Speakers (preliminary) - DeepSec IDSC 2025 Europe
Becoming the Godfather of Threat Modeling
In the world of cybersecurity there is always a threat lurking. Waiting in the shadows for the perfect moment to strike. You can sit back and relax and hope for the best and react when it’s too late… or before they even think about making a move you can take control and see everything coming from miles away. In this session, you’ll dive deep into the art of threat modeling—an essential skill that allows you to anticipate risks, identify vulnerabilities, and develop a proactive defense strategy.
Mike will guide you through the process and show you why threat modeling is an offer you simply can’t refuse. You’ll learn how to analyze threats with precision, build effective threat scenarios and develop a mindset that stays one step ahead of the attackers. Ultimately you won’t only understand threat modeling—you’ll lead it with confidence.
Join Mike in the family business, hone your expertise and become the Godfather of Threat Modeling. In this game only the wise and the prepared will survive.
My career has taken me through a diverse journey, spanning roles that include full-stack developer, business analyst, IT manager, and now thriving in cybersecurity. Throughout this journey, my deep passion for technology has remained a constant driving force.
For me, security resembles solving a 10,000-piece puzzle that's been turned upside down. You understand the end goal, yet you're uncertain about where each piece belongs. Achieving this requires close collaboration with developers, business stakeholders, and others, necessitating me to consistently bridge different disciplines within technology. Whether it's simplifying intricate development concepts for security and business professionals or vice versa, every piece added brings us nearer to the solution. This challenge deeply motivates me.
I approach my work with a clear focus on prioritizing people first, followed by refining processes, and then utilizing technology to enhance these efforts. This philosophy ensures that technological changes are seamlessly integrated and readily embraced by our teams and organizations.
Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation
### Overview ###
Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join this unique 100% hands-on training!
I will discuss security bugs found in a number of bug bounty programs (including Google, Yahoo, Mozilla, Twitter and others). You will learn how bug hunters think and how to hunt for security bugs effectively.
To be successful in bug hunting, you need to go beyond automated scanners. If you are not afraid of going into detail and diving into full-stack exploitation, then this 100% hands-on training is for you. There is a lab exercise for each attack presented in this training + students can take the complete lab environment home after the training session.
### Key Learning Objectives ###
After completing this training, you will have learned about:
- REST API hacking
- AngularJS-based application hacking
- DOM-based exploitation
- bypassing Content Security Policy
- server-side request forgery
- browser-dependent exploitation
- DB truncation attack
- NoSQL injection
- type confusion vulnerability
- exploiting race conditions
- path-relative stylesheet import vulnerability
- reflected file download vulnerability
- hacking with wrappers
- subdomain takeover
- remote cookie tampering
- non-standard XSS attacks
- hijacking tokens via PDF
- XML attacks
- deserialization attacks
- HTTP parameter pollution
- bypassing XSS protection
- hacking with polyglot
- clickjacking attack
- window.opener tabnabbing attack
- RCE attacks
- and more…
### What Students Will Receive ###
Students will be handed in a VMware image with a specially prepared testing environment to play with all bugs presented in this training. When the training is over, students can take the complete lab environment home (after signing a non-disclosure agreement) to hack again at their own pace.
### Special Bonus ###
The ticket price includes FREE access to my 6 online courses:
- Start Hacking and Making Money Today at HackerOne
- Keep Hacking and Making Money at HackerOne
- Case Studies of Award-Winning XSS Attacks: Part 1
- Case Studies of Award-Winning XSS Attacks: Part 2
- DOUBLE Your Web Hacking Rewards with Fuzzing (aka Fuzzing with Burp Suite Intruder)
- How Web Hackers Make BIG MONEY: Remote Code Execution
### What Students Say About This Training ###
This training was attended by security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips, government sector and it was very well-received. Recommendations are attached to my LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here (https://silesiasecuritylab.com/services/training/#opinions).
### What Students Should Know ###
To get the most of this training intermediate knowledge of web application security is needed. Students should be familiar with common web application vulnerabilities and have experience in using a proxy, such as Burp Suite Proxy, or similar, to analyze or modify the traffic.
