New “Hardware Hacking Training Kit” with Hardsploit !

Hello fellow Hardware Hackers,

It has been a long time since we published news about Hardsploit…but it’s for good reasons !

First, after a long period of sold out we have now pumped up (read industrialized) the creation process. Now end the time of “home made production” in order to improve quality control & quality of service 😉

Then, the modules. It’s a work in progress but Hardsploit will soon support multiplexed parallel memories. Stay tuned !

Finally, as requested by a huge amount of people, we have decided to change the way we sell Hardsploit. You can now buy it as a bundle with the Hardware Hacking Training Kit for IoT !

The bundle is composed of :

  • Hardsploit with the last attacks modules (see features)
  • The GUI, as alway, freely available
  • A training board, a vulnerable IoT we designed
    • It’s a complete vulnerable electronic lock you can use to learn how to audit most of IoT device
    • It’s the same training board we use during our official training in well-knowned security conference as Blackhat USA, BRUCON or HITB Singapore.
  • A training tutorial as a clear and concise pdf file with dozen of exercices
  • USB cable / Wires

The bundle will be sold at 700 € (VAT exluded)

We will open to sell soon . So, first training kits will be send over the beginning of September.

Don’t hesitate to pre order your Hardsploit Training kit by sending an email to sales@hardsploit.io,

Payment information: Only wire transfert payment for the moment.

 

Tutorial content

  • Electronic lock fingerprinting
  • Dumping memories content (with I²C, SPI)
  • Dumping MCU memory (SWD)
  • Electronic bus hacking Hands on

Tagged with: , , ,

Hardsploit New version of GUI, more functionalities..same hardware

Hello Hardsploit Community,

We just pushed a new version of the GUI : 2.4.0  (360 ko)

Newversion

It contains few news functionalities :

  • SPI sniffer
  • UART interaction with Baud rate auto detection
  • Few bug fixes

Installation procedure :https://github.com/serma-safety-security/hardsploit-gui/wiki/installation-procedure

and It works with the same Hardware !

Happy  IoT security audit…

Want to learn how to use Hardsploit ? Book a seat at next Brucon training (oct 2016)

Capture d’écran 2016-08-11 à 14.16.28

We have been selected to perform our Hardware Hacking training at next Brucon Sec conf

After the Sold Out Training @ Blackhat USA 2016, Opale security is back to Europe for another Hardware hacking training with Hardsploit @ Brucon 2016 in October !

With a Capture The Flag “hands on” dedicated included : Capture the Drone with style… 😉

More information : https://www.opale-security.com/opale-security-training-at-next-brucon-2016-hardware-hacking-for-fun-profit-with-hardsploit-book-your-seat-asap/

 

 

Blackhat USA 2016 Opale security Hardware Hacking training with Hardsploit is over !

IMG_1216

Please go to https://www.opale-security.com/blackhat-usa-2016-opale-security-hardware-hacking-training-is-over/ for more details and photos

 

New batch of Hardsploit boards in progress

Hello,

Too much success for the Hardsploit board , we are “out of stock” on the online shop !

Be patient , as our team is working hard to finish the last batch 

  • A lot of PCB received and a lot of Hardsploit Board nearly ready

PCBinplatic1

IMG_1196 (1)

IMG_1197

 

IMG_1201

 

 

 

 

Hardsploit @ next Cansecwest 2016 in Mars 2016

We are proud to announce that we will give a talk at next CansectWest conference in Vancouver (Canada) in March 2016

Hardsploit project : All-In-One Tool for Hardware Security Audit

I2C, JTAG, SPI, PARALLEL, UART – Today’s electronic devices, connected or not to the internet, integrate one or several chip that use these communication buses. Each of them have specific properties and technical differences, we need to know what data go through in order to perform efficient hardware audits. This paper will give an overview of today’s problematic for industrials and IT professionals to secure and audit products at the hardware level. For them, we provide Hardsploit, a dual software / hardware solution, a bridge between human and electronic components.

https://cansecwest.com/

CansecWest logo 2

New import (I²C / SPI) feature & create your own Hardsploit VHDL modules

Fellow Hardware Hackers, here are some fresh news about the Hardsploit project !

