About The Training
Berlin 2025 | Trainings
- AI Security: Terminating The Terminator
- AdversaryOps: Engineering Red Team Tradecraft
- Application Security Tool Stack - How to Discover Vulnerabilities in Software
- Building Secure Firmware: Best Practices and Labs
- Cloud Red Team Tactics for Attacking and Defending Azure
- Cyber Threat Intelligence Bootcamp: Hands-on Labs & Real-World Scenarios
- Hacking Android Applications
- Hacking Modern Web & Desktop apps: Master the Future of Attack Vectors
- Slaying the RE Dragon: Mastering Reverse Engineering
< Training Title />
Building Secure Firmware: Best Practices and Labs
< Training Schedule />
Start Date: Mar 02, 2026
End Date: Mar 04, 2026
< Training Objectives />
This course aims to equip participants with a comprehensive understanding of secure firmware development by combining foundational theory with practical, hands-on skills. Upon completion, learners will be able to identify and mitigate common firmware security risks, apply industry-recognized secure coding practices, implement robust firmware update mechanisms, and conduct effective device hardening and incident response. The training prepares participants to design and maintain resilient firmware suitable for a wide range of embedded and IoT platforms, ensuring device integrity, data confidentiality, and operational reliability in real-world environments.
< Training Level />
Basic
< Training Outlines />
Securing Firmware: Because Nobody Wants a Hacked Toaster
Subtitle: A hands-on journey into embedded security essentials.
Day 1: Firmware Foundations & Reducing the Attack Surface
1. Key Concepts
- Understanding Firmware:
Overview of firmware’s role and security challenges in embedded/IoT devices. - Threat Vector Analysis:
In-depth analysis of critical firmware threat vectors through the Mirai Botnet campaign, which exploited insecure default credentials and vulnerable update processes to compromise millions of devices. - Attack Surface Minimization Techniques:
Techniques for mapping and actively minimizing attack surfaces, including:
- Secure boot enforcement
- Disabling unused interfaces
- Adherence to secure default configurations
2. Hands-On
Hands-on session for setting up the development environment, flashing firmware on a compatible development board, and probing device interfaces for security gaps.
3. Case Study (Mirai Botnet)
Exploration of Mirai Botnet firmware vulnerabilities, breach impact, and subsequent remediation efforts such as:
- Credential hardening
- Secure boot integration
Day 2: Secure Coding Practices, Vulnerability Discovery & Testing
1. Key Concepts
Secure Coding Fundamentals:
Implementation of secure coding practices, including:
- Input validation
- Memory safety to prevent overflow flaws
- Principle of least privilege
- Secure credential management
- Avoidance of deprecated or unsafe functions
Common Firmware Weaknesses:
Examination of prevalent firmware weaknesses such as:
- Hardcoded secrets
- Insecure APIs
- Transmission of unencrypted data
Framework Alignment:
Aligning practices with industry standards, including OWASP IoT Top 10 and Microsoft SDL, to reinforce compliance and security best practices.
2. Interactive Session (Vulnerability Discovery)
Hands-on exercises for identifying and exploiting common vulnerabilities in firmware.
Day 3: Firmware Update Security, Device Hardening & Incident Response
1. Key Concepts
Secure Firmware Update Mechanisms:
Understanding secure firmware update processes, including:
- Cryptographic signatures
- Integrity checks
- Rollback protection
- Authenticated delivery pipelines
Device Hardening Methodologies:
Strategies for device hardening, such as:
- Disabling unused services
- Enforcing strict access controls
- Regular security audits and updates
Incident Response Planning:
Developing an incident response plan tailored for firmware vulnerabilities, including:
- Detection and analysis
- Containment and eradication
- Recovery and post-incident review
2. Capstone Project: Real-World Application
Participants will work in teams to develop a secure firmware update strategy for a hypothetical IoT device, incorporating lessons learned throughout the workshop.
Conclusion & Feedback
Wrap-Up Session:
- Recap of key takeaways from each day.
- Open floor for participant questions and discussions.
- Collect feedback for continuous improvement of the workshop.
< WHAT TO BRING? />
Personal Laptop: A functional laptop (Windows, macOS, or Linux) capable of running a modern IDE and debugger tools. Mandatory.
USB Drive (Minimum 16GB): For quickly transferring starter code, completed labs, and any necessary Virtual Machine images (if required for specific tools).
< Training PREREQUISITE />
- Basic Programming Knowledge
- Embedded Systems Understanding
- Networking Fundamentals
< WHO SHOULD ATTEND? />
This training is designed for beginners and early-career professionals who want to build a strong foundation in embedded security, particularly focusing on secure firmware development.
< WHAT TO EXPECT? />
This training offers an interactive and practical learning experience, blending foundational knowledge with hands-on labs and real-world case studies. Participants will engage with modern tools and techniques to understand, develop, and secure firmware for embedded and IoT devices.
< WHAT ATTENDEES WILL GET? />
- Step-by-step instructions for hands-on exercises, firmware flashing, vulnerability testing, and secure update implementation
- Shared-access to a limited number of development boards
< WHAT NOT TO EXPECT? />
Attendees should not expect to receive individual development boards.
< About the Trainer />
With 15 years of industry experience in automation and cybersecurity across web, mobile, network, and cloud domains, Riddhi Shree has recently expanded into hardware and firmware security. Combining broad security knowledge with a growing focus on embedded systems, she is dedicated to helping participants build practical skills in secure firmware development and embedded device protection.