Cybersecurity Workshops

General Overview

Stay ahead in the evolving automotive landscape with our cybersecurity workshops, designed to empower you with practical, hands-on skills and insights into embedded and vehicle security. Explore the fundamentals of automotive protocols, ECUs, and attack surface identification. Learn cutting-edge techniques in hacking real cars, from firmware reverse engineering to OEM design philosophies. Our automotive cybersecurity training covers CAN communication, firmware dumping, vulnerability assessment, and automation strategies for network and system security assessments. Fully customizable, our workshops ensure you gain the expertise to safeguard interconnected vehicles against emerging cyber threats.

data sheet
contact us
Alt_cybersecurity_workshops

Outline

  • Attack Surface Identification: Learn to pinpoint vulnerabilities on Electronic Control Units (ECUs) for effective security assessments
  • Low-Level CAN Communication: Understand the intricacies of CAN communication and vulnerabilities at the protocol’s foundational level
  • Vehicle Architecture Overview: Gain insights into prevalent vehicle architectures and network topologies for comprehensive understanding
  • Relevant Protocols Mastery: Acquire knowledge about essential protocols utilized in contemporary vehicles for targeted security analyses
  • Hands-On Network Scanning: Engage in practical automotive network scans to identify potential vulnerabilities and weaknesses
  • Diagnostic Protocol Exploitation: Explore techniques to attack diagnostic protocols, including firmware dumping and reverse engineering for in-depth analysis
  • Security Access Breaching: Break through security access mechanisms deployed in modern vehicles to assess system vulnerabilities effectively
  • Immobilizer Basics: Get an overview about current immobilizer systems
  • Forensics: Training in data acquisition and analysis for incident response and forensic investigations
  • Bring Your Own ECU: Participants are welcome to bring their own control unit – we’ll integrate it into the training and tailor the exercises accordingly
  • Automotive Ethernet Expertise: Benefit from in-house specialization in Automotive Ethernet security testing, supported even by dedicated tooling (dissecto HydraLink)

Applications

  • Embedded Systems
  • Automotive Systems
  • Industrial Systems
  • Aviation & Aerospace Systems
  • Maritime Systems
  • Defense Systems
  • IoT (Internet of Things) Devices

Syllabus

  1. Fundamentals of vehicular networks & protocols
  2. Controller Area Networks: Explore low-level attacks, utilize Scapy CAN layer, understand DBC file format, investigate Man-in-the-Middle (MITM) attacks, implement AUTOSAR SecOC security mechanisms, and employ fuzzing techniques
  3. ISOTP: Understand the basics, investigate Man-in-the-Middle (MITM) attacks, and perform network scanning
  4. UDS / GMLAN: Utilize UDS and GMLAN in Scapy, manage Security Access, and conduct Network Scanning
  5. DoIP / HSFZ: Delve into the basics of protocols, implement DoIP and HSFZ in Scapy, and gain proficiency in their handling using relevant tools
  6. SOME/IP: Familiarize yourself with the basics of SOME/IP and explore associated tools for implementation and analysis.
  7. CCP / XCP / OBD2: Understand the fundamentals of CCP (CAN Calibration Protocol), XCP (Universal Measurement and Calibration Protocol), and OBD2 (On-Board Diagnostics) for vehicle diagnostics and communication
  1. OEM-specific knowledge: Dive into attacks on vehicles, explore security access implementations and update processes, gain an overview of OEM-specific tools, and understand electronic immobilizers in automotive systems.
  2. Reverse Engineering & Hardware Analysis: Identify hardware interfaces and understand fundamentals of JTAG/SWD; extract firmware from embedded systems; work with processor architectures, memory maps, interrupt vector tables, and peripheral modules; utilize Ghidra for binary analysis; decode automotive protocols (e.g., UDS), interpret security access algorithms, and reverse engineer bootloaders, flashloaders, and AUTOSAR-based state machines.
  3. Automotive Ethernet Security Testing: Explore Ethernet-based ECU communication, including IP discovery, VLAN configuration, SOME/IP and AUTOSAR traffic analysis, DoIP-based diagnostic interactions, certificate testing workflows, and hands-on vulnerability assessment using tools such as Scapy, Wireshark, nmap, testssl.sh, and dissecto HydraLink.

Exercise Environment

Physical ECU: Various ECUs will be brought on-site for training in hardware reverse engineering as well as handling. Available Manufacturers: BMW, VW, Opel, Tesla, Mercedes, Audi. Available ECU-Types: Body Domain Controllers, Gateway ECUs, Telematics ECUs, Airbag ECUs, Dashboard ECUs, Immobilizer ECUs

Remote ECU: The remote system facilitates the handling of the ECUs by avoiding wiring efforts.

Virtualized vehicle: By simulating a vehicle and CAN messages while driving, participants can learn how to handle and manipulate low-level CAN messages

Virtualized ECU: A modified digital twin of a real ECU, which includes various IT security exercises that can be performed by the participants independently