Overview What You Will Learn Curriculum Instructor

Course Overview

Step into the world of hardware penetration testing - where technology meets curiosity! If you’re experienced in traditional penetration testing, this course will open new doors, equipping you with the specialized techniques to target industrial embedded systems. Industrial devices present unique attack vectors and require a precise approach; here, you’ll develop the expertise to identify hidden entry points within PCBs, firmware, and industrial IoT components. 

Starting with the fundamentals of electrical and signal reconnaissance, you’ll learn the ins and outs of PCB hardware tools, delve into firmware and serial interfaces, and explore practical methods for exploiting these systems. This course is rooted in real-world case study industrial devices like a gateway and communication server. The Chronoguard Challenge Board brings an authentic touch to your skill development. Each module is designed to deepen your understanding of how to leverage specialized tools like multimeters, logic analyzers, and flash programmers in your tests. 

By the end of this hands-on course, you’ll have expanded your offensive hardware security toolkit with tactics tailored for the ICS/OT and IIoT domain, enabling you to craft advanced attack paths and discover vulnerabilities in industrial environments that remain untouched by traditional IT-focused methods. Elevate your penetration testing skills and gain the expertise needed to secure critical OT systems against the most sophisticated threats. Join now and be among the experts who can bridge the gap between IT and OT security. 

Disclaimer: Always prioritize electrical safety—avoid contact with exposed, voltage-carrying leads and be mindful of hazards. When applying these skills to industrial hardware, success is not guaranteed; debug interfaces are often undocumented or disabled. This course does not cover soldering skills; some basic craftsmanship and soldering knowledge are recommended for effective application.

What You Will Learn

  • Build an affordable hardware hacking challenge board (we use a NodeMCU ESP8266 dev board) to apply your newly learned skills!
  • Create a secure and functional hardware hacking lab for this course and your future assessments.
  • Identify vulnerabilities in industrial embedded systems (ICS/OT and IIoT)!
  • This is not a course on soldering!

Program Curriculum

  • Your Learning Journey and Shopping List
  • Contrasting Information Technology (IT) and Operational Technology (OT)
  • Introduction to Case Study Industrial Embedded Systems and Challenge Board
  • Framework for OT Resilience Testing and Risk Evaluation in Security Scenarios
  • Pentest Methodology and Attack Vectors
  • OSINT: Leveraging FCC Filings for Hardware Hacking
  • Summary
  • Chapter 1 Quiz

  • Welcome to Setting Up Your Hardware Hacking Lab
  • Safety First: Four Electrical Safety Rules
  • Understanding Virtualization and Virtual Machines
  • Installation of VirtualBox
  • Kali Linux Setup and Installation Script
  • Setting up the NodeMCU ESP8266 Challenge Board
  • Installing the Logic Analyzer Software
  • Summary of Setting Up Your Hardware Hacking Lab
  • Chapter 2 Quiz

  • Welcome to Circuit Board Reconnaissance
  • Essentials for PCB Recon
  • Fundamentals: Main Components on a PCB
  • IX2400: PCB Recon
  • IX2400: Using AI for Component Identification
  • IX2400: Datasheet Search
  • W2150A: PCB Recon
  • W2150A: Using AI for Component Identification
  • W2150A: Datasheet Search
  • Challenge Board Task: PCB Recon
  • Challenge Board Solution: PCB Recon, Component Identification, Datasheet
  • Summary of Circuit Board Reconnaissance
  • Chapter 3 Quiz

  • Welcome to Electrical Reconnaissance
  • Essentials for Electrical Recon
  • Fundamentals: Current
  • Fundamentals: Continuity
  • Fundamentals: Voltage
  • Fundamentals: Ohm's Law
  • W2150A: Identifying Ground and Voltage Levels
  • IX2400: Identifying Ground and Voltage Levels
  • Challenge Board Task: Electrical Recon
  • Challenge Board Solution: El. Recon, Identifying Ground and Voltage Levels
  • Summary of Electrical Reconnaissance
  • Chapter 4 Quiz

  • Welcome to Signal Reconnaissance
  • Essentials for Signal Recon: Analyzer Interface Hardware
  • Essentials for Signal Recon: Analyzer Software
  • Fundamentals: Logic Levels
  • Fundamentals: Signal Transfer Rates
  • Fundamentals: Logic Analysis
  • IX2400: Capturing and Identifying Logical Signals
  • W2150A: Capturing and Identifying Logical Signals
  • Challenge Board Task: Signal Recon
  • Challenge Board Solution: Signal Recon, Capturing & Identifying Logical Signals
  • Summary of Signal Reconnaissance
  • Chapter 5 Quiz