Hardsploit Talks:

As you may have seen, Hardsploit will be presented at:

  • Hack In The Box (HITB) – May 26 2016 10:45 am – 11:45 am – Amsterdam
  • NullCon – 11 / 12th March 2016 – Goa
  • (TRAINING) BlackHat – July 30 / 31 & August 1 / 2 – Mandala Bay / Las Vegas

It’s a good opportunity for us to meet the community and talk about Hardsploit or security in general. Don’t hesitate to catch us at these events !

Hardsploit update:

  • API / GUI

We have updated Hardsploit to add a new bus interaction: Import (I²C / SPI). You can now import the content of a file directly on your I²C or SPI targets, it’s easy as the export action.

We also have implemented a progress bar for the import / export actions to let you now when Hardsploit complete the task (and how long did it take)

The documentation is updated to include the new GUI (that was presented end of december) and this new import actions

If you find any bugs using it (we hope not of course 😉 ) you can alert us on the bug tracker or on github

  • Create your own Hardsploit VHDL modules

A feature that many of you asked for is live ! You have now the possibility to upload your own VHDL module in the Hardsploit FPGA. You can use the given template available on the Github we advise you to take a look at the readme to understand how it works. For any question related to this template contact us here.

hardsploit-template

  • Roadmap

We have updated the roadmap you can find it here, as always.

Hardware hacking training with HARDSPLOIT @ Next BlackHat USA 2016 : Book your seat ASAP !

Blackhatusa2016logo

We have been selected to perform our HARDWARE HACKING TRAINING WITH HARDSPLOIT FRAMEWORK at the next BlackHat USA 2016 , at the end of July in Las Vegas

https://www.blackhat.com/us-16/training/hardware-hacking-with-hardsploit-framework.html

Book your seat as soon as possible : https://blackhat.tech.ubm.com/usa/2016/?

Content

Tired of watching hardware products getting hacked every day without having your part of fun ? Don’t worry it will not be the case anymore! This training teaches you hardware hacking in its most pragmatic aspects by using both theory and practice (hands-on). It follows a simple (but efficient) training methodology based on a “Discover / Analyze / Attack & Protect” guideline that can be applied to any kind of hardware product (Internet of Insecure Things included). This course smartly mix methods and tools in order to give you all the necessary knowledge to be able to perform hardware security audits by yourself. The last part but not least our exclusive “Capture The Drone” hands-on to complete the training by practicing what you have learned in an attack/defense scenario featuring our favorite small flying things. Each student will receive a Hardsploit hardware hacking tool, with a value of 300 €

DSCN0471

MiniDrone

TrainingBoard

 

Agenda

MODULE 1: Hardware Hacking 101

  • Review of electronic basics, motivations for hardware hacking, brief history of hacking security talks
  • Hardware security vulnerabilities review, offensive & defensive aspects
  • Practical cases for hardware hacking analysis
  • Hands-on: Basic electronic components use & fingerprinting

MODULE 2: How to access to the hardware for hacking / audit purpose

  • Review of methods & tools to perform hardware security audits
  • Create your own audit plan, differences with software pentesting
  • Hands-on: Practice exercises with hardware auditing tools
  • Hands-on: How to acquire electronic signals, tools & demonstration

MODULE 3: How to access the software inside de hardware

  • Embedded system architecture presentation (Microcontroller, FPGA), direct access to the software via I/O interfaces (JTAG / SWD, I²C, SPI, UART, RF (ISM Band), etc.)
  • Hands-on: Firmware dumping trough different types of interfaces
  • Hands-on: Buffer overflow attacks on embedded system
  • DEMO: Power analysis attacks – Indirect access to the software or sensitive content via side channel attacks

