{"product_id":"red-team-sigint-practical-sdr-hacking-for-mission-critical-automotive-aviation-and-marine-targets-jos-wetzels-wouter-bokslag-midnight-blue-dctlv2026","title":"Applied SDR Hacking: Red Team SIGINT for mission-critical, automotive, aviation, and marine targets - Jos Wetzels \u0026 Wouter Bokslag (Midnight Blue) - DCTLV2026","description":"\u003cp dir=\"ltr\"\u003e\u003cmeta charset=\"utf-8\"\u003e\u003cstrong\u003eName of Training\u003c\/strong\u003e\u003cspan\u003e: Applied SDR Hacking: Red Team SIGINT for mission-critical, automotive, aviation, and marine targets\u003cbr\u003e\u003c\/span\u003e\u003cstrong\u003eTrainer(s)\u003c\/strong\u003e\u003cspan\u003e: Jos Wetzels \u0026amp; Wouter Bokslag (Midnight Blue)\u003cbr\u003e\u003c\/span\u003e\u003cstrong\u003eDates\u003c\/strong\u003e\u003cspan\u003e: August 10-11, 2026\u003cbr\u003e\u003c\/span\u003e\u003cspan\u003e\u003cstrong\u003eTime\u003c\/strong\u003e: \u003c\/span\u003e\u003cspan\u003e8:00 am to 5:00 pm PT\u003cbr\u003e\u003c\/span\u003e\u003cstrong\u003eVenue\u003c\/strong\u003e\u003cspan\u003e: Las Vegas Convention Center\u003cbr\u003e\u003c\/span\u003e\u003cstrong\u003eCost\u003c\/strong\u003e\u003cspan\u003e: $3,250\u003cbr\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eShort Summary:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003eThis practically-oriented course, taught by the Midnight Blue team known for their TETRA research, aims to equip security practitioners with field-relevant RF security knowledge enabling them to assess and target important but rarely addressed RF technologies such as automotive, aviation, marine, physical access control RF protocols and mission-critical radio (e.g. TETRA, DMR, P25) used by police, military, private security, and critical infrastructure.\u003c\/p\u003e\n\u003cp\u003eHands-on exercises such as intercepting and decrypting handheld radio comms and breaking automotive security systems are alternated with thorough overviews of relevant RF protocols and their security posture as well as case studies of real-world RF attacks on railways, water utilities, drones, and police\/military radios.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eCourse Description:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003eHave you ever had to deal with attacking an RF signal and Youtube tutorials on the Flipper Zero didn't get you anywhere? Have you ever wanted to listen in to a security team's radio communications during a physical red team engagement? Did you ever think covertly breaking into corporate vehicle fleets or garages should be in-scope, but didn't know how to approach this?\u003c\/p\u003e\n\u003cp\u003eThen this is the course for you.\u003c\/p\u003e\n\u003cp\u003eIn an increasingly wireless world, we are surrounded by readily exploitable signals everywhere. Yet too often Red Team operations and pentests leave the RF spectrum unaddressed due to a lack of specialist knowledge and experience, especially when it comes to sensitive RF protocols not typically encountered in conventional enterprise and IoT contexts.\u003c\/p\u003e\n\u003cp\u003eThis practically-oriented course, taught by the Midnight Blue team known for their TETRA research, aims to equip security practitioners with field-relevant RF security knowledge and experience. While it thoroughly covers the fundamentals of RF, SDR, and SIGINT, it avoids math-heavy RF engineering with limited relevance to day-to-day operational reality.\u003c\/p\u003e\n\u003cp\u003eInstead, this course will provide attendees with a structured, step-by-step approach to the Signals Intelligence (SIGINT) cycle of targeting, identifying, collecting, processing, and analyzing Signals of Interest (SOIs). This includes the often cumbersome task of getting various special-purpose SDR tools to work on current systems. Attendees will learn how to exploit such signals with commonly available tooling through awareness of common risks and pitfalls in RF security.\u003c\/p\u003e\n\u003cp\u003eWhere other SDR trainings tend to focus on enterprise and IoT RF protocols such as 4G\/5G, WiFi, RFID, and BT, this training focuses on important but rarely addressed RF technologies such as automotive, aviation, marine, physical access control RF protocols and mission-critical radio (e.g. TETRA, DMR, P25) used by police, military, private security, and critical infrastructure. Hands-on exercises such as intercepting and decrypting handheld radio comms and breaking automotive security systems are alternated with thorough overviews of relevant RF protocols and their security posture as well as case studies of real-world RF attacks on railways, water utilities, drones, and police\/military radios.\u003cbr\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cspan\u003e\u003cstrong\u003eCourse Outline: \u003c\/strong\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cem\u003eCourse outline is preliminary and subject to minor changes and improvements.