Bridging the GAP: Hands-On Embedded Hardware Hacking - Praetorian's Aaron Wasserman, Garrett Freibott & Will McCardell - DCTLV2026

Name of Training: Bridging the GAP: Hands-On Embedded Hardware Hacking
Trainer(s): Praetorian's Aaron Wasserman, Garrett Freibott, Will McCardell 
Dates: August 10-11, 2026
Time: 8:00 am to 5:00 pm 
Venue: Las Vegas Convention Center
Cost: $2,000 (USD)

Short Summary:

This hands-on course bridges the gap between security and hardware, teaching security professionals and hacking enthusiasts who want to build a foundation in hardware and embedded systems security how to assess and exploit vulnerabilities in embedded devices. This training progresses from hardware fundamentals and exploitation through firmware analysis and Bluetooth Low Energy (BLE) security testing.

Course Description:

Dive into the exciting world of embedded hardware hacking! This comprehensive hands-on training is designed for security professionals and hacking enthusiasts who want to understand embedded systems and IoT device security but lack prior hardware experience. The course bridges the gap between traditional security knowledge and hardware security paradigms, teaching participants how to approach circuit boards, hardware interfaces, embedded firmware, and Bluetooth Low Energy (BLE) with a security mindset. Whether you're a product security engineer working alongside hardware teams, a penetration tester looking to expand into embedded systems and IoT devices, or a security researcher who wants to formalize and solidify your hardware skills, this course provides the essential skills and methodology needed for effective embedded hardware security assessments from an offensive perspective.

Over two intensive days, students progress from fundamental hardware concepts through practical exploitation techniques, including UART/SPI protocol sniffing and exploitation, JTAG/SWD debugging, firmware manipulation, and Bluetooth Low Energy (BLE) security testing. Each module combines the theory to understand the technology with extensive hands-on exercises using real hardware and industry-standard tools. By the end of the course, participants will have the confidence and practical skills to independently assess embedded devices and IoT products. All necessary hardware and tools in the learning kit (valued at ~$400) are provided and yours to keep for continued learning.

Course Outline: 

Day 1: Hardware Fundamentals and Protocol Exploitation 

• Agenda and Setup (20 minutes)
  • Instructor and participant introductions, lab setup, learning objectives, safety protocols
•  Introduction (30 minutes)
  • Ice breaker and impact discussion
  • History of embedded/hardware/IoT security
•  Electricity and Hardware Overview (75 minutes)
  • Reading circuit boards, electricity fundamentals, component identification
  • EXERCISE: Multimeter practical exercises
    
•  Interface Discovery (45 minutes)
  • Physical interface identification techniques
  • EXERCISE: Pin identification and dev board analysis
•  UART Theory and Exploitation (120 minutes)
  • UART fundamentals
  • EXERCISE: Logic analyzer setup and passive UART sniffing
  • UART exploitation techniques
  • EXERCISE: Practical UART interaction - limited shell access and pinout/baud rate determination
  • TTL, RS-232, RS-485
•  SPI Theory and Exploitation (90 minutes)
  • SPI protocol fundamentals
  • EXERCISE: SPI logic analyzer passive interception
  • SPI security testing
  • EXERCISE: Flash memory dumping and tampering
  • I2C protocol comparison
•  Introduction to Debug Interfaces (10 minutes)
• SWD Theory (20 minutes)
  • ARM Serial Wire Debug overview, basic operations
•  JTAG Theory (30 minutes)
  • JTAG overview and state machine, debug features, bypass techniques
•  Day 1 Conclusions (10 minutes)
  • Learning objective review, Q&A, next day preparation

Day 2: Debug Interfaces, Advanced Attacks, Firmware Analysis, Bluetooth Low Energy 

• Morning Recap and Reintroduction (15 minutes)
  • Quick review of Day 1 content, lab setup, Day 2 objectives
•  Debug Interface (SWD/JTAG) Exploitation (135 minutes)
  • Interacting with JTAG/SWD, hardware and software tools comparison
  • EXERCISE: SWD memory dumping
  • EXERCISE: JTAG memory dumping
  • EXERCISE: Determining unknown JTAG pinout
  • EXERCISE: UART authentication bypass using JTAG
  • Authentication bypass techniques and case studies
•  Discussion of Advanced Hardware Attacks (55 minutes)
  • Fault injection techniques (voltage glitching, EMFI, laser, clock)
  • Side channel analysis (EM, power)
  • Real-world applications and case studies
•  Firmware Analysis and Tampering (70 minutes)
  • Extraction methodologies, filesystem analysis
  • Firmware manipulation and backdooring
  • Reflashing techniques and verification
  • System emulation overview
•  Bluetooth Low Energy (BLE) Theory (60 minutes)
  • BLE architecture, protocol stack layers, connection establishment
  • BLE security considerations
•  BLE Lab Setup and CTF (100 minutes)
  • Hardware and software tools overview
  • BLE attack surface
  • CTF EXERCISES: Challenges 1-17 (progressive difficulty challenges)
•  Bonus Activities (Variable Duration)
  • As students complete the BLE CTF challenges, additional hardware and activities are available to further apply and test the skills learned throughout the course. These bonus activities inspire continued learning and research in embedded systems security.
•  Course Conclusion (15 minutes)
  • Secure implementation practices, security gap analysis, professional development, course wrap-up

Difficulty Level:

Beginner to Intermediate

Beginner Definition - The student has an interest in the topic presented and general technology knowledge that a power user or undergraduate student may have acquired.

