Car Hacking Masterclass - Attacking & Defending Automotive Systems and Infrastructure - Kamel Ghali - DCTLV2026

Name of Training: Car Hacking Masterclass - Attacking & Defending Automotive Systems and Infrastructure
Trainer(s): Kamel Ghali
Dates: August 10-11, 2026
Time: 8:00 am to 5:00 pm PT
Venue: Las Vegas Convention Center
Cost: $2,250
Hardware: $470 (optional, if you choose to retain after the course)

Short Summary:

This intermediate Automotive Cybersecurity and Car Hacking Masterclass delivers hands-on experience attacking and defending real vehicle systems, from in-vehicle networks and infotainment to electric vehicles and charging infrastructure. Participants gain practical, risk-focused insight into how modern vehicles are compromised and secured, making the course valuable for both technical security engineers and decision-makers responsible for connected transportation systems.

Course Description:

This Automotive Cybersecurity and Car Hacking Masterclass provides an in-depth, practitioner-focused exploration of how modern vehicles are designed, attacked, and defended in today’s connected transportation ecosystem. Participants begin with a strategic, birds-eye view of automotive cybersecurity, grounding technical topics in real-world car hacking case studies, regulatory drivers, and lifecycle security practices such as ISO 21434 and threat analysis and risk assessment (TARA). By connecting observed attacks to industry standards and evolving global regulations, the course equips attendees with a clear understanding of why vehicle cybersecurity matters—not only for automobiles, but for any cyber-physical product operating at scale.

A defining feature of this masterclass is its emphasis on immersive, hands-on labs that allow participants to directly apply concepts across in-vehicle networks, infotainment systems, and electric vehicle charging infrastructure. Learners actively interact with CAN-based systems, diagnostic protocols, and modern vehicle defenses, progressing from protocol analysis and reverse engineering to realistic attack and mitigation scenarios. Additional labs explore infotainment and EV charging attack surfaces, highlighting how vulnerabilities can cascade into broader societal and infrastructure-level risks. Designed for an intermediate technical audience, the course delivers deep, actionable knowledge for security engineers while remaining highly valuable for architects, product managers, decision-makers, and executives seeking a practical, first-hand understanding of automotive cybersecurity risks, controls, and trade-offs.

Course Outline: 

Day 1:

• Birds-eye View of Automotive Cybersecurity 
  • Introduction to Car Hacking & Automotive Cybersecurity
    • This section introduces participants to car hacking and automotive cybersecurity, looking at the short history of the industry and establishing the cybersecurity priorities for the automotive industry and the scope of impact car hackers have had on its evolution
  •  Car Hacking Case Studies
    • This section explores real instances of vehicle security research and automotive cybercrime observed "in the wild." driving home that car hacking is a reality in the age of connected transportation.
  •  Lifecycle Cybersecurity for Cars and Other Products
    • This section explores modern automotive cybersecurity management systems and how they have evolved to ensure vehicles are protected from threats throughout their entire operational lifecycle.
    • This content applies to more than just automobiles, and is being adopted by other industries to meet regulatory requirements for the EU Cyber Resilience Act and other global cybersecurity regulations
  • Hands-on Automotive Cybersecurity & Car Hacking 
    • Hands-on Automotive Threat Analysis and Risk Assessment (TARA) and ISO 21434
      • In this section participants implement TARA hands-on, seeing first-hand how cyber risk is evaluated in vehicles and evaluating the vulnerabilities presented in the case studies shared prior to this sections.
    •  In-Vehicle Networks & CAN Bus Hands-on I
      • This section covers the technical details of CAN, a networking technology found in nearly every vehicle in the world as well as maritime systems, ICS systems, and even washing machines.
      • Participants will learn advanced technical details of the CAN protocol as well as how to transmit, receive, and reverse engineer CAN data using open-source software and industry grade CAN tools. They will complete labs to put this knowledge to use, solving CTF problems by sending and receiving CAN data, as well as reverse-engineering CAN signals.