\u003c\/em\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cspan style=\"text-decoration: underline;\"\u003eDAY 1 - BLOCK 1: Basics of SDR and SIGINT\u003c\/span\u003e\u003c\/p\u003e\n\u003cp\u003e- Introduction to Radio Frequency (RF), Software Defined Radio (SDR), Digital Signal Processors (DSPs)\u003cbr\u003e- SDR theory of operation\u003cbr\u003e- Overview of SDR hardware \u0026amp; software\u003cbr\u003e- Modulation and signal types\u003cbr\u003e- Antenna selection, tuning, and positioning\u003cbr\u003e- Building and working with SDR software stacks: SDRangel, Gqrx, GNU Radio, Universal Radio Hacker (URH),DragonOS, Flipper Zero\u003cbr\u003e- Signals Intelligence (SIGINT) cycle\u003c\/p\u003e\n\u003cp\u003e\u003cspan style=\"text-decoration: underline;\"\u003eDAY 1 - BLOCK 2: Fundamentals of RF Security\u003c\/span\u003e\u003c\/p\u003e\n\u003cp\u003e- Security requirements in RF protocols\u003cbr\u003e- Common risks and pitfalls: Jamming, replay, relay, cryptanalysis, etc.\u003cbr\u003e- Case studies: railways, water utilities, emergency broadcasts\u003c\/p\u003e\n\u003cp\u003e- Physical access control RF systems: automatic doors, gates, barriers, bollards, alarms, etc.\u003cbr\u003e- Automotive access control RF systems: Remote Keyless Entry (RKE), Passive Keyless Entry (PKE)\u003cbr\u003e- Automotive case study: professional car theft rings\u003c\/p\u003e\n\u003cp\u003e\u003cspan style=\"text-decoration: underline;\"\u003eDAY 2 - BLOCK 1: Professional Mobile Radio (PMR) \/ Land Mobile Radio (LMR) Security\u003c\/span\u003e\u003c\/p\u003e\n\u003cp\u003e- Introduction to PMR \/ LMR\u003c\/p\u003e\n\u003cp\u003e- Terrestrial Trunked Radio (TETRA): Overview, security, vulnerabilities, and available tooling\u003cbr\u003e- TETRA SIGINT tooling discussion\u003cbr\u003e- TETRA case study: Real-world TETRA interception incidents\u003c\/p\u003e\n\u003cp\u003e- APCO-25 (P25): Overview, security, vulnerabilities, and available tooling\u003cbr\u003e- dPMR\/NXDN: Overview, security, vulnerabilities, and available tooling\u003cbr\u003e- TETRAPOL: Overview, security, vulnerabilities, and available tooling\u003c\/p\u003e\n\u003cp\u003e\u003cspan style=\"text-decoration: underline;\"\u003eDAY 2 - BLOCK 2: PMR continued, Marine \u0026amp; Aviation\u003c\/span\u003e\u003c\/p\u003e\n\u003cp\u003e- Digital Mobile Radio (DMR): Overview, security, vulnerabilities, and available tooling\u003cbr\u003e- DMR SIGINT tooling discussion\u003cbr\u003e- DMR case study: DMR usage and targeting in Russia-Ukraine war, Middle-Eastern conflicts, and Mexican cartels\u003c\/p\u003e\n\u003cp\u003e- Marine RF systems: AIS\/VDES, GMDSS, etc.\u003cbr\u003e- Marine case study: tracking \u0026amp; spoofing in conflict zones, piracy, and sanctions evasions\u003c\/p\u003e\n\u003cp\u003e- Aviation RF systems: ADS-B, ACARS\/VDL, etc.\u003cbr\u003e- Drones \/ Unmanned Aircraft Systems (UAS): telecontrol, analog \u0026amp; digital video (VTX) downlink, scrambling and encryption\u003cbr\u003e- Aviation case study: Counter-UAS\/drone examples from the Russia-Ukraine war and Middle-Eastern conflicts\u003cbr\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eDifficulty Level:\u003c\/strong\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cmeta charset=\"utf-8\"\u003eBeginner to Intermediate\u003c\/p\u003e\n\u003cp\u003eBeginner Definition - The student has an interest in the topic presented and general technology knowledge that a power user or undergraduate student may have acquired.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eIntermediate Definition - The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eSuggested Prerequisites:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e- Basic familiarity with Linux\u003cbr\u003e- Basic familiarity with Python\u003cbr\u003e- Some understanding of pentesting and red teaming fundamentals\u003c\/p\u003e\n\u003cp\u003eThis will be a tech-forward course less suited for executives, project managers, compliance auditors, etc. Ideally, students have some basic general cybersecurity experience (or equivalent education). That being said, we've had some quick learners with different backgrounds, that benefited greatly from the hands-on nature of the course.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eWhat Students Should Bring: \u003c\/strong\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e- Modern laptop with Core i7 CPU or equivalent\/better and preferably 32GB+ RAM (absolute minimum 16GB)\u003cbr\u003e- Laptop should run DragonOS Noble (24.04) or newer (see \u003ca class=\"moz-txt-link-freetext\" href=\"https:\/\/cemaxecuter.com\/\"\u003ehttps:\/\/cemaxecuter.com\/\u003c\/a\u003e). A VM is fine, but preferably native installation to reduce risk of spending time on setup problems\u003cbr\u003e- Laptop should *not* be a locked-down corporate laptop, administrator privileges are a must-have\u003cbr\u003e- Laptop should have USB type A (or Type C + converter) for SDR hardware\u003cbr\u003e- Bring a charger\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eWhat the Trainer Will Provide:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e- HackRF based SDR hardware (platform + antenna)\u003cbr\u003e- Several exercise targets including: Fixed-code alarm system, rolling-code RKE\/door control system\u003cbr\u003e- Syllabus, exercises, exercise solutions, and tooling\u003cbr\u003e- Certificate of attendance\u003c\/p\u003e\n\u003cp\u003eAll students will receive a hardware kit to keep as part of their registration, including:\u003cbr\u003e- The versatile HackRF based SDR platform\u003cbr\u003e- All the covered exercise targets\u003cbr\u003e- Bonus target: a motion-based alarm system, together with an exercise sheet and solution. \u003cbr\u003e\u003cbr\u003eThis will allow you to hone your skills in the field with familiar tools, and to continue and reproduce training exercises at home.