RomHack
Buy tickets
RomHack
RomHack Training

1337 Offensive Hardware Hacking Training

Luca Bongiorni

BUY NOW

Dates

September 28 – October 1, 2026

9:00 – 18:00

FULL PRICE

€ 4.000,00

EARLY BIRD PRICE

€ 3.600,00

Course objectives

This course is aimed at students who have some experience with AppSec, Linux OS & Pentesting, but want to learn more about Electronics, (De)Soldering components, Reversing Circuits, Attacking Embedded & IoT Devices, etc.

If you are comfortable using a Linux Shell and know how to use a screwdriver, you should have the background knowledge required for this course.

Top Takeaways students will learn:

  • Jump into the marvelous world of Hardware Hacking and get ready for your first professional IoT and Embedded security audits, researches or 0days bughunts.
  • Very Technically-Oriented Hands-on Exercises (because getting your hands dirty with real stuff, is better than just reading a book)
  • Learn a variety of tricks & TTPs that will make your life easier during a security audit against IoT/Embedded devices.
  • Learn the basics behind: Electronics, MIPS/ARM Architectures Emulation, Reverse Engineering PCBs, dumping eMMC/NAND/NOR memories, how to hunt & use: BootStrap Pins & Debugging Protocols, etc.
  • Learn how to properly design and threat model a Secure IoT product.

Training outcomes

This course is an unique opportunity to enhance the skills of InfoSec professionals that are going to be involved in engagements or applied researches involving unusual devices: IoT appliances, hardware implants, ATM skimmers,  smart devices, Industrial IoT gateways/sensors, etc.

ABOUT THE TRAINING:

  • Go from Zero to Hardware Hacking Hero while Building Your Own Hacking Lab! (You will receive a Printed Workbook of 200 pages, a cool Hardware Hacking Kit worth 300EUR, a 64GB Flash-Drive containing: NdujaOS and 350 Slides of the course)
  • A full hands-on workshop with more than 40 Practical Lab Exercises! 
  • Course Slides covering multiple topics (eMMC, NAND, UART, I2C, JTAG, SPI, SWD, Fault Injection Attacks, Electronics, PCB Reverse Engineering, Exotic Exploitation TTPs, etc.)
  • Get your hands on the WHID’s Challenge Coin* and certification* that will grant you the title of Certified Hardware Hacker (*once passed the exam).

ABOUT CH2 (Certified Hardware Hacker) certification:

  • One Free Exam Attempt Included (valid for 1 year from the day of the order) 
  • Not Expiring Certification
  • No Renewal Fees
  • 45/60 Minutes Video Call Exam (about training material, exercises & homework)

For more info, check the following videos:

[1] https://www.youtube.com/watch?v=zbUuBZJIHkE

[2] https://www.youtube.com/watch?v=VpHBMELQmnk

 

About the trainer

Luca Bongiorni is working as Director of a CyberSecurity Lab and founder of WHID – We Hack In Digsuise (www.whid.ninja). Luca is also actively involved in InfoSec where his main fields of research are: Radio Networks, Hardware Hacking, Internet of Things, and Physical Security. He also loves to share his knowledge and present some cool projects at security conferences around the globe: BlackHat Europe & USA, TROOPERS, HackInParis, DEFCON, HackInBo, RomHack, Defcon Moscow, OWASP Chapters, Security Analyst Summit, etc. At the moment, he is focusing his researches on bypassing biometric access control systems, IIoT Security & Forensics, Air-Gapped Environments and IoOT (Internet of Offensive Things).

Required skills

Basic knowledge of Linux OS, bash scripting & python, exposure to OWASP terminology. No specific knowledge of Electronics is required! We will teach you all you need! 

What to bring?

Students must bring their own laptop with VMware Workstation (MANDATORY). Local Administrative privileges to the host laptop may be required to ensure proper virtual machine functionality (this is absolutely required. If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different system).VM images will be provided to students; a minimum of 100GB free disk space is required. The laptop must have with a RJ45 connector and at least 2 USB-A ports (or an external docking station with USB-A ports and RJ45). Would be also beneficial the possibility to load a Linux LiveOS from USB flashdrive. You must be able to access your system’s BIOS throughout the class. If your BIOS is password-protected, you must have the password. Note: Apple computers are heavily discouraged due to their instability in running x64 VMs.