  • Welcome to Serial Reconnaissance
  • Essentials for Serial Recon: USB-UART Interface
  • Essentials for Serial Recon: Picocom
  • Fundamentals: Introduction to Low Speed Serial Interfaces in Hardware Hacking
  • Fundamentals: Introduction to UART
  • Fundamentals: Introduction to SPI
  • IX2400: Establishing a Serial Connection
  • W2150A: Establishing a Serial Connection
  • Challenge Board Task: Serial Recon
  • Challenge Board Solution: Serial Recon, Receiving the Bootlog
  • Summary of Serial Reconnaissance
  • Chapter 6 Quiz

  • Welcome to Obtaining Firmware Binaries
  • Welcome to Exploring the Boot Environment
  • Fundamentals: The Boot Environment
  • Fundamentals: The Bootlog
  • IX2400: Bootlog Analysis
  • W2150A: Bootlog Analysis
  • Challenge Board Task: Bootlog Analysis
  • Challenge Board Solution: Bootlog Analysis
  • Summary of Exploring the Boot Environment
  • Chapter 7 Quiz

  • Welcome to Accessing the Bootmenu
  • Essentials for Accessing the Bootmenu: xdotool
  • Fundamentals: Access to Bootmenu Command Line Interface/ Bootshell
  • Fundamentals: Bootshell Commands
  • IX2400: Bootshell Access with Automated Keystrokes
  • IX2400: Enumerating Bootshell Commands
  • W2150A: Bootshell Access with Hidden Debug Menu
  • W2150A: Enumerating Bootshell Commands
  • Challenge Board: Bootshell Access Task
  • Challenge Board: Bootshell Access Hints
  • Challenge Board: Bootshell Access Solution
  • Challenge Board Task: Bootshell Command Enumeration
  • Challenge Board Solution: Bootshell Command Enumeration
  • Summary of Accessing the Bootshell
  • Chapter 8 Quiz

  • Welcome to Analysing Non-Volatile Flash Memory and Gaining Root Access
  • Essentials: Strings and Grep
  • Essentials: Xxd
  • Essentials: Hexdump Cleanup Script
  • IX2400: Dumping the Non-Volatile Flash Memory via U-Boot
  • IX2400: Uncovering Root Credentials and Gaining Root Access
  • Accessing the Non-Volatile Flash Memory via Linux
  • Challenge Board Task: Dumping Non-Volatile Flash Memory
  • Challenge Board Hint: Dumping Non-Volatile Flash Memory
  • Challenge Board Solution: Dumping Non-Volatile Flash Memory
  • Challenge Board Task: Root Access
  • Challenge Board Solution: Finding the Root Password and Gaining Root Access
  • Summary of Analysing Non-Volatile Flash Memory and Gaining Root Access
  • Chapter 9 Quiz

  • Welcome to Obtaining Firmware Binaries
  • Essentials: Flash Programmer
  • Essentials: Flashrom
  • Fundamentals: Firmware for Industrial Embedded Systems
  • Fundamentals: Extracting Firmware via USB
  • IX2400: Extracting the Firmware via USB Access
  • IX2400: Extracting the Firmware from the Flash Memory Chip via Flash Programmer
  • W2150A: Finding Vulnerable Firmware via OSINT
  • Task: Download Firmware for W2150A Using OSINT
  • Task: Download Substitute Firmware for IX2400
  • Solution: Download Substitute Firmware for IX2400
  • Summary of Obtaining Firmware Binaries
  • Chapter 10 Quiz

  • Welcome to Firmware Analysis
  • Essentials: Binwalk
  • Essentials: Firmwalker
  • Fundamentals: Manual Inspection of Firmware for Industrial Embedded Systems
  • Entropy Analysis of IX2400 Firmware
  • Task: Entropy Analysis of Firmware
  • Solution: Entropy Analysis of Firmware
  • Firmware Structure Scan of IX2400
  • Task: Firmware Structure Scan
  • Solution: Firmware Structure Scan
  • Firmware Extraction of IX2400
  • Task: Firmware Extraction
  • Solution: Firmware Extraction
  • Automated IX2400 Firmware Analysis with Firmwalker
  • Task: Analysis with Firmwalker
  • Solution: Analysis with Firmwalker
  • Introduction to EMBA
  • Summary of Firmware Analysis
  • Chapter 11 Quiz
Load more modules

Instructor

Marcel Rick-Cen

Marcel Rick-Cen is an OT Security Consultant with years of experience in the field of automation technology. He holds a master's degree in automation engineering and has a strong background in fixing mechanical, electrical, and software problems on the shopfloor. Marcel has worked on the shopfloor in various international locations, gaining firsthand experience in the challenges of keeping OT systems running. Additionally, as an ethical hacker, he spends his nights trying open-source exploits against real industrial hardware in his ICS homelab. Marcel's unique blend of technical expertise and real-world experience makes him an invaluable contributor to the OT security field. In his courses and workshops, he teaches newcomers exciting basics about the possibilities to attack and defend an ICS/OT system and places special emphasis on practicality.