\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eTrainer(s) Bio:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eJos Wetzels\u003c\/strong\u003e is a co-founding partner at Midnight Blue. His research has involved reverse-engineering, vulnerability research and exploit development across various domains ranging from industrial and automotive systems to IoT, networking equipment and deeply embedded SoCs. He has discovered zero-day vulnerabilities across tech stacks ranging from bootloaders and RTOSes to proprietary protocol implementations. At Midnight Blue, he has consulted to government agencies, grid operators, and Fortune 500 companies worldwide and has been involved in the first ever public analysis of the TETRA radio standard used by police and critical infrastructure globally - uncovering several critical vulnerabilities. Prior to founding Midnight Blue, he worked as a security researcher and reverse engineer at Forescout where he developed state-of-the-art intrusion detection capabilities for Operational Technology (OT) environments. Jos is a member of the Black Hat USA Review Board and a regular conference speaker who has presented at events such as Black Hat, DEF CON, CCC, USENIX, HITB, OffensiveCon, ReCon, EkoParty, and others.\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eWouter Bokslag \u003c\/strong\u003eis a co-founding partner and security researcher at Midnight Blue. He is known for the reverse-engineering and cryptanalysis of the previously secret cryptographic algorithms used in the TETRA radio standard. He has performed specialist security assessments on RF networks of law enforcement agencies, critical infrastructure, and some of the largest companies in the world. In addition, his prior research includes reverse-engineering and cryptanalysis of several proprietary in-vehicle immobilizer authentication ciphers used by major automotive manufacturers as well as co-developing the world's fastest public attack against the Hitag2 cipher. He holds a Master's Degree in Computer Science \u0026amp; Engineering from Eindhoven University of Technology (TU\/e) and designed and assisted in teaching hands-on offensive security classes for graduate students at the Dutch Kerckhoffs Institute for several years. He presented research at venues like Black Hat, DEF CON, USENIX, CCC, hardwear.io and many others.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eProficiency Exam Option:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003eThis course has the option for a proficiency certificate add-on.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003eThe proficiency exam will consist of a CTF-style challenge which incorporates major learnings from the training and evaluates the student's proficiency with the taught methodologies and tooling. In the unlikely event the challenge cannot be completed, a re-take opportunity is provided.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003ePlease reach out to training@defcon.org for any questions related to the proficiency exam and certificate option.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eRegistration Terms and Conditions: \u003c\/strong\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eTrainings are refundable before July 11, 2026, minus a non-refundable processing fee of $250.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eBetween July 11, 2026 and August 5, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eAll trainings are non-refundable after August 5, 2026.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eTraining tickets may be transferred to another student. Please email us at training@defcon.org for specifics.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eIf a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eFailure to attend the training without prior written notification will be considered a no-show. No refund will be given.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eDEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eBy purchasing this ticket you agree to abide by the \u003c\/span\u003e\u003ca href=\"https:\/\/defcon.org\/html\/links\/dc-code-of-conduct.html\"\u003e\u003cspan\u003eDEF CON Training Code of Conduct\u003c\/span\u003e\u003c\/a\u003e\u003cspan\u003e and the registration terms and conditions listed above.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eSeveral breaks will be included throughout the day. Please note that food is not included.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eAll courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.\u003c\/span\u003e\u003c\/p\u003e","brand":"Las Vegas 2026","offers":[{"title":"Course only - Aug 10-11","offer_id":47691679826138,"sku":null,"price":3050.0,"currency_code":"USD","in_stock":true},{"title":"Course + Proficiency Exam - Aug 10-11","offer_id":47697574691034,"sku":null,"price":3350.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0629\/2088\/4442\/files\/MidnightBluelogofulllinescentered.svg?v=1774171974","url":"https:\/\/training.defcon.org\/products\/red-team-sigint-practical-sdr-hacking-for-mission-critical-automotive-aviation-and-marine-targets-jos-wetzels-wouter-bokslag-midnight-blue-dctlv2026","provider":"defcontrainings","version":"1.0","type":"link"}