English | MP4 | AVC 1280×720 | AAC 44KHz 2ch | 128 lectures (4h 18m) | 2.76 GB
Unlock offensive hardware security skills with tools and tactics tailored for the ICS/OT and IIoT domain!
Step into the world of hardware penetration testing – where technology meets curiosity! If you’re experienced in traditional penetration testing, this course will open new doors, equipping you with the specialized techniques to target industrial embedded systems. Industrial devices present unique attack vectors and require a precise approach; here, you’ll develop the expertise to identify hidden entry points within PCBs, firmware, and industrial IoT components.
Starting with the fundamentals of electrical and signal reconnaissance, you’ll learn the ins and outs of PCB hardware tools, delve into firmware and serial interfaces, and explore practical methods for exploiting these systems. This course is rooted in real-world case study industrial devices like a gateway and communication server. The Chronoguard Challenge Board bringing an authentic touch to your skill development. Each module is designed to deepen your understanding of how to leverage specialized tools like multimeters, logic analyzers, and flash programmers in your tests.
By the end of this hands-on course, you’ll have expanded your offensive hardware security toolkit with tactics tailored for the ICS/OT and IIoT domain, enabling you to craft advanced attack paths and discover vulnerabilities in industrial environments that remain untouched by traditional IT-focused methods. Elevate your penetration testing skills and gain the expertise needed to secure critical OT systems against the most sophisticated threats. Join now and be among the experts who can bridge the gap between IT and OT security.
Disclaimer: Always prioritize electrical safety—avoid contact with exposed, voltage-carrying leads and be mindful of hazards. When applying these skills to industrial hardware, success is not guaranteed; debug interfaces are often undocumented or disabled. This course does not cover soldering skills; some basic craftsmanship and soldering knowledge are recommended for effective application.
What you’ll learn
- Build an affordable hardware hacking challenge board (we use a NodeMCU ESP8266 dev board) to apply your newly learned skills!
- Create a secure and functional hardware hacking lab for this course and your future assessments.
- Identify vulnerabilities in industrial embedded systems (ICS/OT and IIoT)!
- This is not a course on soldering!
Table of Contents
Introduction
1 Welcome to the Course
2 Your Learning Journey and Shopping List
3 Contrasting Information Technology (IT) and Operational Technology (OT)
4 Introduction to Case Study Industrial Embedded Systems and Challenge Board
5 Framework for OT Resilience Testing and Risk Evaluation in Security Scenarios
6 Pentest Methodology and Attack Vectors
7 OSINT Leveraging FCC Filings for Hardware Hacking
8 Summary
Setting Up Your Hardware Hacking Lab
9 Welcome to Setting Up Your Hardware Hacking Lab
10 Safety First Four Electrical Safety Rules
11 Understanding Virtualization and Virtual Machines
12 Installation of VirtualBox
13 Kali Linux Setup and Installation Script
14 Setting up the Challenge Board
15 Installing the Logic Analyzer Software
16 Summary of Setting Up Your Hardware Hacking Lab
Circuit Board Reconnaissance
17 Welcome to Circuit Board Reconnaissance
18 Essentials for PCB Recon
19 Fundamentals Main Components on a PCB
20 IX2400 PCB Recon
21 IX2400 Using AI for Component Identification
22 IX2400 Datasheet Search
23 W2150A PCB Recon
24 W2150A Using AI for Component Identification
25 W2150A Datasheet Search
26 Challenge Board Task PCB Recon
27 Challenge Board Solution PCB Recon, Component Identification, Datasheet
28 Summary of Circuit Board Reconnaissance
Electrical Reconnaissance
29 Welcome to Electrical Reconnaissance
30 Essentials for Electrical Recon
31 Fundamentals Current
32 Fundamentals Continuity
33 Fundamentals Voltage
34 Fundamentals Ohm’s Law
35 W2150A Identifying Ground and Voltage Levels
36 IX2400 Identifying Ground and Voltage Levels
37 Challenge Board Task Electrical Recon
38 Challenge Board Solution El. Recon, Identifying Ground and Voltage Levels
39 Summary of Electrical Reconnaissance
