The Art of Fault Injection (TAoFI)
The Art of Fault Injection Open Inschrijving (internationaal)
Content
In cooperation with Raelize B.V., the Netherlands Forensic Institute (NFI) is offering a training course on Fault Injection.
Fault Injection is often the weapon of choice for breaking into devices when exploitable software vulnerabilities are not known or absent. While Fault Injection attacks are nowadays common, typical concepts, methodologies, techniques, and attacks are often not sufficiently understood. While achieving success by simply glitching a target can yield results, it’s important to note that this approach alone doesn’t facilitate the creation of innovative attacks. In this training, students will experience and appreciate the Art of Fault Injection (TAoFI) to exploit the full potential of Fault Injection attacks.
This training assumes, though it is not strictly mandatory, that students possess prior experience with Fault Injection attacks, either obtained at work, at home, or at a previously attended training (e.g., from Colin, Joe Grand, or Thomas). Students are encouraged to work together in teams of two, sharing their experiences, to tackle the challenges together more efficiently. Even though not recommended, students may work individually as well.
Students will be using advanced techniques to characterize the effects of voltage glitches on the Espressif ESP32 System-on-Chip (SoC). The faults resulting from these voltage glitches are carefully analysed and de- scribed to build a thorough understanding of the target’s susceptibility to voltage glitches. This enables the students to create powerful Fault Injection exploits. During this training, rather than focusing on a specific set of tools, the students will focus more on the concepts, methodologies, techniques, and attacks relevant to Fault Injection attacks.
Students will experience, with guidance from experts, performing real-world Fault Injection attacks, that were either disclosed by Raelize or other security researchers. Students will be using the NewAE ChipWhisperer-Husky, typical hardware lab tooling like an oscilloscope and a hardware debugger. Students are provided with a virtual machine (VM) with all the required tooling installed, as well as access to the required hardware.
Upon completing the training, students will be proficient in executing sophisticated Fault Injection attacks on real-world targets using commercially available tooling. The knowledge gained from understanding the underlying concepts, methodologies, techniques, and attacks, can be used by the students to perform novel Fault Injection attacks on other targets of interest.
Format
This training takes students on a multi-day journey during which they perform hands-on exercises (75%) and attend interesting lectures (25%). The students will share their past and current experiences to learn from each other (including the trainers).
Students will get access to a Virtual Machine (VM) that contains all the required software. Students will have access to all the required tooling throughout the training.
Students can continue with the exercises after the training has finished, if they possess the required tooling, which is commercially available from online retailers.
Level
The training level of this training is Intermediate / Advanced.
The fundamentals of Fault Injection are addressed systematically, but students are assumed to have some experience with Fault Injection attacks.
Objectives
Key Learning Objectives
The key learning objectives of this training are:
- Understand Fault Injection techniques and attacks like an expert
- Identify non-trivial vulnerabilities using advanced Fault Injection techniques
- Create advanced Fault Injection exploits using commercially available tooling
- Reproduce top-notch security research originally performed by Fault Injection experts
Price
- 4-days BootPwn training: € 4.250,- per participant. This includes lunches and coffee/tea refreshments.
- Dutch Police: please fill out the registration form, ask for a quotation in the field Remarks. Selection may take place by a police coordinator.
N.B.: No VAT will be added.
Hotel and travel costs are not included.
Planning
Module | Date | From | Till | Location |
Specific content | Tue 25-2-2025 | 9:00 | 17:00 | NFI, Laan van Ypenburg 6 Den Haag |
Specific content | Wed 26-2-2025 | 9:00 | 17:00 | NFI, Laan van Ypenburg 6 Den Haag |
Specific content | Thu 27-2-2025 | 9:00 | 17:00 | NFI, Laan van Ypenburg 6 Den Haag |
Specific content | Fri 28-2-2025 | 9:00 | 17:00 | NFI, Laan van Ypenburg 6 Den Haag |