What will be provided?

  • A dedicated vulnerable WiFi CPE Router for practical hands-on exercises (to bring home after the class)
  • A hardware hacking soldering Kit (to bring home after the class)
  • Hardware Tools for hands-on: Multimeter, SOC-8/16 sockets clips, SPI Flash chips, Logic Analyzer, Micro Probes, multi-protocol JTAG/UART/SPI/I2C detector and analyzer, etc. (to bring home after the class)
  • Training material (to bring home after the class) : 
    • Slides, Scripts, Tools, etc. 
    • A BRUSCHETTA-Board (A multi-purpose programmer and memory dumper that supports Multi-Logic-Levels protocols: JTAG, SWD, UART, SPI, I2C) 
    • A paper workbook with more than 40 walkthrough exercises and valuable tips
    • A 64GB USB 3.0 flashdrive with NdujaOS: A Live distro Fully Customized for Hardware Hacking
    • A free voucher to attempt the exam for the CH2 (Certified Hardware Hacker) certification
  • Each student is also entitled to receive the framed certificate and the Challenge Coin (with an unique serial number for each student) to show with pride you attended this course, ONLY after passing the exam.
CLASS SYLLABUS¹
  1. Training Takeaways
  2. Training Description, Expectations & Certification
  3. Nowadays
    a. IoT Landscape
    b. OWASP IoT Top 10
    c. OWASP ISVS
    d. CWE Most Important Hardware Weaknesses
  4. Electronics 101
    a. Anti Tampering Screws
    b. Common Components
    c. Electrical Templates & Symbols
    d. Reference Designators
    e. Footprints
    f. Training’s Kit Overview
    g. [De, Re]-Soldering Techniques + PRACTICAL EXERCISES
  5. Hardware Hacking Lab Instrumentation Review
  6. Training’s Target
    a. CPE – WiFi Router
    b. Pentest Dropbox
    c. IoT Intrusion Detection System
  7. Embedded Linux Architecture
    a. Microcontroller (MCU)
    b. Microprocessor
    c. Types of Architectures
  8. Main Components of Embedded Linux
    a. Bootloader
    b. Boot-Sequence
    c. Kernel
    d. Embedded File Systems (CRAMFS, JFFS2, UBIFS, etc.) + PRACTICAL EXERCISES
  9. Hardware Security Testing Workflow
    a. Attack Surface Mapping & Threat Modeling + PRACTICAL EXERCISES
    b. Passive Recon (BEFORE Opening/Turning-Off the device) + PRACTICAL EXERCISES
    c. Active Recon (Teardown, Sniffing & Probing) + PRACTICAL EXERCISES
  10. The Good, The Bad & The Ugly & Co.
    a. UART + PRACTICAL EXERCISES
    b. SPI + PRACTICAL EXERCISES
    c. JTAG + PRACTICAL EXERCISES
    d. SWD
    e. I2C
    f. NAND + PRACTICAL EXERCISES
    g. *MMC
  11. Connecting to Debugging Ports
    a. UART + PRACTICAL EXERCISES
    b. JTAG + PRACTICAL EXERCISES
    c. SWD
    d. Proprietary Protocols
  12. Dumping Firmware
    a. Through UART + PRACTICAL EXERCISES
    b. Through JTAG + PRACTICAL EXERCISES
    c. Physical Dump + PRACTICAL EXERCISES
    d. Extracting Firmware from Microcontrollers’ onboard flash memory
    e. Intro to Side Channel & Fault Injection Attacks
  13. Firmware Analysis
    a. FW Identification & Decryption + PRACTICAL EXERCISES
    b. FW Extraction + PRACTICAL EXERCISES
    c. Dynamic Analysis + PRACTICAL EXERCISES
    d. File System Analysis + PRACTICAL EXERCISES
  14. Reporting & Presentation
    a. CVSS Scoring System improvement for IoT Vulns
  15. Conclusion and Final Recommendations for the Exam
1    Schedule of lectures on the specified days may be subject to changes
BUY NOW
Buy tickets