### What Students Should Bring ###
Students will need a laptop with 64-bit operating system, at least 8 GB RAM, 35 GB free hard drive space, administrative access, ability to turn off AV/firewall and VMware Player/Fusion installed (64-bit version). Prior to the training, make sure there are no problems with running x86_64 VMs. Please also make sure that you have Internet Explorer 11 installed on your machine or bring an up-and-running VM with Internet Explorer 11.
### Instructor ###
Dawid Czagan is an internationally recognized security researcher and trainer. He is listed among top hackers at HackerOne. Dawid Czagan has found security bugs in Apple, Google, Mozilla, Microsoft and many others. Due to the severity of many bugs, he received numerous awards for his findings.
Dawid Czagan shares his offensive security experience in his hands-on trainings. He delivered trainings at key industry conferences such as DEF CON (Las Vegas), Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), NorthSec (Montreal), SINCON (Singapore), BruCON (Ghent) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector (references are attached to Dawid Czagan's LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here: https://silesiasecuritylab.com/services/training/#opinions).
Dawid Czagan is the founder and CEO at Silesia Security Lab. To find out about the latest in his work, you are invited to subscribe to his newsletter (https://silesiasecuritylab.com/newsletter) and follow him on Twitter (@dawidczagan), YouTube (https://www.youtube.com/channel/UCG-sIlaM1xXmetFtEfqtOqg), and LinkedIn (https://www.linkedin.com/in/dawid-czagan-85ba3666/).
### Instructor ###
Dawid Czagan is an internationally recognized security researcher and trainer. He is listed among top hackers at HackerOne. Dawid Czagan has found security bugs in Apple, Google, Mozilla, Microsoft and many others. Due to the severity of many bugs, he received numerous awards for his findings.
Dawid Czagan shares his offensive security experience in his hands-on trainings. He delivered trainings at key industry conferences such as DEF CON (Las Vegas), Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), NorthSec (Montreal), SINCON (Singapore), BruCON (Ghent) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector (references are attached to Dawid Czagan's LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here: https://silesiasecuritylab.com/services/training/#opinions).
Dawid Czagan is the founder and CEO at Silesia Security Lab. To find out about the latest in his work, you are invited to subscribe to his newsletter (https://silesiasecuritylab.com/newsletter) and follow him on Twitter (@dawidczagan), YouTube (https://www.youtube.com/channel/UCG-sIlaM1xXmetFtEfqtOqg), and LinkedIn (https://www.linkedin.com/in/dawid-czagan-85ba3666/).
eCrime Intelligence
Understanding eCrime is no longer optional. It is a mission-critical capability for any organization serious about anticipating, preventing, and neutralizing today’s most pervasive cyber threats. This intensive training provides a comprehensive exploration of the eCrime ecosystem, unpacking the full spectrum of adversarial tactics, techniques, and procedures used by financially motivated threat actors to exploit organizations of all sizes and sectors.
Blending traditional intelligence tradecraft with cutting-edge cyber security methodology, this course empowers cyber threat intelligence professionals, SOC analysts, CISOs, and forward-thinking defenders to operationalize threat intelligence, proactively reduce risk, and harden their defensive posture. Whether you are new to the world of eCrime or looking to refine your existing expertise, this course will give you the insight, confidence, and real-world skillset to outpace adversaries.
Through hands-on exercises, real case studies, and live tooling, participants will learn to track and attribute adversary infrastructure, analyze adversary tradecraft, uncover victimology, and confidently identify key players within organized eCrime operations. Attendees will explore the dark web, develop basic operational personas, collect intelligence from adversary-run forums and marketplaces, and learn how to infiltrate closed communities — all safely and effectively.
This is not theory. This is practical, tactical, and grounded in the reality of modern cyber threat operations. By the end of the training, attendees will walk away with the knowledge and tools needed to investigate, disrupt, and counter eCrime adversaries, all while supporting broader intelligence collection plans and strategic security initiatives within their organizations.
