Industrial Embedded Systems Hardware Penetration Testing

Unlock offensive hardware security skills with tools and tactics tailored for the ICS/OT and IIoT domain!

What you'll learn

Build an affordable hardware hacking challenge board (we use a NodeMCU ESP8266 dev board) to apply your newly learned skills!

Create a secure and functional hardware hacking lab for this course and your future assessments.

Identify vulnerabilities in industrial embedded systems (ICS/OT and IIoT)!

This is not a course on soldering!

Requirements

Basic familiarity with Linux is helpful.

Willingness to invest $10-$20 for essential tools and equipment.

Chrome web browser.

Description

Step into the world of hardware penetration testing - where technology meets curiosity! If you’re experienced in traditional penetration testing, this course will open new doors, equipping you with the specialized techniques to target industrial embedded systems. Industrial devices present unique attack vectors and require a precise approach; here, you’ll develop the expertise to identify hidden entry points within PCBs, firmware, and industrial IoT components.Starting with the fundamentals of electrical and signal reconnaissance, you’ll learn the ins and outs of PCB hardware tools, delve into firmware and serial interfaces, and explore practical methods for exploiting these systems. This course is rooted in real-world case study industrial devices like a gateway and communication server. The Chronoguard Challenge Board bringing an authentic touch to your skill development. Each module is designed to deepen your understanding of how to leverage specialized tools like multimeters, logic analyzers, and flash programmers in your tests.By the end of this hands-on course, you’ll have expanded your offensive hardware security toolkit with tactics tailored for the ICS/OT and IIoT domain, enabling you to craft advanced attack paths and discover vulnerabilities in industrial environments that remain untouched by traditional IT-focused methods. Elevate your penetration testing skills and gain the expertise needed to secure critical OT systems against the most sophisticated threats. Join now and be among the experts who can bridge the gap between IT and OT security.Disclaimer: Always prioritize electrical safety—avoid contact with exposed, voltage-carrying leads and be mindful of hazards. When applying these skills to industrial hardware, success is not guaranteed; debug interfaces are often undocumented or disabled. This course does not cover soldering skills; some basic craftsmanship and soldering knowledge are recommended for effective application.

Overview

Section 1: Introduction

Lecture 1 Welcome to the Course

Lecture 2 Your Learning Journey and Shopping List

Lecture 3 Contrasting Information Technology (IT) and Operational Technology (OT)

Lecture 4 Introduction to Case Study Industrial Embedded Systems and Challenge Board

Lecture 5 Framework for OT Resilience Testing and Risk Evaluation in Security Scenarios

Lecture 6 Pentest Methodology and Attack Vectors

Lecture 7 OSINT: Leveraging FCC Filings for Hardware Hacking

Lecture 8 Summary

Section 2: Setting Up Your Hardware Hacking Lab

Lecture 9 Welcome to Setting Up Your Hardware Hacking Lab

Lecture 10 Safety First: Four Electrical Safety Rules

Lecture 11 Understanding Virtualization and Virtual Machines

Lecture 12 Installation of VirtualBox

Lecture 13 Kali Linux Setup and Installation Script

Lecture 14 Setting up the Challenge Board

Lecture 15 Installing the Logic Analyzer Software

Lecture 16 Summary of Setting Up Your Hardware Hacking Lab

Section 3: Circuit Board Reconnaissance

Lecture 17 Welcome to Circuit Board Reconnaissance

Lecture 18 Essentials for PCB Recon

Lecture 19 Fundamentals: Main Components on a PCB

Lecture 20 IX2400: PCB Recon

Lecture 21 IX2400: Using AI for Component Identification

Lecture 22 IX2400: Datasheet Search

Lecture 23 W2150A: PCB Recon

Lecture 24 W2150A: Using AI for Component Identification

Lecture 25 W2150A: Datasheet Search

Lecture 26 Challenge Board Task: PCB Recon

Lecture 27 Challenge Board Solution: PCB Recon, Component Identification, Datasheet

Lecture 28 Summary of Circuit Board Reconnaissance

Section 4: Electrical Reconnaissance

Lecture 29 Welcome to Electrical Reconnaissance

Lecture 30 Essentials for Electrical Recon

Lecture 31 Fundamentals: Current

Lecture 32 Fundamentals: Continuity

Lecture 33 Fundamentals: Voltage

Lecture 34 Fundamentals: Ohm's Law

Lecture 35 W2150A: Identifying Ground and Voltage Levels

Lecture 36 IX2400: Identifying Ground and Voltage Levels

Lecture 37 Challenge Board Task: Electrical Recon

Lecture 38 Challenge Board Solution: El. Recon, Identifying Ground and Voltage Levels

Lecture 39 Summary of Electrical Reconnaissance

Section 5: Signal Reconnaissance

Lecture 40 Welcome to Signal Reconnaissance

Lecture 41 Essentials for Signal Recon: Analyzer Interface Hardware

Lecture 42 Essentials for Signal Recon: Analyzer Software

Lecture 43 Fundamentals: Logic Levels

Lecture 44 Fundamentals: Signal Transfer Rates

Lecture 45 Fundamentals: Logic Analysis

Lecture 46 IX2400: Capturing and Identifying Logical Signals

Lecture 47 W2150A: Capturing and Identifying Logical Signals

Lecture 48 Challenge Board Task: Signal Recon

Lecture 49 Challenge Board Solution: Signal Recon, Capturing & Identifying Logical Signals

