Attention all UK-based PhD’s, Postdocs and early career researchers! Interested in attending a 2-day training course on Hardware Security & Pen testing with renowned trainer Joe Fitzpatrick? We are excited to announce that RISE will be holding a series of FREE Hardware Security training workshops in March 2025!
Registration
The training will take place on the following dates/locations. The training is the same at each location, so only register for one! Note each location can take a maximum of 25 attendees and, if oversubscribed, we may need to limit the number of individuals coming from the same institute.
This HW Security training is only open to UK-based PhDs, post-docs and ECRs.
Queens University Belfast, 13th – 14th March 2025
-> Register for Belfast training here
University of Sheffield, 17th – 18th March 2025
-> Register for Sheffield training here
University of Surrey, 20th – 21st March 2025
-> Register for Surrey training here
Travel & Accommodation Bursaries
Please note that a limited number bursaries are available for UK-based PhD students and post-doctoral researchers, on a first come first served basis. Bursaries cover accommodation for 1 night and travel costs. Requests for bursaries should be sent to info@ukrise.org after registering above.
Course Outline
Applied Physical Attacks and Hardware Pentesting
You’ve taken an introductory IoT class or are familiar with JTAG, UART, and SPI – but how does this apply to real world devices you encounter?
This course distills the art of hardware hacking into the science of a standardized penetration testing procedure.
We’ll analyze how and why hardware hacks belong in scope of certain pen tests, and what that means to threat modeling and deliverables. We’ll build upon your basic skills and see how more advanced hardware and firmware analysis tells us more about the software vulnerabilities in a system. We’ll prototype some hardware exploits into compelling demos or helpful red-team tools.
This course is centered around a standardized pentesting procedure that is applied to a series of case studies. We’ll start off with an example of the process, then an overview of each of the stages
●Pre-engagement
● Intelligence Gathering
● Threat Modeling
● Vulnerability Analysis
● Exploitation
● Post-Exploitation
● Reporting
Then, we’ll tackle two separate target case studies:
● A consumer, off-the-shelf Solid State Drive
● A customized ‘smart’ thermostat
For each, we’ll complete each stage of the pentesting process. If time permits, there may be time to tackle your own target system. If there isn’t, you’ll be equipped and experienced to do it on your own after the class
Your Trainer
Joe FitzPatrick (@securelyfitz) is an Instructor and Researcher at SecuringHardware.com. Joe has spent most of his career working on low-level silicon debug, security validation, and penetration testing of CPUs, SoCs, and microcontrollers. He has spent the past decade developing and delivering hardware security related tools and training, instructing hundreds of security researchers, pen testers, and hardware validators worldwide. When not teaching Applied Physical Attacks training, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.