(Ethical) Vehicle Hacking Training

Skill injection for compromising vulnerabilities in automotive

Learn (ethical) vehicle hacking: experience hands-on training with experienced trainers with an automotive cybersecurity background. Nine modules, three levels, interactive exercises. Let's get started.

01/

(Ethical) Vehicle Hacking Training: New trainings

With our (Ethical) Vehicle Hacking Training, you will learn in live training sessions how to attack vehicles, exploit vulnerabilities and effectively increase automotive cybersecurity through professional vehicle penetration testing practices.

The modular training, based on real practical experience in penetration testing in automotive and vehicle development, begins with insights into vehicle cybersecurity engineering, illustrates attack possibilities on automotive ECUs (including exercises!) and is ultimately designed to enable the independent execution of automotive penetration tests.

But don't be afraid of pure theory. Our (ethical) vehicle hacking training not only offers an introduction to security-relevant protocols (and much more). There is plenty of practice, exercises and sample tasks. Hacking cars is learning by doing.

Automotive Penetration Testing
02/

What you will learn

Fundamentals of vehicle security: security-relevant technologies, communication protocols and much more
Practice: Applying the acquired knowledge directly in practice with exercises, demo attacks, CTFs and more
Automotive: Vehicle cybersecurity engineering insights; testing in accordance with ISO/SAE 21434 & UN R155
03/

(Ethical) Vehicle Hacking Training: Our training modules at a glance

badge

ISO/SAE 21434 Compliance: Efficient (vehicle) penetration tests are one thing, regulatory requirements such as ISO/SAE 21434 and UN R155 are another? In this module, you will learn how penetration tests are managed in accordance with regulatory requirements. You will learn how to develop test strategies that meet the requirements of automotive standards and understand the crucial role that testing should play. You will learn how to examine the proper consideration of cybersecurity in development (cybersecurity goals, cybersecurity controls, etc.).

code

Fundamentals of cryptography in vehicle development: With this module, we refresh your know-how when it comes to the application of cryptography, encryption methods, handling keys (etc.) in practice. With reference to development work in the automotive environment, we will jointly develop valuable insights into pitfalls and hurdles in the implementation/configuration of cryptography based on common mistakes in automotive practice. Not least with the help of practical exercises. This cryptography knowledge update will provide you with valuable benefits for the subsequent modules of the Vehicle Hacking training.

warning

Compromising diagnostic tools and UDS security analysis: In this module, you will learn how Unified Diagnostic Services (UDS for short) work. Learn step by step to what extent the UDS widely used in automotive electronics can be effectively attacked. In this module, we transfer what you have learnt directly from theory to practice: with an adaptive implementation of the UDS protocol on a mock ECU, you will have the opportunity to work out potential attack vectors independently and gain realistic experience.

bolt

Manipulation of the CAN bus system: For the automotive industry, the Controller Area Network bus (CAN bus for short) is still the central protocol for connecting control units in vehicles. In this module, you will learn about the functionalities of the CAN bus in technical detail. We then systematically work through potential vulnerabilities and associated attack techniques (such as spoofing, tampering, error frame propagation and CAN injection) and show you the consequences and risks that can arise.

fax

Manipulation of hardware communication: In this module, we go one step deeper and introduce you to the level of hardware communication interfaces such as SPI, I2C and UART. You will not only acquire extensive basic knowledge about the respective information and communication streams, but also learn about vulnerability exploitation/exploitation practices. From sniffing to injection and man-in-the-middle attacks, you will get to know a range of established attack techniques on hardware communication.

settings

Manipulation of on-chip debugging interfaces: In this module, you will learn about the functionality of on-chip debugging and associated interfaces such as JTAG, SWD (and others). Full of power, but (hopefully) not to the point of blowing up in our faces, you will learn how on-chip debugging can serve in terms of vulnerability/vulnerability exploitation in automotive systems. We will discuss how to identify different pins, how to communicate with the respective debugging interface and, of course, how to manipulate them should the system deny access.

