Specialized Attacks: Hardware Product Testing

Focused View

Matthew Lloyd Davies

53:38

52 View

Exercise Files

specialized-attacks-hardware-product-testing.zip

Module 1 - Course Overview

1. Course Overview.mp4

01:17

Module 2 - Security Testing Hardware

1. Exploring Hardware Attacks.mp4

02:18

2. Identifying Hardware Components and Interfaces.mp4

04:29

3. Hardware Testing Tools.mp4

04:03

4. Identifying UART Serial Pins.mp4

03:32

Module 3 - Obtaining Firmware

1. The Path of Least Resistance.mp4

04:01

2. Demo - Do You Need to.mp4

03:55

3. Demo - Extract Over Serial.mp4

05:25

4. Demo - Dump from Flash Memory.mp4

02:46

5. Demo - Dump from Memory and TFTP Out.mp4

01:57

Module 4 - Analyzing Firmware

1. Analyzing Firmware.mp4

03:45

2. Carving Out File Systems and Cracking Passwords.mp4

04:23

3. Exploring Squashfs and Hunting Decryption Keys.mp4

04:40

4. Hunting for Vulnerabilities.mp4

02:51

Module 5 - Where Next

1. Keep Looking and Verify.mp4

02:12

2. Resources.mp4

02:04

Description

This course will teach you to access firmware, analyze it and then reverse engineer it to identify weaknesses and vulnerabilities in the device.

What You'll Learn?

Are you a pentester who wants to move on from network, application, and cloud testing? Are you an aspiring product tester who wants to advise clients on how to better protect a new device before it goes to market? Then this course is for you. In this course, Specialized Attacks: Hardware Product Testing, you’ll learn to obtain firmware and reverse engineer it to highlight weaknesses and vulnerabilities. First, you’ll explore the different ways to access a device’s firmware, ranging from searching the internet to extracting it directly from the device’s memory. Next, you’ll discover how to analyze a binary file to understand its structure and content. Finally, you’ll learn how to reverse engineer the firmware to identify sensitive information and software vulnerabilities. When you’re finished with this course, you’ll have the skills and knowledge to obtain, analyze, and reverse engineer firmware to identify hardware weaknesses and vulnerabilities in order to better protect them.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Ethical Hacking

Penetration Testing

Matthew Lloyd Davies

Instructor's Courses

With a background in Chemical Engineering and a career meandering through explosives safety research and accident investigation, Matt is now a Principal inspector and Deputy Professional Lead for Cyber Security and Information Assurance at the Office for Nuclear Regulation in the UK. For 11 years he has regulated nuclear safety and nuclear security across the whole of the UK’s nuclear estate and is currently responsible for regulating cyber security and information assurance across various parts of the nuclear fuel cycle. He is also responsible for developing ONR’s CS&IA regulatory capacity and capability and, as a GIAC certified penetration tester and incident handler, is the lead for technical assurance activities. Matt has planned and run national cyber security exercises that have simulated cyber-attacks against industrial control systems and has run projects to develop new and novel techniques for conducting assurance activities against industrial control systems.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.