Course Overview

Day 1:

We begin our journey by introducing the multimeter and exploring the fundamental electrical components found on a typical device. Participants will learn best practices for soldering and key considerations for safe work. You will navigate through datasheets and consume the required information without any effort. Together we start analyzing common protocols such as UART, SPI, and I²C. You will discover practical methods for identifying these interfaces and use a logic analyzer to observe the signal behavior in real time. Sniffing the protocol bus can reveal valuable insights, including sensitive information such as an encryption key (bitlocker).

We finish day one by diving into the debugging protocols SWD and JTAG. We will halt the execution of the chip and inspect and manipulate the memory during runtime.

Day 2:

The second day puts the focus on firmware extraction and privilege escalation up to root. We start with an overview of common storage types and learn how to dump less conventional ones. You will be able to reroute signal lines and extract the firmware while the chip remains in-circuit. This is a clean alternative to the desoldering approaches which is normally required. Afterwards we perform a deep dive into firmware analysis and learn how to deal with encrypted one. You'll also add a powerful arsenal of techniques to your toolkit, including glitching and memory attacks that give you the skills to break through the password protection of even the most hardened chips.

We close day two with modifying and backdooring a firmware which gives us persistent root access. This is very helpful especially for red- and blue teams.

Day 3:


The final day tackles two of the most empowering topics of this course. First, you will learn the concepts behind rebuilding virtually any protocol on a Raspberry Pi Pico using its PIO functionalities. This gives you the precise timing control required for performing side-channel and power-glitching attacks.

The second half brings LLMs into the workflow which crafts your tools. By having the knowledge of how things work, we can utilize the LLM to turn our Raspberry Pi Pico into nearly every analysis tool we require. We can start fuzzing radio protocols or extract the firmware from chips which normally requires expensive equipment. And even if the AI generates slop, we all know it will, you’ll have the foundational knowledge to fix it yourself. That's the difference between depending on a tool and commanding one.

If you’ve ever wanted an easy way into complex topics mentioned above, this is your opportunity. This course provides you hands-on learning experience that covers advanced attack techniques while remaining beginner-friendly. The result of more than ten years of frontline IoT hacking experience packed into three focused days.

Course Material

Participants will receive comprehensive training materials, including carefully prepared workbooks and over three hours of detailed solution videos. In addition, a dedicated wiki will be provided, offering supplementary information and resources on the relevant topics.

Hardware Kit

Besides this students also receive a hardware kit which is worth > 450 €

• This kit includes:

• Microscope

• Multimeter

• Opening-Kit (Screwdriver, Tweezers, etc.)

• Raspberry Pi Pico

• Logic Analyzer

• Buspirate rev5 (SPI / UART / I2C / etc.)

• Router

• IoT Camera

• PCBite kits (Sensepeek)

• Cables / Clips / Resistors / MOSFET / Breadboard etc.