Applied Physical Attacks... Online!

The new reality that we’re all adapting to means there will be big changes to how travel, events, and training works for the foreseeable future.

We’ve spent the past few months figuring out how to take hands-on hardware hacking training online, while still keeping the same level of quality instruction SecuringHardware.com is known for.

The first offering will be this August as one of Black Hat’s online trainings. If all goes well, other offerings will follow in the fall, and a self-paced version may be available.

Converting to an online remote format

In order to teach this class remotely, there were several challenges to overcome:

Keeping engaged in online classes

Delivering deep technical content is already a challenge. For in-person training, we try and stick to 30 minute lectures followed by 90 minute labs which works well. By presenting only the necessary information to set the context and get you started, the majority of the learning happens in the lab time, which has much higher retention than lecture material.

Online training needs to break this up into smaller blocks. The new class is based around 5 minute lectures and 20 minute labs. In addition, videos of each short lecture are available on demand so that you can revisit them as you work through the lab exercises.

Keeping attendees on track

One benefit to shorter labs is that there’s less room to get left behind. In addition to breaking the lab activities into smaller chunks, there’s a walk-through video of each lab available after completion.

Without the advantage of very distinct time set aside away from home and work, there’s a much larger risk of interruptions. The shorter modules should make it easier to stay on track, and the on-demand lectures should make it possible to catch up once distractions have subsided.

Keeping hardware working

When teaching a face to face class, it’s easy to pack several spare pieces of hardware. There are a bunch of changes to the course that help to avoid broken hardware and fix it if it happens:

  • Kits include a non-conductive mat for designating your work surface and helping you keep it clear
  • Target boards have been more robustly prepared for poking and probing
  • Probe clips are higher quality and less likely to bridge connections
  • Instructions are much more explicit about when to connect and disconnect power
  • Kits include a microscope to help instructors diagnose issues remotely
  • All hardware is tested before packing and shipping.
  • A spare router is included for emergencies.

Participating in Class

There will multiple portals used for the class - one for the course material, and one for the meeting portion, and an optional one for discussion

Course material

All materials, including supplemental lectures, labs, notes, and support files will all be hosted at http://learn.securinghardware.com. Bear with us, as we’ve focused on the material instead of the registration process:

  1. Visit http://learn.securinghardware.com/my-account/#login
  2. “Register an account” with the email you’d like to use for the class
  3. Email us letting us know your username and the MAC address of your router (found on the outside of the black box) to verify you’ve got your kit
  4. We’ll enable access to the course material about a week ahead of the class.
Meeting, Lecture, and Discussion

The meeting, lecture, and discussion portions will take place via video conferencing. For Black Hat, this will be via GoToTraining. Again, you’ll receive details via email.

Discussion Forum

You are welcome to visit the discussion forum for the course at http://discourse.securinghardware.com/my-account/#login

The forum is open to the public with no registration required unless you’d like to post. This is optional and not necessary for the class, but might be helpful for providing feedback and discussing techniques presented in class.

Class Equipment

After registering for the class, you’ll recieve a box containing most of the equipment for the class. In addition, there are a few things you’ll need to provide and prepare, incuding setting up your work computer

Kit unboxing

You’ll get a kit including most of the equipment you’ll need to use for class - hopefully well ahead of time. Feel free to open it and look inside, but please be careful and don’t start using the tools before our training - it would be unfortunate to have something break and be unavailable when it’s needed in class.

What You Need to Provide

There are a handful of things you will need to complete the class that aren’t included in the box:

  • Workspace for both your laptop and your target hardware
  • Reliable Internet access for the duration of the course
  • A computer with:
    • Ubuntu 20.04
    • 3 USB ports
    • 1 Ethernet port
    • Webcam (optional, but very helpful for remote debugging)
  • VMs and other operating systems may work but aren’t guaranteed and we won’t be able to help debug issues
  • A small phillips head screwdriver to install the multimeter battery
Laptop Setup

Again, a native install of Ubuntu 20.04 will be necessary. A fresh install is best, and we will add all the necessary tools and files as part of the course procedures.

Details for downloading and installing Ubuntu 20.04 are available on their website.

Registration

Black Hat Trainings will be held August 1-2 in an all-online format. Register Now.

Future plans

We’ll see how Black Hat goes - hopefully we’ll find out what we did right as well as what needs improvement. Soon after, we’ll make the call whether to offer additional synchronous trainings this fall, or to open it up to asynchronous self-paced study.

Once we realize what the new normal of travel and gatherings looks like, it is likely we’ll keep offering this introductory Applied Physical Attacks online, but resume teaching our advanced classes in-person.