Software Defined Radios 101 - Introduction to RF Hacking - Richard Shmel - DCTLV2026
Name of Training: Software Defined Radios 101 - Introduction to RF Hacking
Trainer(s): Richard Shmel
Dates: August 10-11, 2026
Time: 8:00 am to 5:00 pm PT
Venue: Las Vegas Convention Center
Cost: $2,500 (USD)
Hardware: $620 (optional) - Students wishing to keep their materials can purchase the hardware bundle, which includes a HackRF with an aluminum case, upgraded crystal, antenna adapters, an antenna, and a custom transmitting PCB designed and fabricated by the instructor.
Short Summary:
SDR 101 is a course designed for cyber security professionals of all skill levels who want to start working with RF signals and SDRs. Students get hands-on experience with real hardware, learn the fundamentals of RF hacking, and walk away ready to start exploiting the RF attack surface.
Course Description:
This class is a beginner's introduction to practical Software Defined Radio (SDR) applications and development with an emphasis on hands-on learning. If you have ever been curious about the invisible world of radio waves and signals all around you, but didn't know where to begin, then this course is for you. Students can expect to learn about basic RF theory and SDR architecture before moving on to hands-on development with real radios. Over the two-day course, the instructor will guide students through progressively more complicated RF concepts and waveforms, culminating in a small capstone exercise. Students will be provided with a HackRF SDR for the duration of the class but will need to bring their own laptop to interface with the radio. VMs will be made available to students to download before class, along with an OS setup guide for those that prefer a bare-metal install. The VM/OS will have all the required drivers and frameworks to interface with the radio hardware, allowing us to jump right into hands-on exercises. My intent for this course is to lower the barrier of entry associated with RF hacking and give beginning students a practical understanding of RF and DSP applications with SDRs.
Course Outline:
This course is built on a hands-on, lab-first, methodology designed to bridge the gap between abstract RF theory and practical exploitation with a real SDR. The curriculum is structured to move rapidly from foundational concepts to live- signal interaction. Following a condensed primer on RF theory, students will use open-source tools for signal analysis before transitioning into GNU Radio to build custom digital signal processing (DSP) chains. The course progresses through increasingly complex waveforms and real-world system attacks, culminating in a comprehensive RF exploitation capstone that reinforces all key learning objectives.
DAY 1
Hour 1:
- Introduction to RF theory, waveforms, and basic modulation schemes (AM, FM, FSK, PSK, OOK)
- Nyquist sampling and aliasing
- A brief overview of Euler and complex numbers
- IQ Sampling Theory
- Overview of common Software Defined Radio architectures (Local Oscillators, ADCs, sample theory, etc.)
Hours 2-4:
- Introduction to interfacing with the SDR
- Exercise 1: Watchtower
- Basic demodulation
- Exercise 2: Soundtracks
- Introduction to spectrum scanning
- Exercise 3: Basic scanner
- Exercise 4: Advanced scanner with baseline
Hours 5-6:
- Intro to capturing raw signals with your SDR
- Intro to inspecting raw signals
- Exercise 5: Car key fobs
- Advanced signals inspection using open source tools
- Exercise 6: Burst IoT modem
Hours 7-8:
- Introduction to GNUradio
- Key GNUradio flow graph components:
- Sources/sinks
- Filters
- Exercise 7: Filters
- Demodulators
- Exercise 8: RF mixer
- Exercise 9: AM/FM demod and data exfiltration
DAY 2
Hour 1:
- Continue GNUradio flow graph components
- Review filters, demodulation, sources/sinks
- Resamplers and resampling theory
- Exercise 10: Putting it all together: User-built radio in GNUradio
Hours 2-3:
- Introduction to Out-of-Tree (OOT) modules
- Extending GNU Radio through scripting and custom blocks
- Utilizing community OOT modules
- Exercise 11: OOT satellite demo
- Exercise 12: OOT ADS-B interception guided exercise
- Exercise 13: OOT custom waveform interception open exercise
Hours 4-6:
- Introduction to transmitting
- Types of RF attacks
- Signal file (IQ) synthesis
- Exercise 14: Replay attack
- Exercise 15: Jamming attack
- Exercise 16: Targeted signals reverse engineering
Hours 7-8:
- Capstone exercise: Custom RF PCB exploitation challenge
Difficulty Level:
Beginner - The student has an interest in the topic presented and general technology knowledge that a power user or undergraduate student may have acquired.
No specific skills or experience required.
Suggested Prerequisites:
This is a beginner course. Students do not need to have any prior knowledge of RF theory or SDRs. We will do some programming in Python, so a basic understanding is helpful (but not required). Before the course, the instructor will send out some pre-reading and video lectures for students to ensure everyone is starting at the same level, as well as a guide to set up your course VM. This material should take about 4 hours to complete.
What Students Should Bring:
Students will need to bring a laptop capable of running a VMware or VirtualBox VM (VMs will be sent out before the class).
Recommended specifications for the laptop are:
- 4 core processor
- 8 GB of RAM
- at least 35 GB of free HDD/SSD space
- two free USB2.0 (or higher) ports for the SDR and the capstone PCB (Note: Students with USB-C only laptops must bring a compatible USB-A hub/adapter)
Students should also bring a pair of headphones for listening to their laptop during the course; this is necessary in a classroom setting to keep the volume at a reasonable level. All students will be provided with a HackRF radio for the duration of the course. Owning your own SDR is not required. In the past, some students have wanted to use their own radios for parts of the course - as a way to get hands-on experience with their own hardware. Students are free to bring any SDR they own. The instructor will happily help students troubleshoot their particular SDR.
What the Trainer Will Provide:
Students will be provided with a VM with all course material and drivers necessary to interface with the SDR. Students will also be provided with a HackRF to use for the duration of the course.
Students wishing to keep their materials can purchase the hardware bundle, which includes a HackRF with an aluminum case, upgraded crystal, antenna adapters, an antenna, and a custom transmitting PCB designed and fabricated by the instructor.
Trainer(s) Bio:
Richard Shmel is an experienced research and development engineer focusing on radio communications and digital signals processing applications. He has over a decade of experience as an RF engineer and embedded software developer working on prototype radio systems and DSP frameworks. Disappointed by the lack of introductory SDR material he could give to new engineers, he decided to write his own training courses to help fill the gap. Richard has had the privilege of teaching SDR workshops and training at various local and national cyber security conferences - including DEF CON - for many years now. He is passionate about teaching RF/DSP and wireless technology, and will happily talk for hours on the subject if given the chance.
Proficiency Exam Option:
This course has the option for a proficiency certificate add-on.
The proficiency exam includes multiple-choice and short-answer questions covering topics from every course module, and is given during the final 45 minutes of class. A passing score is 70%.
Please reach out to training@defcon.org for any questions related to the proficiency exam and certificate option.
Registration Terms and Conditions:
Trainings are refundable before July 11, 2026, minus a non-refundable processing fee of $250.
Between July 11, 2026 and August 5, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.
All trainings are non-refundable after August 5, 2026.
Training tickets may be transferred to another student. Please email us at training@defcon.org for specifics.
If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).
Failure to attend the training without prior written notification will be considered a no-show. No refund will be given.
DEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.
By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.
Several breaks will be included throughout the day. Please note that food is not included.
All courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.