mitigations'

Formally announcing 'Hardware Attacks, Threats, Risks, and Mitigations'

For the second year in a row, Black Hat surprised me by getting training registration up earlier than expected - Kudos to them! That means they already let the cat out of the bag but I’d like to take a moment to share the background and purpose of this new class.

One of many great discussions with other trainers that came out of HardawreSecurity.Training is that we all encounter attendees that either 1) only want an overview of the content we deliver or 2) have trouble expressing to their management the true implications of the tools and techniques that they learn in our trainings.

In order to accomodate both these requests, we collaborated develop and deliver a brand new class titled Hardware Attacks, Threats, Risks, and Mitigations:

Up until now, I have focused on all-in hands-on hardware courses. This one is a bit different, and is designed to appeal to a very different audience. It’s a shift for me, but I feel that with the help of the other HardwareSecurity.Training team, we can pull it off together.

The objective of this course is to go up a layer - not into the software part of the stack, but into the implications of the hardware:

  • Instead of trial-by-fire push-off-the-deep-end hands-on labs, emphasis will be placed on the problem solving and hardware implications, not on in depth hardware setup or exhaustive coding of solutions.
  • Instead of going deep into a single system, we’ll survey the introduction to each of the different topics in hardware security.
  • Instead of having lots of hardware to set up, all of the lab portions will be pencil-and-paper - this actually works out better than we expected!

We’ve got a few people in mind as our target audience. If you are:

  • Having a hard time explaining hardware implications to your management… Let us :)
  • Building a startup with some IOT device running custom software on generic hardware that you’re pretty sure works because magic… Dispel the magic!
  • Maintaining a network full of IOT devices.. Get a better idea of what you should be worried about and why.
  • Developing or managing the development of a hardware product… Get an understanding of what the hardware threat landscape looks like today, including solutions and best practices.

While the full course is still in development, the course overview and outline (subject to revisions) is on this site: Hardware Attacks, Threats, Risks, and Mitigations

The first public offering of the course will be at Black Hat USA in August, 2018:

6 Aug 2018 »
Hardware Attacks, Threats, Risks, and Mitigations at Black Hat USA

Of course, if you’ve got a group of 12 or more, private training is always an option, and you can pick and choose from all the training content I offer:

Inquire about booking private training

Joe FitzPatrick

Written by

Joe (@securelyfitz) is an Instructor and Researcher at Joe has spent over a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontroller. He has spent the past 5 years developing and leading hardware security-related training, instructing hundreds of security researchers, pen-testers, hardware validators worldwide. When not teaching classes on applied physical attacks, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.