Industrial Embedded Systems Hardware Penetration Testing
Published 10/2024
MP4 | Video: h264, 1920x1080 | Audio: AAC, 44.1 KHz
Language: English | Size: 2.63 GB | Duration: 4h 16m
Published 10/2024
MP4 | Video: h264, 1920x1080 | Audio: AAC, 44.1 KHz
Language: English | Size: 2.63 GB | Duration: 4h 16m
Unlock offensive hardware security skills with tools and tactics tailored for the ICS/OT and IIoT domain!
What you'll learn
Build an affordable hardware hacking challenge board (we use a NodeMCU ESP8266 dev board) to apply your newly learned skills!
Create a secure and functional hardware hacking lab for this course and your future assessments.
Identify vulnerabilities in industrial embedded systems (ICS/OT and IIoT)!
This is not a course on soldering!
Requirements
Basic familiarity with Linux is helpful.
Willingness to invest $10-$20 for essential tools and equipment.
Chrome web browser.
Description
Step into the world of hardware penetration testing - where technology meets curiosity! If you’re experienced in traditional penetration testing, this course will open new doors, equipping you with the specialized techniques to target industrial embedded systems. Industrial devices present unique attack vectors and require a precise approach; here, you’ll develop the expertise to identify hidden entry points within PCBs, firmware, and industrial IoT components.Starting with the fundamentals of electrical and signal reconnaissance, you’ll learn the ins and outs of PCB hardware tools, delve into firmware and serial interfaces, and explore practical methods for exploiting these systems. This course is rooted in real-world case study industrial devices like a gateway and communication server. The Chronoguard Challenge Board bringing an authentic touch to your skill development. Each module is designed to deepen your understanding of how to leverage specialized tools like multimeters, logic analyzers, and flash programmers in your tests.By the end of this hands-on course, you’ll have expanded your offensive hardware security toolkit with tactics tailored for the ICS/OT and IIoT domain, enabling you to craft advanced attack paths and discover vulnerabilities in industrial environments that remain untouched by traditional IT-focused methods. Elevate your penetration testing skills and gain the expertise needed to secure critical OT systems against the most sophisticated threats. Join now and be among the experts who can bridge the gap between IT and OT security.Disclaimer: Always prioritize electrical safety—avoid contact with exposed, voltage-carrying leads and be mindful of hazards. When applying these skills to industrial hardware, success is not guaranteed; debug interfaces are often undocumented or disabled. This course does not cover soldering skills; some basic craftsmanship and soldering knowledge are recommended for effective application.
Overview
Section 1: Introduction
Lecture 1 Welcome to the Course
Lecture 2 Your Learning Journey and Shopping List
Lecture 3 Contrasting Information Technology (IT) and Operational Technology (OT)
Lecture 4 Introduction to Case Study Industrial Embedded Systems and Challenge Board
Lecture 5 Framework for OT Resilience Testing and Risk Evaluation in Security Scenarios
Lecture 6 Pentest Methodology and Attack Vectors
Lecture 7 OSINT: Leveraging FCC Filings for Hardware Hacking
Lecture 8 Summary
Section 2: Setting Up Your Hardware Hacking Lab
Lecture 9 Welcome to Setting Up Your Hardware Hacking Lab
Lecture 10 Safety First: Four Electrical Safety Rules
Lecture 11 Understanding Virtualization and Virtual Machines
Lecture 12 Installation of VirtualBox
Lecture 13 Kali Linux Setup and Installation Script
Lecture 14 Setting up the Challenge Board
Lecture 15 Installing the Logic Analyzer Software
Lecture 16 Summary of Setting Up Your Hardware Hacking Lab
Section 3: Circuit Board Reconnaissance
Lecture 17 Welcome to Circuit Board Reconnaissance
Lecture 18 Essentials for PCB Recon
Lecture 19 Fundamentals: Main Components on a PCB
Lecture 20 IX2400: PCB Recon
Lecture 21 IX2400: Using AI for Component Identification
Lecture 22 IX2400: Datasheet Search
Lecture 23 W2150A: PCB Recon
Lecture 24 W2150A: Using AI for Component Identification
Lecture 25 W2150A: Datasheet Search
Lecture 26 Challenge Board Task: PCB Recon
Lecture 27 Challenge Board Solution: PCB Recon, Component Identification, Datasheet
Lecture 28 Summary of Circuit Board Reconnaissance
Section 4: Electrical Reconnaissance
Lecture 29 Welcome to Electrical Reconnaissance
Lecture 30 Essentials for Electrical Recon
Lecture 31 Fundamentals: Current
Lecture 32 Fundamentals: Continuity
Lecture 33 Fundamentals: Voltage
Lecture 34 Fundamentals: Ohm's Law
Lecture 35 W2150A: Identifying Ground and Voltage Levels
Lecture 36 IX2400: Identifying Ground and Voltage Levels
Lecture 37 Challenge Board Task: Electrical Recon
Lecture 38 Challenge Board Solution: El. Recon, Identifying Ground and Voltage Levels
Lecture 39 Summary of Electrical Reconnaissance
Section 5: Signal Reconnaissance
Lecture 40 Welcome to Signal Reconnaissance
