FSec IoT Hacking Summer School

International Summer School
Varaždin, Croatia: 16 July - 22 July




You can also join our Matrix room directly on the address: #IoTSumSchool18:matrix.org.






FOI Building


WHEN AND WHERE

School dates: Monday 16 July – Sunday 22 July from 09:00

Suggested arrival date: Monday 16 July

Suggested departure date: Sunday 22 July

Location: Faculty of Organization and Informatics, Pavlinska 2, Varazdin, Croatia

Each partner institution should cover the expenses for the involved staff members.



REACHING VARAŽDIN

You can reach the city of Varaždin by several means of transportation: bus, train, car and airplane. From more distant parts of the Europe and the rest of the world, our guests usually fly in to Zagreb first. To get from the Zagreb airport (called Franjo Tuđman airport) to the town of Varaždin you have two options:



ABOUT VARAŽDIN


The main square

The City of Varaždin, capital of the Varaždin County, is situated on the southern bank of the River Drava. The region is delimited by natural borders, lying at the crossroads of Austria’s Styria and Croatia’s Međimurje, Zagorje and the Upper Drava Valley. Varaždin has a population of approximately 50 000, and enjoys the status of the regional cultural, educational, economic and sporting center as well as a tourism hub of the North-Western Croatia. It's mainly known for its baroque buildings, textile, food and IT industry. Varaždin is a proud holder of 11 national 'Green Flowers' awards as the most orderly town of inland Croatia.

The New York Times listed town of Varaždin among 52 places in the world that you have to visit in 2014!

For more information about Varaždin you can visit the Varaždin Tourist Board web pages.
For more information about Croatia you can visit the Croatian National Tourist Board web pages.



ACCOMODATION & MEALS


The Student dormitory is a 10 minute walk away from FOI and the city center. It was fully rebuilt in 2005 with a new annex built in 2017. Rooms in the student residence have one, two or three beds. They are equipped with beds and mattress, sheets and pillowslips, desk, chairs and a wardrobe, toilet and a bathroom, refrigerator, free internet access, connection to the TV (rooms of high-level equipment). The Dormitory also has 6 tea kitchens with TVs, computer classrooms, a hall for meetings and seminars, a gym, laundry and drying machines.

Student restaurant Varaždin

There is a new modern student restaurant just next to the Student dormitory where the students will have organized lunch and dinner. There is also a cafe with an outdoor terrace.



Dorm accomodation and meal prices (approximate)

Room type Price HRK Price EUR
1/1 199,00 kn + 8,00 kn sojourn tax cca €28
1/2 149,00 kn + 8,00 kn sojourn tax cca €21
1/3 99,00 kn + 8,00 kn sojourn tax cca €15
**All prices shown are for one person per night.
**If you wish to book accomodation at the student dorm, mention the FOI summer school to the reservation desk.

Meal Price HRK Price EUR
Breakfast 25 kn cca €3
Lunch 40 kn cca €5



EXTRACURRICULAR ACTIVITIES & FREE TIME

We plan to organize several trips and activities:

  • Welcome to Varaždin city tour (with a tourist guide)
  • Weekend trip to the coast or somewhere nearby (depends on the number of students who will stay for the weekend)
  • Welcome & goodbye party

MONEY

The official currency in Croatia is the croatian kuna (KN). 1 EUR ~ 7,6 KN. In most of the stores and restaurants you can pay with your debit and credit cards. ATMs work with the most common cards and this is the easiest way to get your Kunas while in Croatia.

WEATHER

The temperatures in July are usually between 25º and 30º degrees celsius, the weather is warm and sunny (there is a possibility for temperatures above 30º). It can be rainy as well, but not that often. For the local weather forecast we recommend Meteorological and hydrological institute of Croatia website.





In their free time students can also:

  • Visit Varaždin museums or galleries:
  • Go to the Lumini Center, a shopping mall with a lot of entertainment possibilities (cinema, bowling stadium…) and well known street fashion brand stores. More information can be found here. Lumini is not in the city center, but free bus transportation is available. You can check the bus timetable here.
  • Rent a bike. Varaždin is a bicycle friendly town and locals use cycling as mean of transportation very often. You can rent a bike and explore the whole city and the surrounding area (more info can be found here).
  • Enjoy in numerous café terraces and have fun in bars and clubs.


ABSTRACT

The philosophy of this international school is simple: “humans are learning by doing”, so hands‐on learning and practical exercises are central to this schools teaching style. The school materials are first developed with hands‐on exercises in mind, with lecture materials supplementing the hands‐on activities. Thus, participants learn by doing and experiencing IoT threats, defenses, and investigation techniques. The aim of this school is to provide the highest possible quality of instructions on topics relevant to today’s modern IoT information security threat landscape including ethical hacking and penetration testing, and defensive techniques.


