Actions and Detail Panel

Sales Ended

Event Information

Share this event

Date and time



Silver Cloud Hotel

1100 Broadway

Seattle, WA 98122

View Map

Event description


HushCon welcomes you back to another year of training just before the holidays! Turn those end-of-year training budget dollars into 2 days of learning and a long weekend. This year our trainings may be divided between locations, but we're keeping it organized - you can still expect plenty of time with the instructors, meals, snacks, and an all training group get-together at the end! Sign up soon, space is limited.

Classes currently offered:

Joe FitzPatrick - Applied Physical Attacks on Embedded Systems

This course introduces and explores attacks on several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience implementing and deploying a number of low-cost hardware devices to enable access, privilege, and deception which is in some cases imperceptible from software. We’ll examine UART, JTAG, and SPI interfaces on both ARM and MIPS embedded devices, representative of a wide range of embedded devices that span consumer electronics, medical devices, industrial control hardware, and mobile devices. We will observe, interact with, and exploit each interface to use physical access to enable software privilege.

Course Outline

Day 1:

  • UART Background: UART History, Architecture, and Uses
  • UART Lab 1: Connecting to a known UART
  • UART Lab 2: Identifying and analyzing an unknown UART
  • UART Lab 3: Escalating and persisting UART privilege
  • JTAG Background: JTAG History and Purpose
  • JTAG Lab 1: Hardware and Software Setup
  • JTAG Lab 2: Escalating Privilege via Kernel
  • JTAG Lab 3: Escalating Privilege via a Process

Day 2:

  • SPI Background: Flash storage and the SPI interface
  • SPI Lab 1: Accessing Flash from software
  • SPI Lab 2: Sniffing and Parsing SPI
  • SPI Lab 3: Dumping SPI from Hardware
  • Firmware Background: More types of Flash, Storage, and Firmware
  • Firmware Lab 1: Dumping Firmware from Software
  • Firmware Lab 2: Manipulating firmware images
  • Firmware Lab 3: Finding software bugs in firmware

Target Audience

This course is geared toward pen testers, developers and others with a security background who wish to learn how to take advantage of physical access to systems to assist and enable other attacks.

Student Requirements

No hardware or electrical background is required. Computer architecture knowledge, low-level programming experience, and Linux command-line familiarity are all very helpful, but not required.

What to Bring

All hardware and software is provided for use in the class. Optionally, bring your own usb keyboard/mouse if you have strong preferences.

About the Trainer

Joe (@securelyfitz) is an Instructor and Researcher at Joe has spent over a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He has spent the past 5 years developing and leading hardware security related training, instructing hundreds of security researchers, pen testers, hardware validators worldwide. When not teaching classes on applied physical attacks, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.

Jay Beale - Linux Lockdown Training

Learn how to thoroughly lockdown Linux systems from Jay Beale, creator of Bastille Linux. This course is a combination of lecture and hands-on exercises, using provided VM’s. You’ll learn how to repel, and contain attacks, using configuration and free tools, including SELinux, Docker and Linux containers, ModSecurity, FWKnop and AppArmor. With attack and defense exercises, you’ll gain skills to prevent compromise.


Compromise is so common as to seem unavoidable. Even with perfect patching, systems can be compromised by "zero-day" vulnerabilities that only a few people even know exist. You don't have to stand for this kind of weakness! There are effective defensive technologies and techniques allow security professionals and system administrators to deflect and contain attacks. In this course, you'll learn how to protect a Linux system from compromise and then prove that your defense succeeded.

This course begins with core system lockdown, then moves on to application defense, where we create least-privilege and well-confined configurations that break exploits. Using defense-in-depth, we'll not only create jails but also tune the server programs within them to keep exploits from reaching their vulnerable code. For example, we'll jail the Apache web server with SELinux, AppArmor and a Linux container. Then we'll set PHP variables to restrict what a vulnerable PHP application can do. Finally, we'll deactivate whole modules, reducing the odds that the next Apache vulnerability is even present on our machine. Once we've accomplished all of this best practice work, we'll get deeper protection from applying the latest security technology to better deflect attacks.

Here are a few examples of that deeper defensive technology. We'll protect web applications from their own flaws with ModSecurity, the intrusion prevention system (IPS) for Apache and Nginx. We'll build Linux firewalls with iptables, then build on this by using GPG-based port knocking to make our SSH daemon, web server or VPN concentrator inaccessible to attackers. We'll learn how to use SELinux, but also learn AppArmor, which can bring similar exploit disruption to a few key programs without dramatically changing the way you administer the system.

Students will gain skills in performing system lockdown and applying defensive technology to prevent and contain compromises. While this class focuses on Red Hat and Ubuntu Linux, it applies directly to all Linux distributions and broadly to all UNIX variants.

Students will leave this course able to:

  • Configure Linux machines for much stronger attack resiliency.
  • Configure Web, DNS, and FTP server applications to break exploits against known and unknown vulnerabilities.
  • Use SELinux and AppArmor to restrict and harden server programs
  • Use Linux containers to create Linux containers to jail server programs.
  • Deploy ModSecurity to add web application firewall functionality to Apache and Nginx.
  • Configure DNS encryption (TSIG and DNSSEC) to protect against DNS spoofing and phishing attacks.
  • Create host-based firewalls, with optional GPG-backed port knocking.
  • Deploy port-knocking-style Single Packet Authorization via FWKnop and GPG
  • Use encryption to create safer processes and administration.

Target Audience
System administrators, dev ops engineers, IT Security professionals.

Student Requirements
Students should bring a working understanding of Linux or UNIX.

What To Bring
Students should bring a laptop with VMware Player, Fusion or Workstation, with at least 8GB of RAM. The host operating system may be either 32 or 64-bit.
** NOTE: This training will be held at the Columbia Center building in downtown Seattle, 701 Fifth Ave.

About the Trainer
Jay Beale (@jaybeale) has created several defensive security tools, including Bastille Linux/UNIX and the CIS Unix Scoring Tool, both of which are used throughout industry and government. He has served as an invited speaker at many industry and government conferences, a columnist for Information Security Magazine, SecurityPortal and SecurityFocus, and a contributor to nine books, including those in his Open Source Security Series and the "Stealing the Network" series. Jay is a founder and the Chief Operating Officer of the information security consulting company InGuardians.

Date and time


Silver Cloud Hotel

1100 Broadway

Seattle, WA 98122

View Map

Organizer Subversive Securities & Holdings

Organizer of HushCon Training 2016

Save This Event

Event Saved