Learn (ethical) vehicle hacking: experience hands-on training with experienced trainers with an automotive cybersecurity background. Nine modules, three levels, interactive exercises. Let's get started.
With our (Ethical) Vehicle Hacking Training, you will learn in live training sessions how to attack vehicles, exploit vulnerabilities and effectively increase automotive cybersecurity through professional vehicle penetration testing practices.
The modular training, based on real practical experience in penetration testing in automotive and vehicle development, begins with insights into vehicle cybersecurity engineering, illustrates attack possibilities on automotive ECUs (including exercises!) and is ultimately designed to enable the independent execution of automotive penetration tests.
But don't be afraid of pure theory. Our (ethical) vehicle hacking training not only offers an introduction to security-relevant protocols (and much more). There is plenty of practice, exercises and sample tasks. Hacking cars is learning by doing.
ISO/SAE 21434 Compliance: Efficient (vehicle) penetration tests are one thing, regulatory requirements such as ISO/SAE 21434 and UN R155 are another? In this module, you will learn how penetration tests are managed in accordance with regulatory requirements. You will learn how to develop test strategies that meet the requirements of automotive standards and understand the crucial role that testing should play. You will learn how to examine the proper consideration of cybersecurity in development (cybersecurity goals, cybersecurity controls, etc.).
Fundamentals of cryptography in vehicle development: With this module, we refresh your know-how when it comes to the application of cryptography, encryption methods, handling keys (etc.) in practice. With reference to development work in the automotive environment, we will jointly develop valuable insights into pitfalls and hurdles in the implementation/configuration of cryptography based on common mistakes in automotive practice. Not least with the help of practical exercises. This cryptography knowledge update will provide you with valuable benefits for the subsequent modules of the Vehicle Hacking training.
Compromising diagnostic tools and UDS security analysis: In this module, you will learn how Unified Diagnostic Services (UDS for short) work. Learn step by step to what extent the UDS widely used in automotive electronics can be effectively attacked. In this module, we transfer what you have learnt directly from theory to practice: with an adaptive implementation of the UDS protocol on a mock ECU, you will have the opportunity to work out potential attack vectors independently and gain realistic experience.
Manipulation of the CAN bus system: For the automotive industry, the Controller Area Network bus (CAN bus for short) is still the central protocol for connecting control units in vehicles. In this module, you will learn about the functionalities of the CAN bus in technical detail. We then systematically work through potential vulnerabilities and associated attack techniques (such as spoofing, tampering, error frame propagation and CAN injection) and show you the consequences and risks that can arise.
Manipulation of hardware communication: In this module, we go one step deeper and introduce you to the level of hardware communication interfaces such as SPI, I2C and UART. You will not only acquire extensive basic knowledge about the respective information and communication streams, but also learn about vulnerability exploitation/exploitation practices. From sniffing to injection and man-in-the-middle attacks, you will get to know a range of established attack techniques on hardware communication.
Manipulation of on-chip debugging interfaces: In this module, you will learn about the functionality of on-chip debugging and associated interfaces such as JTAG, SWD (and others). Full of power, but (hopefully) not to the point of blowing up in our faces, you will learn how on-chip debugging can serve in terms of vulnerability/vulnerability exploitation in automotive systems. We will discuss how to identify different pins, how to communicate with the respective debugging interface and, of course, how to manipulate them should the system deny access.
Memory manipulation via hardware interfaces: Join us in this module to delve deeper into the architecture of electronic control units (ECUs). Learn how you can manipulate information and communication flows in a targeted manner. You will discover the possibilities of extracting and (manipulatively) injecting information into the memory unit. Together with the previous modules HW Communication and Debugging Interfaces, you will evolve your knowledge to a new level.
"Fault injection" attack technique: In this module, you will learn how to bypass a wide range of security mechanisms using the effective technique of fault injection. You will be surprised how relatively easy it can be to overcome the labour-intensive implementation of security, if you have sufficient (physical) access and the necessary patience. We will introduce you to the multifaceted methods and different implementations of the fault injection technique. You will gain basic knowledge of how fault injection can be set up and executed and which risks result from this.
Testing of web-based applications: At first, web applications in the automotive environment do not appear to play an overwhelming role in terms of cybersecurity. In this module, you will learn which security-relevant aspects and potential risks nevertheless arise in the interaction between web and automotive systems. You will learn which practices in the exploitation of web vulnerabilities can have which consequences and how these are initiated.
Whether you are just starting in the world of (ethical) vehicle hacking / testing in cybersecurity engineering or you are already advanced and want to take your application know-how to a higher level, we have the right training for you.
Introduction to the challenges of cybersecurity engineering in vehicle development. Creating an understanding of technical terms and information exchange. Ability to communicate about penetration testing and system-specific test requirements.
Deepening application knowledge about penetration testing, cybersecurity engineering practices and specific attack possibilities on automotive ECUs. Practice what you have learned with training tasks. For specialists with daily contact to cybersecurity.
Ability to carry out vehicle penetration tests independently. Deep dives into protocols, interfaces and industry-specific vulnerabilities and opportunities for compromise. Incl. trainings tasks/CTFs via demo ECU to test the skills learned.
Sheesh! We are experiencing a veritable hype when it comes to our training courses. However, we are trying to manage the flood of enthusiastic learners. Here you will find the next (publicly bookable) online live training courses that we are currently planning. Our classes are held in English. Handouts are included. For larger groups/companies please contact us via e-mail. Ty!
All times are (CEST / UTC+2)
Session I
January 8, 2025 [9am – 1pm]
Session II
January 10, 2025 [9am – 1pm]
Session I
March 10, 2025 [9am – 1pm]
Session II
March 12, 2025 [9am – 1pm]
Session I
February 13, 2025 [9am – 1pm]
Session II
February 15, 2025 [9am – 1pm]
Session III
February 17, 2025 [9am – 1pm]
Session IV
February 20, 2025 [9am – 1pm]
Session V
February 22, 2025 [9am – 1pm]
Session VI
February 24, 2025 [9am – 1pm]
Almost anyone can learn (ethical) vehicle hacking. Let's talk about your requirements and our training courses. We would be happy to present our modules, content and training levels to you in detail.
Customized training? No problem. Prices, offer, PO, framework agreement, NDA? No problem.
We know how the automotive industry works.
Please send us an e-mail or write to us over here.