Aaron is a Senior Systems Engineer at Crowdstrike. He is based in Dubai and supports the Crowdstrike business across the Middle East, Turkey, and Africa (META) region. Aaron advocates for the adoption of Cyber Threat Intelligence (CTI) to organisations across the public and private sectors.
Prior to joining industry, Aaron served 12 years of Active Duty in the Singapore Armed Forces as a Military Intelligence Officer. He served in multiple command appointments in classified Intelligence units, and was instrumental in developing the masterplan for the Digital and Intelligence Service (DIS), the digital service branch of the SAF.
Outside of work, Aaron contributes to cybersecurity research and education. He collaborates with the Stanford Gordian Knot Center for National Security Innovation on research covering emerging technologies and cybersecurity. Aaron also serves as an Adjunct Faculty member at the Faculty of Computer Information Science at the Higher Colleges of Technology (HCT) in the UAE, and sits on the CFP Review Board for RootCon.
Scott Jarkoff is the Co-Founder and CEO of Praeryx, where he is shaping a new model for cyber threat intelligence built from the ground up to challenge legacy assumptions and disrupt institutional gatekeeping. Drawing on decades of global intelligence and cyber security leadership, he is building something deliberately different, quietly architecting the future of how CTI is created, consumed, and operationalized. Prior to Praeryx, he led CrowdStrike’s threat intelligence strategy across Asia Pacific and Japan (APJ) and the Middle East (META), serving as a trusted strategic voice to governments and enterprises confronting the world’s most complex and persistent adversaries. His career also spans the U.S. Department of Defense and McAfee, where he has continuously bridged tactical insight with executive strategy. Scott is the creative mastermind behind deviantART, the world’s largest online art community, helping pioneer the creator economy in its earliest form. Known for decoding chaos into clarity in the fog of cyber conflict, he brings a rare mix of credibility, conviction, and execution to an underserved domain.
Factory Under Siege: Red and Blue Team Tactics in Operational Technology
In this workshop, participants engage in a high-stakes cyber battle within a factory's OT systems. Divided into Red and Blue Teams, they alternate between offensive and defensive strategies in an interactive game. The workshop emphasizes real-world relevance, dynamic decision-making, and collaborative learning, providing practical cybersecurity insights in an industrial environment.
This workshop offers an interactive cybersecurity experience through a gamified scenario. Participants will be divided into two teams: Red & Blue Team. The game board is a demo factory, where the Red Team's objective is to inflict harm, while the Blue Team's mission is to defend it.
The games starts with an interactive setup phase. The Red Team will choose their tactics and techniques to be able to reach their objectives. The Blue Team will concentrate on understanding their environment and selecting appropriate initial defenses. Following the team introductions, the core of the workshop begins: the game loop, where each team alternates between planning and executing their actions. The Red Team will have different opportunities for their next actions aimed at breaching the Blue Team's defenses. The Blue Team will decide on their countermeasures to thwart the Red Team's efforts. Each round concludes with an evaluation phase, where the effectiveness of the actions taken by both teams is assessed. The workshop wraps up with a recap session, summarizing key learnings and discussing the outcomes of the game.
The workshop's interactive and gamified approach aims to enhance participants' understanding of cybersecurity dynamics with focus of OT environments. Participants will work alongside peers to develop and implement strategies, enhancing their understanding of both offensive and defensive cybersecurity measures. The workshop draws on the extensive experience of seasoned Red and Blue Team specialists to focus on real-world scenarios and case studies. It leverages the deep expertise of Nick and Nicholas, who are OT Blue Team specialists, and Sarah, a Senior Red Teamer with an OT specialization. Their combined knowledge ensures that the workshop addresses current industry challenges in both offensive and defensive OT cybersecurity.
Attendees will acquire a comprehensive understanding of both offensive and defensive cybersecurity strategies, along with enhanced teamwork and communication skills. Additionally, participants will learn to prioritize actions and strategies in emergency situations, gaining knowledge not only about specific tools and techniques but also the strategic approaches fundamental to Red and Blue Team operations in industrial environments.
