VS: S-RAD (Satellite-Radio Analysis & Disruption) - Andrzej Olchawa, Ricardo Fradique & André Cirne- DCTLV2026

Name of Training: VS: S-RAD (Satellite-Radio Analysis & Disruption)
Trainer(s): Andrzej Olchawa, Ricardo Fradique & André Cirne
Dates: August 10-11, 2026
Time: 8:00 am to 5:00 pm 
Venue: Las Vegas Convention Center
Cost: $2,500 (USD)

Short Summary:

If you always wondered how it would be to talk with the stars, this is the right place for you. This hands-on course will teach you how to understand some of the satellite communications that surround us every day, as well as how to use that knowledge to target space missions.

Course Description:

As space systems become increasingly critical to communications, navigation, and national infrastructure, understanding their unique protocols, RF characteristics, and operational dependencies is vital for identifying risks before adversaries do.

This 2-day course will teach you how to analyse and exploit satellite and groundstation systems using software only in a safe lab environment. We will go over satellite architecture and common link protocols, as well as SDR fundamentals. The hands-on labs cover protocol analysis and exploitation, simulated attacks, and how they can be combined with more traditional vulnerabilities to compromise space missions.

By the end of the course participants will be able to demonstrate a full, nondestructive red team chain of compromise in a controlled environment and produce actionable remediation and detection recommendations.

Course Outline: 

Day 1 - Foundations, Recon, SDR & RF

Morning

• Intro, rules of engagement, legal & lab safety
• Satellite systems architecture
• Threat model & attack surface mapping
• Protocols and data links: lecture + guided packet lab
  
  • Decode CCSDS captures
  • Identify TM/TC fields and payloads
  • Use Wireshark for analysis and Scapy to parse, craft, and modify frames.
  • Produce a brief report describing a found issue (e.g., replayable TC, plaintext
    payload).
    

Afternoon

• SDR fundamentals (software-only): lecture + guided labs with prerecorded IQs
  
  • Learn IQ basics, sampling, waterfalls, and constellation plots using prerecorded IQ files.
    
  • Build and run GNU Radio flowgraphs
    
  • Demodulate a simulated BPSK/CCSDS capture, extract packets, and visualize signal manipulations (frequency shift, filtering, SNR changes).
    
  • Produce short notes with screenshots and a short checklist of what parameter changes did.
• RF attacks (simulated): replay/spoofing/manipulation labs
  
  • Demonstrate practical replay and basic spoofing attacks using prerecorded IQ files and purely software tools.
    
  • Simple replay: repeat a segment containing a TC so it is received twice by the demodulator (demonstrates replay vulnerability).
    
  • Time-shift replay: extract a TC segment and insert it later to simulate delayed/replayed command (shows timing effects).
    
  • Segment injection/splice: insert a synthesized TC (crafted payload) into the IQ stream (spoof).
    
• Day 1 wrap & prep for Day 2

Day 2 - Recon, Ground-Station Attacks, TM/TC, Post-Compromise 

Morning

• Recap & objectives
  
• OSINT & reconnaissance: guided build of target profile
  
  • Build a comprehensive target profile for a smallsat operator including orbital data, infrastructure components, personnel, software stack, and likely attack surfaces.
    
  • Produce an asset/attack-surface map and prioritized reconnaissance plan.
    
• Ground-station network attack surfaces + small hands-on exploit lab
  
  • Simulate exploiting a vulnerable ground-station web console, escalate to operator workstation
    

Afternoon

• TM/TC deep-dive: message structures, Scapy toolkits, and full hands-on lab
  
  • Review CCSDS TM/TC message structure, authenticated vs unauthenticated flows, and safe crafting/injection of simulated telecommands into a controlled receiver
    
  • Demonstrate replay, modification, and detection techniques using Scapy-based toolkits.
    
• Simulated red-team exercise

Difficulty Level:

Intermediate - The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic.

Suggested Prerequisites:

• Basic Linux command-line proficiency (shell, file editing, package install).
• Fundamental networking knowledge (TCP/IP, DNS, HTTP, basic routing).
• Familiarity with Python (reading/writing simple scripts; using pip).
• Experience with packet analysis tools (Wireshark/tshark).
• Introductory radio concepts (IQ samples, sampling, basic modulation) - helpful but not mandatory.
• Ability to run a VM on a laptop (VirtualBox/VMware; 8+ GB RAM recommended).

What Students Should Bring:

Trainees only need to bring a laptop capable of running a VM (VirtualBox/VMware; 8+ GB RAM recommended).

What the Trainer Will Provide:

Slides, lab workbooks, prebuilt VM with all required tools and exercise files

Trainer(s) Bio:

Andrzej Olchawa is an offensive security researcher with over 15 years of experience in the space industry. In recent years, Andrzej has specialized in vulnerability research, exploit development, and the exploitation of space systems and protocols. He has published numerous research papers on space systems security and has presented at prominent security conferences, including Black Hat USA, DEF CON, multiple BSides, and others. He holds several industry-standard certifications and has been credited with numerous CVEs.

Ricardo Fradique is a cybersecurity engineer at Visionspace, where he focuses on vulnerability research and training content development targeting space systems and protocols. His research has produced several CVEs and contributed to technical briefings at leading security conferences including Black Hat and DEF CON, and he holds multiple industry certifications.

André Cirne is a Cybersecurity Engineer at VisionSpace, where he develops solutions for space, conducts vulnerability research, and develops cybersecurity training. Previously, he worked as a research assistant, co-authoring several academic publications in the field of embedded and hardware security. He holds a master's degree in information security and a Ph.D. in computer science. In his free time, he's also an amateur radio enthusiast.

Proficiency Exam Option:

This course has the option for a proficiency certificate add-on. 

Students have the option to obtain a proficiency certificate based on their performance in the final activity. This constitutes a CTF-based red team engagement including most of the content delivered during the training. While the activity itself will be available to all students, those opting for the certification must obtain over 80% of the flags in the environment and provide a written report detailing all findings and exploits, as well as recommended fixes for the issues found. The report is then graded by the trainers, with detailed feedback, and the final passing grade is dependent on both scores.

Please reach out to training@defcon.org for any questions related to the proficiency exam and certificate option.

Registration Terms and Conditions: 

Trainings are refundable before July 11, 2026, minus a non-refundable processing fee of $250.

Between July 11, 2026 and August 5, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.

All trainings are non-refundable after August 5, 2026.

Training tickets may be transferred to another student. Please email us at training@defcon.org for specifics.

If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).

Failure to attend the training without prior written notification will be considered a no-show. No refund will be given.

DEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.

By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.

Several breaks will be included throughout the day. Please note that food is not included.

All courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.