Lecture 50 Summary of Signal Reconnaissance

Section 6: Serial Reconnaissance

Lecture 51 Welcome to Serial Reconnaissance

Lecture 52 Essentials for Serial Recon: USB-UART Interface

Lecture 53 Essentials for Serial Recon: Picocom

Lecture 54 Fundamentals: Introduction to Low Speed Serial Interfaces in Hardware Hacking

Lecture 55 Fundamentals: Introduction to UART

Lecture 56 Fundamentals: Introduction to SPI

Lecture 57 IX2400: Establishing a Serial Connection

Lecture 58 W2150A: Establishing a Serial Connection

Lecture 59 Challenge Board Task: Serial Recon

Lecture 60 Challenge Board Solution: Serial Recon, Receiving the Bootlog

Lecture 61 Summary of Serial Reconnaissance

Section 7: Exploring the Boot Environment

Lecture 62 Welcome to Exploring the Boot Environment

Lecture 63 Fundamentals: The Boot Environment

Lecture 64 Fundamentals: The Bootlog

Lecture 65 IX2400: Bootlog Analysis

Lecture 66 W2150A: Bootlog Analysis

Lecture 67 Challenge Board Task: Bootlog Analysis

Lecture 68 Challenge Board Solution: Bootlog Analysis

Lecture 69 Summary of Exploring the Boot Environment

Section 8: Accessing the Bootmenu

Lecture 70 Welcome to Accessing the Bootmenu

Lecture 71 Essentials for Accessing the Bootmenu: xdotool

Lecture 72 Fundamentals: Access to Bootmenu Command Line Interface/ Bootshell

Lecture 73 Fundamentals: Bootshell Commands

Lecture 74 IX2400: Bootshell Access with Automated Keystrokes

Lecture 75 IX2400: Enumerating Bootshell Commands

Lecture 76 W2150A: Bootshell Access with Hidden Debug Menu

Lecture 77 W2150A: Enumerating Bootshell Commands

Lecture 78 Challenge Board: Bootshell Access Task

Lecture 79 Challenge Board: Bootshell Access Hints

Lecture 80 Challenge Board: Bootshell Access Solution

Lecture 81 Challenge Board Task: Bootshell Command Enumeration

Lecture 82 Challenge Board Solution: Bootshell Command Enumeration

Lecture 83 Summary of Accessing the Bootshell

Section 9: Analysing Non-Volatile Flash Memory and Gaining Root Access

Lecture 84 Welcome to Analysing Non-Volatile Flash Memory and Gaining Root Access

Lecture 85 Essentials: Strings and Grep

Lecture 86 Essentials: Xxd

Lecture 87 Essentials: Hexdump Cleanup Script

Lecture 88 IX2400: Dumping the Non-Volatile Flash Memory via U-Boot

Lecture 89 IX2400: Uncovering Root Credentials and Gaining Root Access

Lecture 90 Accessing the Non-Volatile Flash Memory via Linux

Lecture 91 Challenge Board Task: Dumping Non-Volatile Flash Memory

Lecture 92 Challenge Board Hint: Dumping Non-Volatile Flash Memory

Lecture 93 Challenge Board Solution: Dumping Non-Volatile Flash Memory

Lecture 94 Challenge Board Task: Root Access

Lecture 95 Challenge Board Solution: Finding the Root Password and Gaining Root Access

Lecture 96 Summary of Analysing Non-Volatile Flash Memory and Gaining Root Access

Section 10: Obtaining Firmware Binaries

Lecture 97 Welcome to Obtaining Firmware Binaries

Lecture 98 Essentials: Flash Programmer

Lecture 99 Essentials: Flashrom

Lecture 100 Fundamentals: Firmware for Industrial Embedded Systems

Lecture 101 Fundamentals: Extracting Firmware via USB

Lecture 102 IX2400: Extracting the Firmware via USB Access

Lecture 103 IX2400: Extracting the Firmware from the Flash Memory Chip via Flash Programmer

Lecture 104 W2150A: Finding Vulnerable Firmware via OSINT

Lecture 105 Task: Download Firmware for W2150A Using OSINT

Lecture 106 Task: Download Substitute Firmware for IX2400

Lecture 107 Solution: Download Substitute Firmware for IX2400

Lecture 108 Summary of Obtaining Firmware Binaries

Section 11: Introduction to Firmware Analysis

Lecture 109 Welcome to Firmware Analysis

Lecture 110 Essentials: Binwalk

Lecture 111 Essentials: Firmwalker

Lecture 112 Fundamentals: Manual Inspection of Firmware for Industrial Embedded Systems

Lecture 113 Entropy Analysis of IX2400 Firmware

Lecture 114 Task: Entropy Analysis of Firmware

Lecture 115 Solution: Entropy Analysis of Firmware

Lecture 116 Firmware Structure Scan of IX2400

Lecture 117 Task: Firmware Structure Scan

Lecture 118 Solution: Firmware Structure Scan

Lecture 119 Firmware Extraction of IX2400

Lecture 120 Task: Firmware Extraction

Lecture 121 Solution: Firmware Extraction

Lecture 122 Automated IX2400 Firmware Analysis with Firmwalker

Lecture 123 Task: Analysis with Firmwalker

Lecture 124 Solution: Analysis with Firmwalker

Lecture 125 Introduction to EMBA

Lecture 126 Summary of Firmware Analysis

Section 12: Closing

Lecture 127 Recap, Goodbye and Happy Hacking!

Lecture 128 Other Projects for Your Challenge Board

Traditional Penetration Testers looking for new attack vectors.,ICS/OT Security professionals,Hobbyists with interest in hardware security