MODULE 4: Complete hacking lab

  • Full hands-on session to apply practical case on our vulnerable embedded system
  • Identifying electronic components
  • Electronic signals acquisition
  • Bus signals interception and analysis
  • Modifying and dumping firmware via JTAG debug function (and other I/O access)
  • Fuzzing external interface to spot basic vulnerabilities in embedded system
  • Exploiting vulnerabilities during an hardware security audit

MODULE 5: How to protect your hardware products

  • Secure Design and Development Life Cycle (SDLC)
  • Review of hardware security best practices to limit the risks
  • Hands-on: Limit JTAG access, limit software vulnerabilities at embedded level
  • Review of protections against side channel attack (limit power analysis attacks)

MODULE 6: SDR Hacking

  • SDR hacking methodology (Software Defined Radio)
  • Tools of trade (GNURadio, hardware products, etc.)
  • Hands-on: How to hack a wireless protocol

MODULE 7: Fuzzing hardware devices

  • Fuzzing lab methodology
  • Hands-on: Create your own fuzzing lab
  • Hands-on: Hack a device using a fuzzing attacks

MODULE 8: CTD Capture The Drone

  • Attack / Defense practical scenario in team (Capture the Flag Mode)
  • Each team have a mini-drone.
  • Defend your drone and take down the other by using the tools and methods learned
  • The winning team is the one with the higher flying time

WHO SHOULD TAKE THIS COURSE

  • This course is intended for everyone having an interest in security aspects related to hardware products or embedded devices.
  • Electronic enthusiasts and professionals
  • IT security professionals

STUDENT REQUIREMENTS

We have prepared and updated this training to satisfy both beginners and advanced profiles. No prior electronics knowledge is required

WHAT STUDENTS SHOULD BRING

To complete this training, students will need to bring their laptop with:

  • Minimum 50 Gb free disk space
  • Virtualization solution (e.g VMWARE, Virtualbox)
  • Working USB port

We will provide all the software related part and the other tools.

WHAT STUDENTS WILL BE PROVIDED WITH

  • Full copy of the course
  • The vulnerable electronic board used during the course
  • One Hardsploit electronic board (see hardsploit.io)
  • Few more goodies

TRAINERS

Yann ALLAIN is the founder and current director of the OPALE SECURITY company (www.opale-security.com). He graduated from a computer and electronic engineering school (Polytech-Universite Pierre et Marie Curie). After a time in the electronic industry as an engineer in embedded system conception, he made a career move towards IT. He started as a production manager for a company in the financial sector (Private Banking), and evolved towards IT security when he became part of the ACCOR group. He was in charge of applicative security for the group. He has a 20 years experience, 16 of which dedicated to IT system and embedded system security. OPALE SECURITY deals with research projects linked, amongst other things to the security of embedded systems. We are the project leader of Hardsploit : a Framework like Metasploit but for Hardware Hacking (Hardsploit.io)

Julien Moinard, an electronics Engineer with a solid background in this field (over 8 years) associated with many personal and professional experiments in the field of Microcontrollers. Furthermore, he contributes to the Hardsploit project as a project leader. He is also a senior hardware Pentester in OPALE SECURITY and trainer for Hack In Paris

Hardsploit related talk at next NullCon 2016 at GOA (india) in Mars 2016

We are proud to announce that Julien Moinard (Hardware Pentester and Hardsploit Project leader at Opale Security) will give a talk at next NullCon conference in Goa (India) in March 2016

http://nullcon.net/website/nullcon-2016/speakers/julien-moinard.php

Hardsploit Project: An All-In-One Tool for Hardware Security Audits

logo

Opale Security talk at next Hack In the box conference with Hardsploit (May 2016, Amsterdam)

We are proud to announce our talk at next Hack In The Box conference in Amsterdam

http://conference.hitb.org/hitbsecconf2016ams/sessions/hardsploit-project-all-in-one-tool-for-hardware-security-audits/

Hardsploit Project: An All-In-One Tool for Hardware Security Audits

HITBSecConf-Banner

Top