Software Exploitation via Hardware Exploitation (SexViaHex)
At Black Hat Trainings this year, I just attended one of the best four day classes I’ve ever attended. The name of the class is Software Exploitation Via Hardware Explotation or SexViaHex for short (http://www.sexviahex.com/). The class was provided by Xipiter (@XipiterSec) and taught by @s7ephen.
With regards to quality and practicality I can only think of one class I’ve attended which comes close to this one, that was Breaking Binary Applications, which I attended about four years ago. It was an excellent class taught by Exodus Intelligence (@ExodusIntel).
Before the SexViaHex class, I have only been doing software exploitation and I’ve never done any hardware hacking. This class was very well structured and above all highly practical. In these four days, we learned how to identify UART’s and JTAG, dumping firmware, bypass authentication through hardware debugging and much much more :-) We hacked a number of devices, I think the device I enjoyed hacking the most was the wireless access point on the photos ;-)
I can highly recommend this class to anyone interested in Practical Hardware Hacking.
Xipiter was also offering another interesting class, which ran at the same time and was also four days long, Practical ARM exploitation. I think that class could complement this one, considering how much IoT runs on ARM. I will definitely consider attending that class in the future!