Intermediate Definition - The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic.

Suggested Prerequisites:

This course welcomes both security professionals and hacking enthusiasts wanting to expand their skillsets into hardware security. The course is primarily designed for those learning hardware (not those with strong hardware/embedded development or security background).

Perfect candidates include:

• Product security engineers working with hardware teams who need to understand the embedded security paradigm
• Penetration testers and security consultants expanding into IoT/embedded device assessments
• Hacking enthusiasts and hobbyists interested in learning about embedded device security
• Security researchers interested in beginning hardware hacking
• Self-taught hackers looking for structured, foundational training to formalize their hardware security skills

Recommended Background:

• Basic understanding of computer security principles (networking, authentication, common vulnerabilities) OR strong interest in learning about hardware security
• Basic command-line proficiency
• Familiarity with Linux operating systems

No Hardware Experience Required:

• No prior embedded systems or electronics engineering background needed
• No circuit design or electrical engineering knowledge required
• Course starts from electricity and hardware fundamentals and builds up systematically

Not Recommended For:

• Experienced embedded systems engineers or hardware professionals seeking advanced hardware security techniques (course focuses on building foundational skills for security practitioners)

What Students Should Bring:

Laptop Requirements:

• Operating System: Windows, macOS, or Linux
• Must be able to install Saleae Logic 2 Software (https://www.saleae.com/downloads/)
• Must be able to add a local network interface
• Must be able to SSH into remote systems
• USB 2.0 or higher port
• Modern CPU
• Minimum 4GB RAM recommended
• 15GB free disk space for software and capture data

Important Notes:

• Most analysis and exploitation work will be performed on instructor-provided attack boxes accessed via SSH
• Company-issued laptops with restrictive MDM (Mobile Device Management) policies may prevent installation of required software or network configuration changes. Students using such devices may experience difficulties during the course.

What the Trainer Will Provide:

Each student receives a complete embedded hardware hacking toolkit (approximate value: $400) that includes:

• Custom target boards for hands-on exercises
• Multimeter
• Logic analyzer
• Flash programmer
• Attack box for hardware interface and BLE interaction
• All necessary cables and accessories

These kits also include lab manuals with exercise guidance and hints for later reference after the session.

Students keep the entire toolkit after the course to continue practicing and applying the skills learned in their own security assessments.

Trainer(s) Bio:

Aaron Wasserman is a Senior Offensive Security Engineer on Praetorian's IoT team, where he performs IoT, hardware, and embedded systems security assessments. He holds a Master of Science and Bachelor of Science in Electrical and Computer Engineering from Georgia Tech. Aaron holds the OSCP and ACIP, among other professional certifications. He also volunteers as a guest lecturer for the ethical hacking course at Marquette University.

Garrett Freibott is a Senior Offensive Security Engineer at Praetorian with a Bachelor of Science in Computer Science from Arizona State University. He holds the OSCP and ACIP certifications and specializes in embedded systems security, firmware analysis, and vulnerability research.

Will McCardell is a Lead Offensive Security Engineer at Praetorian with over a decade of experience in software, technology, and offensive security. He specializes in embedded systems exploitation, firmware reverse engineering, and IoT vulnerability research.

Proficiency Exam Option:

This course has the option for a proficiency certificate add-on. Proficiency is measured through practical, hands-on demonstrations of skills learned during the course:

1. In-Class Exercise Completion: Students must successfully complete designated hands-on exercises throughout the two-day course, demonstrating competency in:

• Hardware interface identification and interaction
• UART/SPI protocol exploitation
• JTAG/SWD debugging techniques
• Firmware extraction and manipulation

2. BLE CTF Performance: Students must achieve a minimum progress/point threshold in the Bluetooth Low Energy Capture The Flag challenge, demonstrating practical skills in:

• BLE protocol analysis and interaction

These measures ensure students have acquired practical, real-world skills in hardware security assessment and can immediately apply IoT and embedded systems exploitation techniques in professional security engagements.

Please reach out to training@defcon.org for any questions related to the proficiency exam and certificate option.

Registration Terms and Conditions: 

Trainings are refundable before July 11, 2026, minus a non-refundable processing fee of $250.

Between July 11, 2026 and August 5, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.

All trainings are non-refundable after August 5, 2026.

Training tickets may be transferred to another student. Please email us at training@defcon.org for specifics.

If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).

Failure to attend the training without prior written notification will be considered a no-show. No refund will be given.

DEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.

By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.

Several breaks will be included throughout the day. Please note that food is not included.

All courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.