Formations

RF Hacking with SDR for physical intrusion systems

In this 3-day live and interactive training, students will learn about Software-Defined Radio applied to security, and will get survival reflexes and methods to test real-world radio devices such as intercoms, alarms, various remotes and other IoT systems.

Comparing to other courses that teach how to use public tools, this class is more about understanding how these tools work and also how to build proper tools to analyze and attack targeted systems.

All techniques here will demonstrate real uses-cases encountered in pentests and Red Teams, but also techniques that aim to be applied to future systems, by teaching important steps when dealing with unknown targets.

What the class will teach

With this class students will learn how to find interesting radio-communications and ways to attack targeted systems:

  • Learn how radio works and about actual technologies using this interface
  • Find and analyze a signal
  • Modulate and demodulate a signal
  • Encode and decode data meant to be transported over-the-air
  • Capture, generate, replay and analyze a signal
  • Interface with a signal using SDR devices and software
  • Get primary reflexes to attack embedded and IoT systems
  • Create your own tools with the GNU Radio framework and its alternatives
  • Learn how to use SDR and classical attacks on mobile 2G/3G/4G, sub-GHz remotes/alarms, and other similar or custom technologies

Day 1 - RF preliminaries

Day 1 is an introduction to radio that will help students to learn it’s concepts and the techniques used today to receive and transmit signals, but also the constraints that we have to deal with in heterogeneous environments:

  • Introduction to radio
    • History, evolution, and EU regulations
    • Radio waves
    • Digital Signal Processing
    • Software-Defined Radio
    • Antennas
    • Amplifiers and connectors
  • Software-Defined Radio devices
    • Specifications
    • How to choose them
    • Few tips and hacks
  • Observations
    • Waterfall and spectrum analyzers
    • Signal identification
    • Modulation/Demodulation
    • Encoding/Decoding
  • Faraday cages and how to design a very cheap one
  • Use of attenuators and software gain parameters

Day 2 - Hands-on radio

Day 2 will put the student in the playground of the Software-Defined Radio, where every idea can be written on a software to be simulated, and then concretized to realize receivers and transmitters depending on the chosen hardware limitations:

  • Introduction du GNU Radio
  • Software-Defined Radio processing in the chain
  • Practice with GNU Radio Companion
    • Block schemas
    • Parameters
    • Generators
    • Sinks and sources
    • Operators
    • Simulations
    • Modules
    • Executing a block in a real SDR device
    • Listening to simple AM and FM signals
    • Transferring a simple signal
    • Optimizing samples processing
    • Features to process samples
  • Investigation and handy tools
  • Alternative to GNU Radio

Day 3 - Attacking physical intrusion systems

Day 3 resumes and applies previous chapters to study physical intrusion systems and brings useful tricks for Red Team tests as well as pentests:

  • Common sub-GHz Remotes
    • Introduction
    • Capturing data
    • Replaying saved samples
    • Analyzing samples (manually and with powerful tools)
    • Rolling codes security
  • Devices using the mobile network (2G/3G/4G)
    • Introduction
    • Monitoring
    • Mobile security
    • Existing tools
    • Interception techniques
    • Our feedback in missions
    • Tooling with GNU Radio
  • Attacking Custom devices
    • Introduction
    • Identification (looking at device’s references, components, etc.)
    • Sniffing signals
    • Decoding signals
  • Introduction to hardware hacking

Additional/custom content (for Private trainings only)

Content of private trainings can be arranged depeding of your needs. As PentHertz is specialized the RF fields we also provide additional content as follows:

  • GPS: decoy attacks, limits and defenses
  • Bluetooth: attacks, fuzzing and defenses
  • Wi-Fi: attacking the differents protocols, fuzzing the protocol stack and analysing the radio signal
  • RFID/NFC: additional content and advanced techniques with SDR
  • Hardware: additional content in hardware and practice to attack embedded systems
  • etc.

In case you prefer a tailored trainings that fits your needs, please contact us with the following email: trainings@penthertz.com.

Class requirement

  • Knowledge of Linux and a programming language such as C, C++, C# or Python is necessary.
  • Understanding of pentesting (network and applications) or Red teaming
  • All attendees will need to bring a laptop capable of running VMware virtual machine (8GB of RAM is a minimum)
  • Basic knowledge of radio is not mandatory but is a plus
  • For live training: a microphone or a headset to interact during the course

Skills development

PentHertz is a consultancy firm, but also a training center registered in France under the number #11922328592. The company delivers a certificate at the end of a training to award attendees after the successful completion of the taken program.


Main differences with the full-course training

  • A sufficient course to introduce and practice offensive RF hacking with Software-Defined radio
  • This course focuses mostly on physical intrusions system targets compared to the full-course that deals with a wider spectrum
  • One transceiver is given to students to let them practice at home
  • Less GNU Radio programming content than in the full-course

Details of the full-course

Informations

  • RF Hacking with SDR for physical intrusion systems
  • Radio-logicielle, Sécurité
  • 3 days
  • Oui
  • Sébastien Dudek
  • 3 jours de formation interactifs, 1 transceiver TX/RX, et un accès illimité aux ressources mises à jour
  • Vous avez envie de plus de contenu ? (Wi-Fi, GPS, plus de RFID/NFC, d'attaques Hardware, etc.) Vous pouvez en faire la demande simplement pour les formations privés
  • Voir tableau ci-dessous
  • trainings@penthertz.com

Offres (prix HT sans TVA à 20% en France)

Formation privée à distance - 1 seule personne


2 400€ pour seule personne
Formation à distance
3 jours de formation
Obtention d'un certificat d'achèvement
1 transceiver TR/RX Full-duplex inclus
Ressources: slides, flowgraphs + scripts et captures
Accès illimité aux ressources mises à jour
Possibilité d'adapter le contenu
Demander un devis

Formation à distance - tarif groupe


2 100€ par participant
Formation à distance
3 jours de formation
Obtention d'un certificat d'achèvement
Capacité : 15 participants
1 transceiver TR/RX Full-duplex inclu
Ressources : slides, flowgraphs + scripts et captures
Accès illimité aux ressources mises à jour
Possibilité d'adapter le contenu
Réduction appliquée par rapport au nombre de participants !
Demander un devis

Formation privée


Dans le monde entier
3 jours de formation
Obtention d'un certificat d'achèvement
1 transceiver TR/RX Full-duplex inclu
Ressources : slides, flowgraphs + scripts et captures
Accès illimité aux ressources mises à jour
(Optionnel) Organisation complète : réservation de salle, déjeuner, café, petites bouchées, etc.
Possibilité d'adapter le contenu
Réduction appliquée par rapport au nombre de participant !
Demander un devis

Formation en conférence


3 jours de formation
1 transceiver TR/RX Full-duplex inclu
Ressources : slides, flowgraphs + scripts et captures
Accès illimité aux ressources mises à jour
Tout est organisé par l'évènement
Pas d'adaptation possible
Restez à l'écoute sur Twitter ou sur notre site!