Join over 1 Million professionals from the most renowned Companies in the world!

certificate

Empower Your Learning with Our Flexible Plans

Invest in your future with our flexible subscription plans. Whether you're just starting out or looking to enhance your expertise, there's a plan tailored to meet your needs. Gain access to in-demand skills and courses for your continuous learning needs.

Monthly Plans
Annual Plans
Save 20% with our annual plans!

Pro

Ideal for continuous learning, offering video-based learning with 840+ courses and diverse Learning Paths to enhance your skills.

$ 69.00
Billed monthly or $599.00 billed annually
Get Started Now
Start your 7-day trial for $1

What is included

  • 840+ Premium Short Courses
  • 70+ Structured Learning Paths
  • Validation of Completion with all courses and learning paths
  • New Courses added every month
Early Access Offer

Pro +

Experience immersive learning with Practice Labs and CTF Challenges for comprehensive skill-building.

$ 79.00
Billed monthly or $699.00 billed annually
Get Started Now
Start your 7-day trial for $1

Everything in Pro and

  • 1400+ Practice Lab exercises with guided instructions
  • 150+ CTF Challenges with detailed walkthroughs
  • New Practice Labs and Challenges added every month

Related Courses

  • Hacking WEP/WPA/WPA2 Wi-Fi Networks Using Kali Linux 2.

    Hacking WEP/WPA/WPA2 Wi-Fi Networks Using Kali Linux 2

    Short Course

    Hacking WEP/WPA/WPA2 Wi-Fi Networks Using Kali Linux 2

    Vulnerability Assessment and Pentesting

    The comprehensive course to secure & crack WEP/WPA/WPA2 k...

    $69.99

    Intermediate

    5 hr 12 m

  • Bootstrap 4 Quick Website Bootstrap Components Course.

    Bootstrap 4 Quick Website Bootstrap Components Course

    Short Course

    Bootstrap 4 Quick Website Bootstrap Components Course

    Software Development

    Explore the basics of Bootstrap and learn to create a website...

    $49.99

    Beginner

    1 hr 30 m

  • CCNA - Understanding Routers and Switches.

    CCNA - Understanding Routers and Switches

    Short Course

    CCNA - Understanding Routers and Switches

    Security Architecture and Operations

    A comprehensive guide to understanding the in-depth functioni...

    $49.99

    Intermediate

    2 hr 0 m

  • The Complete Full-Stack JavaScript Course.

    The Complete Full-Stack JavaScript Course

    Short Course

    The Complete Full-Stack JavaScript Course

    Software Development

    Learn full-stack web development using JavaScript (ReactJS, N...

    $79.99

    Beginner

    24 hr 17 m

  • React.JS for Ecommerce: Building a Store with React.JS

    React.JS for Ecommerce: Building a Store with React.JS

    Short Course

    React.JS for Ecommerce: Building a Store with React.JS

    DevSecOps

    From React.js Fundamentals to Crafting an Online Storefront

    $49.99

    Advanced

    3 hr 30 m

  • CISSP Certification Domains 5, 6, 7, and 8 Video Training.

    CISSP Certification Domains 5, 6, 7, and 8 Video Training

    Short Course

    CISSP Certification Domains 5, 6, 7, and 8 Video Training

    Cybersecurity

    This course is ideal for individuals who desire to pass the I...

    $69.99

    Intermediate

    6 hr 30 m

  • Helm 3 - Package Manager for Kubernetes.

    Helm 3 - Package Manager for Kubernetes

    Short Course

    Helm 3 - Package Manager for Kubernetes

    Software Development

    A must tool for every DevOps engineer

    $49.99

    Intermediate

    1 hr 27 m

  • Learn Ethical Hacking by Hacking Real Websites Legally.

    Learn Ethical Hacking by Hacking Real Websites Legally

    Short Course

    Learn Ethical Hacking by Hacking Real Websites Legally

    Vulnerability Assessment and Pentesting

    Fun way to learn ethical hacking by playing online hacking ga...

    $69.99

    Beginner

    4 hr 18 m

1 50
View all