IoT Hacking Summer School

The school is intended to be free for everyone, from students to industry but we will need funds from sponsors to pay for the expenses of the schools. We will publish the details of our sponsorship packages soon.

Some hardware will be needed for the school. We will have a couple of kits available. If someone is interested to have a dedicated kit for themselves, we will publish a bill of materials so you can order it yourself or we will enable preorders so we can order the kit for you for the price of shipping + materials. Details will be published soon.

The school will cover the following topics:

  1. Introduction to the IoT landscape.
  2. IoT ecosystem threats and vulnerabilities.
  3. Physical attacks on IoT devices (finding consoles, dumping firmware, JTAG, ...).
  4. RF analysis, analysing RF spectrum with help of SDRs.
  5. Firmware analysis and reverse engineering.
  6. IoT web application API security.
  7. Communication security, encryption and data protection.
  8. RFID analysis, hacking and cloning.
  9. (The detailed programme will be announced shortly)

CAPTURE THE FLAG

The school will contain a Capture the Flag event.
Prove your skills in a controlled environment where you will have to show your mastery of offense and defense.

Current CTF prize pool: 1 ETH.


Sponsored by:

Note: CTF prizes are only issued to teams competing on-site at the school.
The challenge will be led by Tim Panton.
Summary:
Students will get hands on experience controlling a small IoT device while defending it against outside attacks and attacking other team’s devices. Students will learn the benefits of teamwork and the trade offs between defense, offense and production.
Applicability:
An ideal student team will have the following mix of skills:
  1. 1) Gamer
  2. 2) Screwdriver capable person
  3. 3) Linux coder
  4. 4) Red teamer
  5. 5) Blue teamer
  6. 6) Project manager
  7. 7) Human communications specialist
  8. 8) Network guru
  9. (Not all skills are required, this is just a useful skillset for the challenge)
Format:
  • Students will split into groups
  • Each group will be provided with a WiFi camera equipped connected drone, running open source software and have an hour to familiarise themselves with the device and customise/harden it as they wish. You can also build and test offensive tools. Teams should also use this time to plan their strategy. You need to balance offense, defense and production.
  • Teams now drive their drones on the challenge course. Only one team member may be in the room with the drones, they may not control or move any drone. The rest of the team remains in the workshop area and controls the drone, runs offense and defense.
  • Teams review the results of the challenge and update their strategy and code.
  • We re-run the challenge.
  • Each team does a short presentation describing one thing they have learnt.


CLASSES & EXAMS

Faculty of Organization and Informatics (FOI)
Address: Pavlinska 2, 42000 Varaždin
Contact e-mail: international@foi.hr
Website: http://www.foi.unizg.hr/eng
FOI web cam overlooking the city main square: https://www.foi.unizg.hr/web-kamera

All teaching activities will be organized in one building (FOI 1). FOI 1 is located in the very heart of Varaždin, overlooking the main square, called 'Korzo'. The Faculty's stately baroque building makes for a setting imbued with history that is both vivid and rich while housing studies for technologies of the future.


Audience


INTENDED AUDIENCE

Students interested in: Information security, offensive security, penetration testing and incident response.

The school is intended for beginners and mid level knowledgeable students. Don’t worry fun and challenging materials will be added for more skillful students.

Basic knowledge of GNU/Linux based systems, programming and broad spectrum of IT knowledge is a plus.


LECTURERS

thumb
Jean-Philippe Aumasson

Kudelski Security, Switzerland

thumb
Zoz

USA

thumb
Andrea Barisani

F-Secure, Inverse Path

thumb
Vlatko Košturjak

Diverto, Croatia

thumb
Tim Panton

|pipe|, UK

thumb
Nicolas Bodin

ESIEA, France

thumb
Arnaud Bannier

ESIEA, France

thumb
Kirils Solovjovs

Possible Security, Latvia

thumb
Goran Hacek

Occam, Croatia

thumb
Luka Perkov

Sartura, Croatia

thumb
Marin Bek

Kraken, Ascalia

thumb
Dejan Strbad

Kraken, Ascalia

thumb
Boris Tomaš

Faculty of organization and informatics, Croatia

thumb
Hetti - Petar Kosić

Metalab, Austria

thumb
Tonimir Kišasondi

Faculty of organization and informatics, Croatia



Jean-Philippe Aumasson

Principal cryptographer at Kudelski Security
Jean-Philippe (JP) Aumasson is a cryptographer, author of the books Serious Cryptography (No Starch Press, 2017) and The Hash Function BLAKE (Springer, 2015), and designer of the BLAKE2 and SipHash algorithms. JP works as an independent consultant, while holding a 30% part-time position at Kudelski Security and a position of Lead Security Advisor for a Swiss fintech start-up. He has spoken at Black Hat, DEFCON, RSA, CCC+SyScan, Troopers about applied cryptography, quantum computing, and platform security. He likes finding bugs in cryptocurrency and blockchain technologies, and even gets paid for it.