Lecture 41 Essentials for Signal Recon: Analyzer Interface Hardware
Lecture 42 Essentials for Signal Recon: Analyzer Software
Lecture 43 Fundamentals: Logic Levels
Lecture 44 Fundamentals: Signal Transfer Rates
Lecture 45 Fundamentals: Logic Analysis
Lecture 46 IX2400: Capturing and Identifying Logical Signals
Lecture 47 W2150A: Capturing and Identifying Logical Signals
Lecture 48 Challenge Board Task: Signal Recon
Lecture 49 Challenge Board Solution: Signal Recon, Capturing & Identifying Logical Signals
Lecture 50 Summary of Signal Reconnaissance
Section 6: Serial Reconnaissance
Lecture 51 Welcome to Serial Reconnaissance
Lecture 52 Essentials for Serial Recon: USB-UART Interface
Lecture 53 Essentials for Serial Recon: Picocom
Lecture 54 Fundamentals: Introduction to Low Speed Serial Interfaces in Hardware Hacking
Lecture 55 Fundamentals: Introduction to UART
Lecture 56 Fundamentals: Introduction to SPI
Lecture 57 IX2400: Establishing a Serial Connection
Lecture 58 W2150A: Establishing a Serial Connection
Lecture 59 Challenge Board Task: Serial Recon
Lecture 60 Challenge Board Solution: Serial Recon, Receiving the Bootlog
Lecture 61 Summary of Serial Reconnaissance
Section 7: Exploring the Boot Environment
Lecture 62 Welcome to Exploring the Boot Environment
Lecture 63 Fundamentals: The Boot Environment
Lecture 64 Fundamentals: The Bootlog
Lecture 65 IX2400: Bootlog Analysis
Lecture 66 W2150A: Bootlog Analysis
Lecture 67 Challenge Board Task: Bootlog Analysis
Lecture 68 Challenge Board Solution: Bootlog Analysis
Lecture 69 Summary of Exploring the Boot Environment
Section 8: Accessing the Bootmenu
Lecture 70 Welcome to Accessing the Bootmenu
Lecture 71 Essentials for Accessing the Bootmenu: xdotool
Lecture 72 Fundamentals: Access to Bootmenu Command Line Interface/ Bootshell
Lecture 73 Fundamentals: Bootshell Commands
Lecture 74 IX2400: Bootshell Access with Automated Keystrokes
Lecture 75 IX2400: Enumerating Bootshell Commands
Lecture 76 W2150A: Bootshell Access with Hidden Debug Menu
Lecture 77 W2150A: Enumerating Bootshell Commands
Lecture 78 Challenge Board: Bootshell Access Task
Lecture 79 Challenge Board: Bootshell Access Hints
Lecture 80 Challenge Board: Bootshell Access Solution
Lecture 81 Challenge Board Task: Bootshell Command Enumeration
Lecture 82 Challenge Board Solution: Bootshell Command Enumeration
Lecture 83 Summary of Accessing the Bootshell
Section 9: Analysing Non-Volatile Flash Memory and Gaining Root Access
Lecture 84 Welcome to Analysing Non-Volatile Flash Memory and Gaining Root Access
Lecture 85 Essentials: Strings and Grep
Lecture 86 Essentials: Xxd
Lecture 87 Essentials: Hexdump Cleanup Script
Lecture 88 IX2400: Dumping the Non-Volatile Flash Memory via U-Boot
Lecture 89 IX2400: Uncovering Root Credentials and Gaining Root Access
Lecture 90 Accessing the Non-Volatile Flash Memory via Linux
Lecture 91 Challenge Board Task: Dumping Non-Volatile Flash Memory
Lecture 92 Challenge Board Hint: Dumping Non-Volatile Flash Memory
Lecture 93 Challenge Board Solution: Dumping Non-Volatile Flash Memory
Lecture 94 Challenge Board Task: Root Access
Lecture 95 Challenge Board Solution: Finding the Root Password and Gaining Root Access
Lecture 96 Summary of Analysing Non-Volatile Flash Memory and Gaining Root Access
Section 10: Obtaining Firmware Binaries
Lecture 97 Welcome to Obtaining Firmware Binaries
Lecture 98 Essentials: Flash Programmer
Lecture 99 Essentials: Flashrom
Lecture 100 Fundamentals: Firmware for Industrial Embedded Systems
Lecture 101 Fundamentals: Extracting Firmware via USB
Lecture 102 IX2400: Extracting the Firmware via USB Access
Lecture 103 IX2400: Extracting the Firmware from the Flash Memory Chip via Flash Programmer
Lecture 104 W2150A: Finding Vulnerable Firmware via OSINT
Lecture 105 Task: Download Firmware for W2150A Using OSINT
Lecture 106 Task: Download Substitute Firmware for IX2400
Lecture 107 Solution: Download Substitute Firmware for IX2400
Lecture 108 Summary of Obtaining Firmware Binaries
Section 11: Introduction to Firmware Analysis
Lecture 109 Welcome to Firmware Analysis
Lecture 110 Essentials: Binwalk
Lecture 111 Essentials: Firmwalker
Lecture 112 Fundamentals: Manual Inspection of Firmware for Industrial Embedded Systems
Lecture 113 Entropy Analysis of IX2400 Firmware
Lecture 114 Task: Entropy Analysis of Firmware
Lecture 115 Solution: Entropy Analysis of Firmware
Lecture 116 Firmware Structure Scan of IX2400
Lecture 117 Task: Firmware Structure Scan
Lecture 118 Solution: Firmware Structure Scan
Lecture 119 Firmware Extraction of IX2400
Lecture 120 Task: Firmware Extraction
Lecture 121 Solution: Firmware Extraction
Lecture 122 Automated IX2400 Firmware Analysis with Firmwalker
Lecture 123 Task: Analysis with Firmwalker
Lecture 124 Solution: Analysis with Firmwalker
Lecture 125 Introduction to EMBA
Lecture 126 Summary of Firmware Analysis
Section 12: Closing
Lecture 127 Recap, Goodbye and Happy Hacking!
Lecture 128 Other Projects for Your Challenge Board
Traditional Penetration Testers looking for new attack vectors.,ICS/OT Security professionals,Hobbyists with interest in hardware security