This website is currently being rebuilt. (But as we rather invest our time in new hardware hacks, this might remain like this for some time... ;) )
hands-on-security.com
c/o Techpro Limited Liability Company
Blegistrasse 15
6340 Baar
hands-on-security.com specializes in hardware-related security trainings. We continuously research in the area of hardware security and occasionally come up with our own training programs.
In addition to our in-house expertise, we also collaborate with globally recognized security professionals, bringing their wealth of knowledge and experience to Switzerland. By hosting trainings with these experts, we provide unique learning opportunities for our participants, enabling them to learn from the best in the field.
We offer both private onsite trainings upon request and a variety of public trainings. Note that private onsite trainings are not listed here and can be arranged separately.
| Date | Event | Location | Details |
|---|---|---|---|
| 20./21. June 2024 | Defeating Microsoft's Default BitLocker Implementation | Hochschule für Wirtschaft Zürich | Flyer Register |
| 24./25. January 2024 | Defeating Microsoft's Default BitLocker Implementation | Hochschule für Wirtschaft Zürich | Flyer |
Together with Popp Schweiz AG we have received a rating of 4.8 stars out of 5 at the Black Hat USA 2023 Security Conference in Las Vegas for our training "Defeating Microsoft's Default BitLocker Implementation". Read below to get all the details about this fascinating and beginner friendly training.
TL;DR : Our flyer gets you covered.
This training guides you through the whole process involved for a successful BitLocker TPM bus sniffing attack. Within two days you will be given the necessary knowledge about micro soldering, notebook internals, TPM basics, logic analyzers, basic forensic data acquisition and some BitLocker theory. In the end you will not just be able to conduct the attack against a test notebook which you can take home, but also fully understand what you are actually doing and applying it to your devices.
As a nice little extra you will learn how to deal with tamper protection switches, and we will show you how to decrypt the BitLocker recovery password with the sniffed data for complete pwnage and the eye-popping finding in your endpoint security report. All special hardware required for the attack will be part of your hardware kit which you also take home at the end of the course.
The training is built up as a step-by-step guidance to conduct the attack. For each step you will be provided with the necessary theoretical background before you solve the step hands-on.
On the first day you will start with soldering your own attack adapters which will be used later on. After the warmup with the soldering iron you will learn how to micro solder on test boards. The hands-on experience is followed by a theoretical block taking you deep within the internals of modern portable computers. With the help of schematics, boardviews and datasheets you will get familiar with the process of finding a TPM within your target device. As those documents are not for all target devices available, you will also first conduct a manual search approach on your test device. Having located the TPM within your test device you are now ready to solder your attack adapter to the TPMs fine pins.
Having prepared the test device on the first day, we now need to get our attacking tools ready. On the second day you will learn how to work with a logic analyzer to conduct bus sniffing attacks in general. The learnt theory will then be applied, and you will end the hardware attacking part with grabbing the TPMs communication. Before being able to extract the key material from the communication you will learn about the BitLocker basics and where to look for the Volume Master Key (VMK) in the TPMs communication. Equipped with this knowledge you are now ready to extract your BitLocker VMK and decrypt your test device's data.
This course is for the average digital forensics analyst, the forensic practitioner, security researcher and system administrator who needs to circumvent BitLocker with TPM-only. But also for the penetration tester actually required to proof the severity of his finding if the client uses TPM-only BitLocker setups and for anyone who wants to take their hardware skills to the next level.
Students should bring the necessary motivation for hands-on hardware hacking. This course is about getting your hands dirty ;)
Students are required to bring a notebook capable of running a virtual Win7 machine. The host operating system further shall be capable of running DreamSourceLab's DSView and python3. In order to be able to communicate with the provided Logic Analyzer at least one USB 3.0 A port is required. It should be clear, that you need admin/root access on this device and have the permission to install additional software.
You will receive a complete kit worth of approx. 900 USD containing:
As a forensic practitioner Joel has been extracting data of countless mobile devices, hard drives and computers. In the latest years he started to focus more on IoT devices, car forensics and has in depth knowledge about flash memory forensics. His manual skills with micro soldering, taking devices apart and building custom electronics are extraordinary.
Pascal (@pascal_gujer) started as an Electrical Engineer with the intention of tackling information security from the hardware side. With his recently accomplished MSc in Advanced Security and Digital Forensics he educationally completed this path. In his master thesis about Microsoft’s Default BitLocker Implementation, he developed an own way to undertake the TPM Bus Sniffing attack with maximum visibility for the attacker. Pascal has more than six years of experience as a Digital Forensics Expert and has been involved in many hardware hacking and pentesting jobs.
This is bold and this is strong. This is italic and this is emphasized.
This is superscript text and this is subscript text.
This is underlined and this is code: for (;;) { ... }. Finally, this is a link.
Fringilla nisl. Donec accumsan interdum nisi, quis tincidunt felis sagittis eget tempus euismod. Vestibulum ante ipsum primis in faucibus vestibulum. Blandit adipiscing eu felis iaculis volutpat ac adipiscing accumsan faucibus. Vestibulum ante ipsum primis in faucibus lorem ipsum dolor sit amet nullam adipiscing eu felis.
i = 0;
while (!deck.isInOrder()) {
print 'Iteration ' + i;
deck.shuffle();
i++;
}
print 'It took ' + i + ' iterations to sort the deck.';| Name | Description | Price |
|---|---|---|
| Item One | Ante turpis integer aliquet porttitor. | 29.99 |
| Item Two | Vis ac commodo adipiscing arcu aliquet. | 19.99 |
| Item Three | Morbi faucibus arcu accumsan lorem. | 29.99 |
| Item Four | Vitae integer tempus condimentum. | 19.99 |
| Item Five | Ante turpis integer aliquet porttitor. | 29.99 |
| 100.00 | ||
| Name | Description | Price |
|---|---|---|
| Item One | Ante turpis integer aliquet porttitor. | 29.99 |
| Item Two | Vis ac commodo adipiscing arcu aliquet. | 19.99 |
| Item Three | Morbi faucibus arcu accumsan lorem. | 29.99 |
| Item Four | Vitae integer tempus condimentum. | 19.99 |
| Item Five | Ante turpis integer aliquet porttitor. | 29.99 |
| 100.00 | ||