Zoz

Hacker, robotics expert and educational media personality
Zoz is a hacker, robotics expert and educational media personality whose interests center on the interactions between humans and technology in the form of human-machine interfaces, design, and individual empowerment. He has taught subjects including robotics, digital fabrication, cybersecurity and ethical hacking at top international universities and as a private industry consultant. He has hosted and appeared on numerous international television shows including Prototype This!, Time Warp and RoboNationTV. He speaks frequently at prominent security and hacking conferences including DEF CON, HackCon and BruCon, volunteers as the MC for BSides Las Vegas and on the review committee for DEF CON, and is a 2-time DEF CON black badge winner. He believes warranties exist to be voided.

Lecture #1: Hacking driverless cars:
A presentation from DEFCON a few years ago, updated with new research made since then, plus an overview of the DOT's plans for V2V (vehicle-to-vehicle) and V2I (vehicle-to-infrastructure) wireless communications. These vehicles will eventually be part of the IoT, but they are not yet.

Lecture #2: Rapid prototyping tools and techniques
A lecture on rapid prototyping tools and techniques, like laser cutting and 3D printing, including DIY hacks for electronics fabrication and assembly.

Workshop #1: A Robot Operating System (ROS) tutorial
You need to follow this tutorial to be able to follow this workshop!
A tutorial for getting started with the Robot Operating System (ROS) using the Gazebo simulator. Robots are not common IoT devices yet, but they will be eventually, and there's a good chance if you encounter one in the wild it could be running ROS. (Some industrial robots like Rethink's Baxter and Sawyer already do.) The tutorial is an intro level tut, presented in a hacking context, like sending spoofed GPS information, malicious command injection, DOSing ROS nodes and so on.

Workshop #2: CTF challenges
A few entry-level CTF challenges that the students can take a shot at. They were developed for college-age students just getting in to infosec and hacking. Some of these will be added to the official CTF.


Andrea Barisani

Founder at Inverse Path, Head of Hardware Security at F-Secure
Andrea Barisani is an internationally recognized security researcher, founder of security consultancy Inverse Path, now part of F-Secure where he assumed the role of Head of Hardware Security. Since owning his first Commodore-64 he has never stopped studying new technologies, developing unconventional attack vectors and exploring what makes things tick...and break. His experiences focus on large-scale infrastructure defense, penetration testing and code auditing with particular focus on safety critical environments, with more than 15 years of professional experience in security consulting. Being an active member of the international open source and security community he contributed to several projects, books and open standards. He is a well known international speaker, having presented at BlackHat, CanSecWest, Chaos Communication Congress, DEFCON, Hack In The Box, among many other conferences, speaking about innovative research on automotive hacking, side-channel attacks, payment systems, embedded system security and many other topics.

Lecture #1 (60 minutes): Real-life experiences in avionics security assessment:
The lecture aims to provide insights on real-life experiences gathered from the security assessment of modern avionics systems. Particular focus is placed on explaining how the interaction between safety and security is assessed and how responsible teams can interact and to combine their diverse set of skills. An example technical overview of the classes of systems, interfaces and audit methodologies is given to precisely demonstrate how work in this area is laid out and executed, and to emphasize its importance in the transportation industry. Finally the unique culture of safety in modern aviation is compared to similar safety-critical areas, such as the automotive field, to highlight the differences and similarities.

Lecture #2 (120 minutes): Trusted Execution Environments with modern SoCs:
The availability of modern System on a Chip (SoC) parts, having low power consumption and high integration of most computer components in a single chip, empowers manufacturers in in creating secure embedded systems. The lecture explores the common security features found in typical SoC configurations, such as secure boot and cryptographic co-processors, and how they can be leveraged to achieve trusted execution environments of all kind. We will explore state of the art techniques to take advantage of SoC security features as well as potential mistakes and vulnerabilities. Finally an in depth overview of ARM TrustZone will highlight its strength and weaknesses.


