|09 May||Monday||0900-17:00 CEST/GMT+2||8 Hours – Presentations & Hands-on exercises|
|10 May||Tuesday||0900-17:00 CEST/GMT+2||8 Hours – Presentations & Hands-on exercises|
|11 May||Wednesday||0900-17:00 CEST/GMT+2||8 Hours – Presentations & Hands-on exercises|
|12 May||Thursday||0900-17:00 CEST/GMT+2||8 Hours – Presentation & Hands-on exercise|
Your journey starts with achieving a comprehensive understanding of Secure Boot. You will learn how hardware and software are used to assure the integrity and confidentiality of the software of an embedded device. You will then use this understanding for identifying interesting vulnerabilities across the entire Secure Boot attack surface. You will be challenged to exploit these vulnerabilities using multiple realistic scenarios.
All vulnerabilities are identified and exploited on our custom emulated attack platform, implementing different Secure Boot implementations on a system with a ARMv8 (AArch64) processor architecture.
Do no worry if your reverse engineering or exploiting skills are rusty or non-existing. You do not need to be an software security expert nor do we aim to make you one. You will be guided towards an unexpected range of Secure Boot-specific attack vectors and vulnerabilities, which may be leveraged for novel and creative exploits, allowing you to refine your skills to a new level.
During the training we will provide you the following:
We will also provide you everything you need to continue with the training after it has finished:
This BootPwn experience will be given in a hybrid format where trainees are able to join in-person and online at the same time.
For both options, we make sure the trainees can continue with the training after it has ended.
Niek Timmers (@tieknimmers) is a security researcher at Raelize providing support for developing, analyzing and testing the security of embedded devices. He has been analyzing and testing the security of devices for over a decade. Usually his interest is sparked by technologies where the hardware is fundamentally present. He shared his research on topics like Secure Boot and Fault Injection at various conferences like Black Hat, Bluehat, HITB, hardwear.io. and NULLCON.
What students say about his training:
"I really enjoyed the hands-on experience. It was awesome."
"Learned a lot! The course system is exceptional;, I have not seen anything like it.."
"I think this was a pretty good experience, lots of breadth covered. Appreciate the exercises, think this gives me a lot of confidence in trying to explore boot-time stuff further. 10/10."
"I really enjoyed the training. I had a lot of fun with exercises, and I learned new approaches to several problems!"
"I learned a lot and my expectations new fully met. Thanks!."