This website uses cookies to make the offer more user-friendly and effective. Please agree to the use of cookies in order to be able to use all functions of the website.Further information

26 - 28 February 2019 // Nuremberg, Germany

Posting print layout

What information should be shown in the print layout?

Create print layout
Exhibitors & Products embedded world 2018
Zoom product LOGO_Product Embedded System Security Training

Product Embedded System Security Training

LOGO_Product Embedded System Security Training

Product Embedded System Security Training

Request information Request information

Contact us

Please enter your personal information and desired appointment. You can also leave us a message.

Your personal information

Your message for us

Desired appointment during the exhibition

* Compulsory fields you must fill in.
Your message has been sent.

You do not have a registration yet? Register now and use all advantages of the Exhibitor Database.

An error has occurred.

Riscure offers a four day hands-on course covering the most relevant attacks for embedded systems. This is a foundation course recommended for anyone interested in security from a system level perspective. The main focus of the course is hardware attacks, providing a  solid primer for both our course series; software security:  Reverse Engineering, Vulnerability Identification and Software Exploitation, and hardware security: Fault Injection and Side Channel Analysis. 

The concepts taught in this course are applicable to a wide range of COTS (Commercial off the Shelf) products such as gaming consoles, IP cameras, routers, diverse IoT devices, but also automotive ECU (Electronic Control Units).

Through a series of practical exercises you learn how to identify relevant assets and how to discover the most likely attack paths. Your primary target is a WiFi router. You refine your attack path, by discovering tooling available to an attacker and how these tools can be used to compromise assets on your primary target.   You put your new knowledge and skills to use when we discuss available defense mechanisms such as secure boot, encryption, special hardware and their cost.  Finally,  you  can put your new knowledge and skills to the test; you  attack a different target - an IP camera - and afterwards discuss defense strategies. 

During the training course, by means of hands-on exercises, you will:

  • Learn to identify relevant assets on your embedded systems (define assets and attack paths for different attacker profiles)
  • Build best practices for securing embedded systems (how to defend them)
  • Have the ability to prioritize your defence according to risk, time, cost, surface, etc.  in a way that goes beyond checklists

Perform a guided attack on the first embedded system target and practise your new knowledge and skills on a second different embedded system. After the training you can take home this second


Day 1. Let’s get started

Typically everyone has its own answer to the question “what is an embedded system? “, therefore, first we level the field before diving into the details.  Next, we introduce the concept of assets by example (e.g. keys, memory content and firmware,), present a methodology for discovering attack paths and learn about attacker’s profile.

During the second half of the day, we discuss the typical components present on an embedded system and in particular on your practice target (the WiFi router) and gather information to prepare for the attack phase.

Day 2. Interfaces and tooling

We go through the tooling available to an attacker and use these tools to identify the basic components present on your first target.  To consolidate knowledge you practice using the tools on your target board, your tasked with using them initially for simple tasks such as identifying signals (e.g. VCC and GND),

In the second half of the day you learn about the interfaces available to an adversary (UART, I2C, SPI and JTAG). Sometimes these interfaces can be tricky to identify, as you can experience during a practical exercise on your target board.

Day 3. More tooling and defense mechanisms

We continue exploring interfaces such as 1-Wire, CAN-bus and briefly discuss typical network and logical interfaces (USB and Ethernet/WiFi).  During the practical assignments you use the oscilloscope and learn how to extract information from signals. Finally we dump the firmware and use software tools (such as vbindiff and binwalk) to extract interesting information.

During the second half of the day we put on the developer hat and discuss options available for defense at three different system levels: hardware (e.g. glues, seals and locks), architecture/design (e.g. OTP memory) and software (e.g. encryption and obfuscation). 

Day 4. Putting it all together

During the last day you apply all the knowledge and skills you learned in the last three days on a different embedded system target. This exercise is useful to consolidate your knowledge but also to expose you to a new environment. The exercise has two parts: after learning as much as possible about your new target, first, you plan an attack strategy and second, you put back the developer hat and discuss appropriate defense mechanisms.  You can take the target home and continue learning.

Which tools will we be using?

Hardware tools (a selection)

Bus pirate

Oscilloscope and multimeter

Logic analyzer

Software tools (a selection)

JTAG tools (e.g. Open OCD+GDB)

Binary exploration tools (e.g. vbindiff, binwalk, …)

Linux command line tools (xxd, strings, …)



Inspector SCA, FI and HPA

LOGO_Inspector SCA, FI and HPA

The selected entry has been placed in your favourites!

If you register you can save your favourites permanently and access all entries even when underway – via laptop or tablet.

You can register an account here to save your settings in the Exhibitors and Products Database and as well as in the Supporting Programme.The registration is not for the TicketShop and ExhibitorShop.

Register now

Your advantages at a glance:

  • Advantage Save your favourites permanently. Use the instant access to exhibitors or products saved – mobile too, anytime and anywhere – incl. memo function.
  • Advantage The optional newsletter gives you regular up-to-date information about new exhibitors and products – matched to your interests.
  • Advantage Call up your favourites mobile too! Simply log in and access them at anytime.