Day 2:

• Beyond the CAN Bus 
  • CAN Bus Hands-on II
    • This section covers more advanced applications of CAN, from diagnostic protocols implemented on top of the CAN standard to security systems implemented in CAN to protect CAN networks from eavesdropping, traffic injection attacks, and more.
    • Students will complete labs in which they must use what they learn to attack CAN systems and implement the defenses covered in the lecture content. Labs based on CAN network diagnostic protocols will also be included.
  •  In-Vehicle Infotainment System Security
    • This section will introduce students to the attack surfaces of in-vehicle infotainment systems - often the most vulnerable part of an automobile's architecture.
    • Participants will see demonstrations of exploits being performed against IVI systems taken from commercial vehicles and complete labs to create their own exploits for the same systems, targeting USB, Bluetooth, and other interfaces.
  •  Electric Vehicle & EV Charging Infrastructure Security
    • In this section participants will learn about the unique attack surfaces electric vehicles contain and how vulnerabilities in their charging systems and associated infrastructure can have consequences that spread much farther into society, impacting the power grids of cities and bringing logistic networks to a grinding halt.
    • Hands-on labs covering CAN, OCPP, PLC, and other EV charging infrastructure technology will be included in this section.
  •  Final Assessment 

Difficulty Level:

Intermediate - The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic.

Suggested Prerequisites:

Necessary Skills/Knowledge:

• Linux Command Line Experience
• Bash Scripting Experience
• Digital Signaling Understanding
• Binary Algebra/Operations Understanding

Suggested Prerequisite Reading:

• Jeep Hack News Video: https://www.youtube.com/watch?v=MK0SrxBC1xs&pp=ygUJamVlcCBoYWNr
• Jeep Hack Whitepaper: https://illmatics.com/Remote%20Car%20Hacking.pdf

What Students Should Bring:

Students should bring a laptop computer with at minimum the following features:

• Virtualization Enabled
• VMWare or Oracle VirtualBox Installed
• At least one USB-A port available
  • A USB hub is a optional, but can be useful for labs requiring multiple USB devices

All vehicle network hardware will be lent by the instructor. The instructor will also share reference documents and pre- configured virtual machine images for use during the course ahead of time. Uniquely, this Car Hacking Training utilizes both virtualized vehicle network environments AND real vehicle hardware. This includes hardware purchased on the aftermarket as well as vehicle parts retrieved directly from real vehicles, giving students the opportunity to interact with vehicle networks as they are used in real vehicle hardware. In addition,several of the hardware modules incorporated into the course have been featured in the Automotive Pwn2Own competition from 2024, 2025, and 2026.

What the Trainer Will Provide:

The trainer will provide all necessary equipment to complete the course. The hardware used in the course exercises and will be loaned to the students, but they have the option of purchasing the hardware to keep for $450.00 USD. The hardware platform provided is a hands-on vehicle networking and cybersecurity educational platform developed and manufactured by the instructor.

Several labs in this course make use of larger industry-grade systems taken from real automobiles - allowing students to interact with real vehicular systems and develop exploits for vulnerable targets found on the market. As these systems are rather heavy, a limited number will be available for the students to use during the course but they may not be taken home by the participants.

Trainer(s) Bio:

A seasoned expert with over eight years of experience in automotive and IoT cybersecurity, Kamel has worked across the U.S. and Japan as a vehicle penetration tester, security consultant, and car hacking trainer. He currently serves as Vice President of International Affairs for the DEF CON Car Hacking Village, where he leads global outreach and awareness efforts focused on vehicle security.

Kamel brings deep expertise in cyber-physical systems security and is fluent in English, Arabic, and Japanese. Passionate about transportation cybersecurity, he actively engages with communities worldwide to promote education and awareness in this critical domain. His community contributions include organizing major Japanese cybersecurity conferences such as CODE BLUE, TenguCon, and BSides Tokyo, and he regularly seizes opportunities to advocate for cybersecurity and privacy in connected transportation systems.

Kamel has spoken at numerous cybersecurity events around the world and is a frequent contributor to online journals and other publications, where he speaks about cyber-physical security.

Proficiency Exam Option:

This course has the option for a proficiency certificate add-on. 

The proficiency exam for this training covers both the theoretical/high-level aspects of automotive cybersecurity taught in the course as well as proficiency in the hands-on technical aspects of the hacking of vehicle networks and other technologies taught in this course. Students are given a quiz (delivered via Google Forms or a similar platform) with questions answered either through data analysis, recollection of the course content, or solving of CTF challenges implemented on the hardware platform used in the training labs.

Please reach out to training@defcon.org for any questions related to the proficiency exam and certificate option.

Registration Terms and Conditions: 

Trainings are refundable before July 11, 2026, minus a non-refundable processing fee of $250.

Between July 11, 2026 and August 5, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.

All trainings are non-refundable after August 5, 2026.

Training tickets may be transferred to another student. Please email us at training@defcon.org for specifics.

If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).

Failure to attend the training without prior written notification will be considered a no-show. No refund will be given.

DEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.

By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.

Several breaks will be included throughout the day. Please note that food is not included.

All courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.