Signal Reconnaissance
40 Welcome to Signal Reconnaissance
41 Essentials for Signal Recon Analyzer Interface Hardware
42 Essentials for Signal Recon Analyzer Software
43 Fundamentals Logic Levels
44 Fundamentals Signal Transfer Rates
45 Fundamentals Logic Analysis
46 IX2400 Capturing and Identifying Logical Signals
47 W2150A Capturing and Identifying Logical Signals
48 Challenge Board Task Signal Recon
49 Challenge Board Solution Signal Recon, Capturing & Identifying Logical Signals
50 Summary of Signal Reconnaissance
Serial Reconnaissance
51 Welcome to Serial Reconnaissance
52 Essentials for Serial Recon USB-UART Interface
53 Essentials for Serial Recon Picocom
54 Fundamentals Introduction to Low Speed Serial Interfaces in Hardware Hacking
55 Fundamentals Introduction to UART
56 Fundamentals Introduction to SPI
57 IX2400 Establishing a Serial Connection
58 W2150A Establishing a Serial Connection
59 Challenge Board Task Serial Recon
60 Challenge Board Solution Serial Recon, Receiving the Bootlog
61 Summary of Serial Reconnaissance
Exploring the Boot Environment
62 Welcome to Exploring the Boot Environment
63 Fundamentals The Boot Environment
64 Fundamentals The Bootlog
65 IX2400 Bootlog Analysis
66 W2150A Bootlog Analysis
67 Challenge Board Task Bootlog Analysis
68 Challenge Board Solution Bootlog Analysis
69 Summary of Exploring the Boot Environment
Accessing the Bootmenu
70 Welcome to Accessing the Bootmenu
71 Essentials for Accessing the Bootmenu xdotool
72 Fundamentals Access to Bootmenu Command Line Interface Bootshell
73 Fundamentals Bootshell Commands
74 IX2400 Bootshell Access with Automated Keystrokes
75 IX2400 Enumerating Bootshell Commands
76 W2150A Bootshell Access with Hidden Debug Menu
77 W2150A Enumerating Bootshell Commands
78 Challenge Board Bootshell Access Task
79 Challenge Board Bootshell Access Hints
80 Challenge Board Bootshell Access Solution
81 Challenge Board Task Bootshell Command Enumeration
82 Challenge Board Solution Bootshell Command Enumeration
83 Summary of Accessing the Bootshell
Analysing Non-Volatile Flash Memory and Gaining Root Access
84 Welcome to Analysing Non-Volatile Flash Memory and Gaining Root Access
85 Essentials Strings and Grep
86 Essentials Xxd
87 Essentials Hexdump Cleanup Script
88 IX2400 Dumping the Non-Volatile Flash Memory via U-Boot
89 IX2400 Uncovering Root Credentials and Gaining Root Access
90 Accessing the Non-Volatile Flash Memory via Linux
91 Challenge Board Task Dumping Non-Volatile Flash Memory
92 Challenge Board Hint Dumping Non-Volatile Flash Memory
93 Challenge Board Solution Dumping Non-Volatile Flash Memory
94 Challenge Board Task Root Access
95 Challenge Board Solution Finding the Root Password and Gaining Root Access
96 Summary of Analysing Non-Volatile Flash Memory and Gaining Root Access
Obtaining Firmware Binaries
97 Welcome to Obtaining Firmware Binaries
98 Essentials Flash Programmer
99 Essentials Flashrom
100 Fundamentals Firmware for Industrial Embedded Systems
101 Fundamentals Extracting Firmware via USB
102 IX2400 Extracting the Firmware via USB Access
103 IX2400 Extracting the Firmware from the Flash Memory Chip via Flash Programmer
104 W2150A Finding Vulnerable Firmware via OSINT
105 Task Download Firmware for W2150A Using OSINT
106 Task Download Substitute Firmware for IX2400
107 Solution Download Substitute Firmware for IX2400
108 Summary of Obtaining Firmware Binaries
Introduction to Firmware Analysis
109 Welcome to Firmware Analysis
110 Essentials Binwalk
111 Essentials Firmwalker
112 Fundamentals Manual Inspection of Firmware for Industrial Embedded Systems
113 Entropy Analysis of IX2400 Firmware
114 Task Entropy Analysis of Firmware
115 Solution Entropy Analysis of Firmware
116 Firmware Structure Scan of IX2400
117 Task Firmware Structure Scan
118 Solution Firmware Structure Scan
119 Firmware Extraction of IX2400
120 Task Firmware Extraction
121 Solution Firmware Extraction
122 Automated IX2400 Firmware Analysis with Firmwalker
123 Task Analysis with Firmwalker
124 Solution Analysis with Firmwalker
125 Introduction to EMBA
126 Summary of Firmware Analysis
Closing
127 Recap, Goodbye and Happy Hacking!
128 Other Projects for Your Challenge Board
Resolve the captcha to access the links!