Firmware Security Bootcamp

Practical block course on firmware security. Embedded devices are widely used in our daily life and there will be many more in the future. However, it is quite easy to manipulate these devices in many cases causing major threats for users and the entire Internet. E.g.: The Mirai Botnet infected millions of home routers and other devices. It used these devices to launch the biggest DDoS attack ever measured (until than) against a popular security blog. The firmware security bootcamp teaches the analysis and exploitation of firmware.

Organizational Information

  • Responsible:Prof. Dr.-Ing. Klaus Wehrle
  • Local Contact:Dr. Dirk Thißen (COMSYS), Dr. Martin Henze (Fraunhofer FKIE)
  • Organizers:Johannes vom Dorp (Fraunhofer FKIE), Eugen Winter (Fraunhofer FKIE)
  • Dates:Block course, 9th March - mid April 2020
  • Location:Fraunhofer FKIE, Zanderstraße 5, 53177 Bonn-Bad Godesberg
  • ETCS Credits: 6 ECTS for Bachelor students (Software-Projektpraktikum), 7 ECTS for Master students (Lab/Praktikum)
  • Registration (Limited Capacity!):here (before 23th February 2020)
  • Questions: Please contact Johannes and Eugen

Course Description

The Firmware Security Bootcamp is a block course during the lecture-free period in March/April. It is held at our cooperation partner Fraunhofer FKIE in Bonn-Bad Godesberg. Presence in Bonn is required for five full days for the crash course, 3 half days for lightning talks (TBA, likely the three Fridays following the crash course), and one (half) day for the graded final presentations (TBA, April or May 2020). The topics offered will mostly be supervised by staff members of Fraunhofer FKIE. The Firmware Security Bootcamp consists of three phases:

  1. Crash Course: In a one week crash course, the students get to know general principles of firmware analysis and exploitation. This includes many "hand ons" and real life examples.
  2. Lightning Talks: Each student will hold three short talks (lightning talks) concerning topics gathered from the lab phase.
  3. Lab Project: Afterwards the students each get a practical task such as implementing new plug-ins or improve existing plug-ins of the Firmware Analysis and Comparison Tool (FACT). The resulting work is intended to be published on GitHub as open source software that can be used by firmware security analysts all over the world.

FACT is an open source project intended to automate and simplify firmware analysis such that much more researchers can contribute to a higher security standard for embedded devices. It is part of Fraunhofer FKIE's research efforts and an actively maintained project.

Prerequisites

Skills in Python 3 and basic knowledge of the Linux command line are mandatory.

Registration

See above.

- Impressum -