database

Memory manipulation via hardware interfaces: Join us in this module to delve deeper into the architecture of electronic control units (ECUs). Learn how you can manipulate information and communication flows in a targeted manner. You will discover the possibilities of extracting and (manipulatively) injecting information into the memory unit. Together with the previous modules HW Communication and Debugging Interfaces, you will evolve your knowledge to a new level.

sync

"Fault injection" attack technique: In this module, you will learn how to bypass a wide range of security mechanisms using the effective technique of fault injection. You will be surprised how relatively easy it can be to overcome the labour-intensive implementation of security, if you have sufficient (physical) access and the necessary patience. We will introduce you to the multifaceted methods and different implementations of the fault injection technique. You will gain basic knowledge of how fault injection can be set up and executed and which risks result from this.

computer

Testing of web-based applications: At first, web applications in the automotive environment do not appear to play an overwhelming role in terms of cybersecurity. In this module, you will learn which security-relevant aspects and potential risks nevertheless arise in the interaction between web and automotive systems. You will learn which practices in the exploitation of web vulnerabilities can have which consequences and how these are initiated.

04/

run ethical vehicle training --level=[your choice]

Whether you are just starting in the world of (ethical) vehicle hacking / testing in cybersecurity engineering or you are already advanced and want to take your application know-how to a higher level, we have the right training for you.

Level 1: Explorer

Introduction to the challenges of cybersecurity engineering in vehicle development. Creating an understanding of technical terms and information exchange. Ability to communicate about penetration testing and system-specific test requirements.

Level 2: Professional

Deepening application knowledge about penetration testing, cybersecurity engineering practices and specific attack possibilities on automotive ECUs. Practice what you have learned with training tasks. For specialists with daily contact to cybersecurity.

Level 3: Master

Ability to carry out vehicle penetration tests independently. Deep dives into protocols, interfaces and industry-specific vulnerabilities and opportunities for compromise. Incl. trainings tasks/CTFs via demo ECU to test the skills learned.

05/

++ sysupdate ++ q1-25
{new_public_sessions}

Sheesh! We are experiencing a veritable hype when it comes to our training courses. However, we are trying to manage the flood of enthusiastic learners. Here you will find the next (publicly bookable) online live training courses that we are currently planning. Our classes are held in English. Handouts are included. For larger groups/companies please contact us via e-mail. Ty! 

All times are (CEST / UTC+2)

EUR 890,- net

Level 1 Explorer

Level: Introduction to (Ethical) Vehicle Hacking
Duration: 2x4h Online-Session (live)
EVH-L1-JAN-1

Session I
January 8, 2025 [9am – 1pm]
Session II
January 10, 2025 [9am – 1pm]

EUR 890,- net

Level 1 Explorer

Level: Introduction to (Ethical) Vehicle Hacking
Duration: 2x4h Online-Session (live)
EVH-L1-MAR-1

Session I
March 10, 2025 [9am – 1pm]
Session II
March 12, 2025 [9am – 1pm]

EUR 2.490,- net

Level 2 Professional

Level: For professionals. More content. More exercises and practical tasks.
Duration: 6x4h Online Session (live)

EVH-L2-FEB-1

Session I
February 13, 2025 [9am – 1pm]
Session II

February 15, 2025 [9am – 1pm]
Session III

February 17, 2025 [9am – 1pm]
Session IV

February 20, 2025 [9am – 1pm]
Session V

February 22, 2025 [9am – 1pm]
Session VI

February 24, 2025 [9am – 1pm]

grep "preise" in training.txt

Almost anyone can learn (ethical) vehicle hacking. Let's talk about your requirements and our training courses. We would be happy to present our modules, content and training levels to you in detail.

Customized training? No problem. Prices, offer, PO, framework agreement, NDA? No problem.

We know how the automotive industry works.

Please send us an e-mail or write to us over here.

Get in touch
hi@breachlabz.com

Thank you

Your message has been submitted.
We will get back to you within 24-48 hours.
Oops! Something went wrong while submitting the form.

Want to get to know us? Let's have a call.

Automotive Penetration Testing, Falk Mayer
// Simple Form Validation by BRIX Agency