Vlatko Košturjak

CTO at Diverto, Croatia
Vlatko Kosturjak is CTO at Diverto where he helps clients to reach desired security level(s). He likes to break and build depending on the mood and time of day(night). Beside security, his passion is open and free software, so he authored open source security tools which are used in CTFs and pentests worldwide. He also contributed code to various free security software like OpenVAS, Nmap and Metasploit.

Lecture #1: MIPS and ARM exploitation


Tim Panton

CTO at |pipe|, UK
Tim Panton (@Steely_glint) is a software developer with an infosec history. He loves learning new things. He is currently busy as CTO at |pipe| building a secure, easy to use distributed transport and identity layer for the internet of things. He is a recovering open source VoIP coder.

The CTF Challenge
Every team that competes in the CTF will be given a drone that they need to secure/harden as much as possible. The teams will then get a task that their drones need to accomplish, while getting attacked by the other teams. After the first round, the teams will then again have some time to make improvements to their drone, after which they try to finish te task one last time. The reward pool for the CTF is currently 1 ETH, sponsored by Bitfalls.


Nicolas Bodin

Researcher and lecturer at ESIEA
Nicolas Bodin obtained his PhD in 2013 following a thesis in steganography. He has since been a researcher teacher in a french engineering school, the ESIEA. He teaches C programming for undergraduate students and is particularly interested in new teaching methods. His favorite research topics are steganography and steganalysis although he is not afraid to write articles when he finds some nice properties in relation to Venn diagrams with his colleague Arnaud Bannier.


Arnaud Bannier

Researcher and lecturer at ESIEA
Arnaud Bannier is a lecturer and researcher at (C+V)^O research lab at the french engineering school ESIEA. He holds a PhD in cryptography and is co-author of the book Partition-based Trapdoor Ciphers (InTech editions, 2017). He teaches C programming, algebra and cryptography. His research topics are of course Cryptography and Cryptanalysis, even if he might work in Steganography with his colleague Nicolas Bodin in the future.

Steganography challenge: a two-part lecture (each part 180 minutes):
Lecturers: Nicolas Bodin and Arnaud Bannier
Steganography is a way to hide a communication into another innocuous one. During these lectures, you will discover some ways to practice and detect steganography in digital media such as images, web pages, executable files... These lectures are organized in several independant challenges, each starting with a short tutorial.


Kirils Solovjovs

Lead Researcher at Possible Security
Mg. sc. comp. Kirils Solovjovs is a Lead Researcher at Possible Security and the most visible white-hat hacker in Latvia. He has extensive experience in network flow analysis, reverse engineering, social engineering and penetration testing. He has discovered and responsibly disclosed or reported multiple security vulnerabilities in information systems of both national and international significance, as well as IoT devices.

Lecture #1 (180 minutes): RFID attacks and Proxmark hands-on
Lecture #2 (180 minutes): Live network forensics and reversing network protocols


Goran Hacek

CEO at Occam, Croatia
Goran is a software engineer by education, but with his 31 years of age has spent half of his life in IT and has gathered experience on various projects in different industries. Recently he started his own company where he and his team help their clients convert ideas into successful products. They specialize in IoT and connected devices, where they build the whole stack, from custom hardware to all software needed to run the devices and the network.

Workshop #1 (180 minutes): An intro to IoT /w Arduino
A hands-on workshop about the basics of Arduino programming and a bit of hardware basics. How to read and write analog/digital stuff. Controlling a LED, reading a light sensor. Sending the sensor data to a server.

Workshop #2 (180 minutes): IoT for WebDevs
A hands-on workshop about hardware basics, without any hardware programming. The students get an Arduino kit with a preinstalled WebSockets server, which they control and get status info using JavaScript. Prior JavaScript knowledge is required for this workshop.


Luka Perkov

Managing Director at Sartura, Croatia
Luka Perkov has been working with embedded Linux systems for over a decade. He initiated and now manages several FOSS projects whose goal was to fill the gap between the industry requirements and available community software. Luka officially became an OpenWrt developer in 2011. One of his first full time employers was a medium-sized Internet Service Provider, where he worked as an Administrator for Broadband Solutions. He left this position and founded a software company, Sartura, with strong focus on embedded development. Today he is managing the company. Luka obtained his master's in computing science at the Faculty of Electrical Engineering and Computing, Zagreb, Croatia. Soon after he enrolled in a specialist postgraduate study Information Security at the same university. He gained his academic title, specialist in information security, after defending thesis "Security issues with remote configuration of internet service providers' network equipment" in 2014.

