Taking January Off

Taking January Off

After wrapping up a successful 2016, I had a unique opportunity to take January ‘off’. This doesn’t mean it was a vacation, but that I finally had the opportunity to do some much-needed catch-up and maintenance of training equipment.

Before I head out to deliver a training, I need to double check and re-flash most of the equipment before packing it and possibly shipping it. When traveling across customs borders, there’s additional steps to make sure all the equipment is properly exported/imported for re-export/re-import without accruing duties. I also usually have minor adjustments to lab manuals before printing and shipping them as well.

At the end of each training, I only inventory to make sure I have the components. I try to tag failing equipment to be checked out. I also leave each training with a lab manual full of notes on ways I can tweak or reword slides, diagrams and instructions to improve the class the next time around. Once the equipment arrives at home I double check any failures and replace them with spares if necessary. I also make any necessary edits to the manuals and slides.

I try to make time to add or rewrite a single lab in between each course which generally keeps thing sup to date. This doesn’t leave time to catch up on version updates for either tools or targets. Updating an operating system always changes things in tiny ways, and more often than not ends up causing changes to the lab instructions that go along with it.

So, January was a month of installing updates and new software - and then walking through every lab multiple times to update and sometimes completely rework it. Tablets are updated to windows 10 and linux 16.10. Laptops are on GalliumOS 2, which required a fresh install from the beta they were running. UMAP, OpenOCD, Flashrom and Chipsec all saw significant updates in the past year.

On top of all that, January was an opportunity to re-think power distribution and replace ALL of the AC adapters used for class with a single DC supply per group of students. In addition, I finally had the opportunity to convert SecuringHardware.com from wordpress to a static site built with Jekyll. Expect writeups on both these projects in the next few weeks.

Joe FitzPatrick

Written by

Joe (@securelyfitz) is an Instructor and Researcher at SecuringHardware.com. Joe has spent his carrer working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontroller. He has spent the past decade developing and leading hardware security-related training, instructing hundreds of security researchers, pen-testers, hardware validators worldwide. When not teaching classes on applied physical attacks, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.