Vulnerability Detection

4 day class covering the full Bluetooth Low Energy (BLE) protocol stack from the bottom (PHY) up to the top (GATT). The core of the class is built around playing with a game application on an Android phone, talking via Bluetooth to an IoT-type piece of hardware, and analyzing the communication between them. The 4th day is focused on assessing a cutomized Ultra-Vulnerable Peripheral firmware, running on Zephyr RTOS, which has had vulnerabilities introduced into it which are representative of vulnerabilities found in the past across many other platforms.

Variable-length class (1-5 days). This class teaches how to find vulnerabilities in source code, and then how to prevent, detect, or mitigate them. The class teaches vulnerability pattern recognition by walking students through real CVEs. The class structure was originally created for Apple’s internal training for their developers when Xeno worked there.