Lecture (45 minutes): ISP's black box


Marin Bek

CEO at Kraken and Ascalia
Marin Bek started out as a robotics engineer, creating his first company in Palo Alto in 2011 building autonomous underwater “drones”. Since then, he moved on to be the CTO at Nextuser in San Francisco, helping in getting 2.5M$ in funding and growing the tech team to more than 25 people, working with clients like Ferrero, Nestle, Carrefour… He is currently the founder and CEO of Kraken d.o.o. (KrakenSystems) in Zagreb, helping companies scale and solidify their products, mainly in the area of large, distributed systems. He is constantly looking for new challenges and building new companies. When he’s not working, you can find him rock-climbing in the nearest crag.


Dejan Strbad

CTO at Kraken and Ascalia
Dejan is the CTO in KrakenSystems, with over 10 years of professional experience in a wide range of software development, SRE, Ops and systems architect roles. He is the main figure in supporting Nextuser’s distributed high-load system spreading over 4 continents and helping their other clients tackle their technical challenges. Lately his focus is on building Ascalia, ICS for 21st century... He is constantly looking for new challenges, building new companies and likes to exchange knowledge through meetups, workshops and conferences. In his free time, he is involved in political activism through civil society initiatives.

Lecture (45 minutes): Industrial Control Systems
Lecturers: Marin Bek and Dejan Strbad
An overview of available solutions, pros and cons. What's next in the era of IoT?

Workshop (3 hours): Hacking session of Industrial Control Systems
Lecturers: Marin Bek and Dejan Strbad
The challenges are listed below. You'll need to be connected to our FSEC_HACK2018 network in order to access the IPs.

FOI Building


Boris Tomaš

Senior Teaching Assistant/Postdoctoral Researcher at Faculty of Organization and Informatics, University of Zagreb

Lecture (1 hour): Visible Light Communication in Vehicular Networks
VLC is a novel communication technology which uses a terahertz-wide, unlicensed visible light spectrum. It has a great potential in supplementing or even replacing the existing radio frequency (RF) communication technologies in application as diverse as device-to-device (D2D) communications, vehicle-to-vehicle (V2V) communications, vehicle-to-infrastructure and infrastructure-to-vehicle communication, and small-cell (e.g., femtocell) systems. The physical characteristics are similar to infra-red (IR) communication; similar to IR, VLC also uses the spectrum that is under atmospheric window effect, thus making it highly sensitive to solar radiation noise. In vehicular communication setting, VLC is particularly interesting, since most of the components that are needed to enable VLC are already part of a modern vehicle. Specifically, an LED, LASER, or any other light emitting technologies that can be controlled using micro controllers and can be used as a VLC transmitter (Tx). Conveniently, headlights and taillights of modern vehicles contain LED lights, with LASER lights being envisioned in the near future. Similarly, VLC receiver (Rx) component is usually either a photodiode (PD) or a CMOS camera, which can be found in many modern vehicles (e.g., a front camera for lane tracking or a rear camera for parking assistance).


Hetti - Petar Kosić

Technical computer science student from Vienna with a passion for IT Security and geeky stuff. - Metalab, Vienna
He is one of the board members of the finest Viennese Hackspace Metalab. In his free time he enjoys travelling to community based IT Conferences. The Viennese Cryptoparty is organized by him, where he also holds lectures and workshops about a broad range of IT Security & Privacy topics. You can also find him at the Chaos Computer Club Vienna (C3W). On some weekends he is hunting flags with the successful academic CTF Team We_0wn_Y0u.

Lecture (1 hour): Security Safari in b0rkenLand - Watch out! There are dangerous security problems out there.

Check out the slides here!

A small travel from broken metal chunks to "undocumented user accounts" and other security holes. IT respectively computer security is an interesting area. Not only for criminals but also for scientists, programmers and users. We all should know that 100% security does not exist. Therefore I would like to underpin this statement with this lecture. I will present a selection of security holes/problems that appeared during 2018 and will give you an insight into that part of the IT security world. You will probably see your software and hardware differently after this lecture


Tonimir Kišasondi

Head of Open Systems and Security Laboratory at Faculty of Organization and Informatics, University of Zagreb
Tonimir Kišasondi is the Head of the Open Systems and Security Laboratory at the Faculty of Organization and Informatics where he mentors students in the art of information security. From his industrial cooperation side, he specializes in helping software, IoT and blockchain companies from the EU and US build secure products from the design to the production stage. His professional and research area of interest is security architecture, security testing & analysis and applied cryptography.





You can also join our Matrix room directly on the address: #IoTSumSchool18:matrix.org.



OUR SPONSORS


                    


This work has been supported by the Croatian Science Foundation under the project IP-2014-09-3877.