Sarah is a Senior Consultant at NVISO, with a focus on Red Team Assessments. Complementing her cybersecurity experience, she has developed proficiency in Operational Technology (OT) assessments and continues to specialize further in this area.
She possesses a Master's degree in Applied IT Security, which has been enriched by her diverse experiences in cybersecurity roles across various companies.
In addition to her professional work, Sarah is dedicated to contributing to the community by leading workshops and delivering presentations at industry conferences.
Hacking IoT Hardware: The Frugal Way
Module 1
Introduction to IoT
1.1 Briefing of IIoT and Usage
• About us
• Course Overview
• Fundamentals of IoT Security
• Overview of Industrial Internet of Things (IIoT)
• Applications in various industries (manufacturing, healthcare, transportation)
• Benefits and challenges of IIoT adoption
1.2 Architecture
• Typical IoT architecture: sensors, connectivity, data processing, user interface
• Key components: devices, gateways, cloud services, and end-user applications
1.3 Framework/Platforms
• Common IoT platforms and frameworks (AWS IoT, Google Cloud IoT, Microsoft Azure IoT)
• Comparative analysis of features and use cases
1.4 Attack Surfaces
• Identifying potential vulnerabilities in IoT ecosystems
• Examples of common attack vectors (device vulnerabilities, network vulnerabilities, application vulnerabilities)
• Fcc.io information
• Tools of trade
• How to do visual analysis
• How to recon hardware
1.5 OWASP IoT Top 10 Vulnerabilities
• Detailed explanation of the OWASP IoT Top 10 vulnerabilities
• Real-world examples and case studies for each vulnerability
Module 2
MQTT
2.1 Introduction
• Overview of MQTT (Message Queuing Telemetry Transport)
• Use cases and importance in IoT communication
2.2 Protocol Details
• MQTT architecture and communication model
• Key components: clients, brokers, topics, and messages
2.3 Recon and Enumeration of Topics
• Techniques for discovering MQTT topics
• Tools and methodologies for topic enumeration
2.4 DOS Attack
• Understanding Denial of Service attacks on MQTT
• Methods and tools for conducting DOS attacks
2.5 Sensor based attack
• hacking with sensors and physics
• some cases
Module 3
CoAP
3.1 Introduction
• Overview of CoAP (Constrained Application Protocol)
• Use cases and importance in IoT communication
3.2 Protocol Details
• CoAP architecture and communication model
• Key components: clients, servers, resources, and messages
3.3 Recon and Enumeration
• Techniques for discovering CoAP resources
• Tools and methodologies for resource enumeration
3.4 CoAP Proxy Attacks
• Understanding CoAP proxy vulnerabilities
• Methods and tools for conducting proxy attacks
Module 4
Zigbee (802.15.4)
4.1 Introduction and Protocol Overview
• Overview of Zigbee protocol and its importance in IoT
• Zigbee network architecture and key components
4.2 Reconnaissance
• Techniques for discovering Zigbee networks and devices
• Tools and methodologies for network reconnaissance
4.3 Sniffing and Eavesdropping
• Methods for capturing Zigbee communication
• Tools for sniffing and analyzing Zigbee traffic
4.4 Replay Attacks
• Understanding replay attacks on Zigbee networks
• Methods and tools for conducting replay attacks
4.5 Packet Forging Attack
• Techniques for creating and injecting malicious Zigbee packets
• Tools and methodologies for packet forging
4.6 Jamming Attacks
• Understanding jamming attacks on Zigbee networks
• Methods and tools for conducting jamming attacks
4.7 Dissociation Attacks
• Techniques for disconnecting devices from Zigbee networks
• Tools and methodologies for dissociation attacks
Module 5
Bluetooth Low Energy (BLE)
5.1 Introduction and Protocol Overview
• Overview of BLE and its importance in IoT
• BLE architecture and key components
5.2 Reconnaissance (Active and Passive) with HCI Tools
• Techniques for discovering BLE devices
• Tools and methodologies for active and passive reconnaissance
5.3 GATT Service Enumeration
• Understanding the Generic Attribute (GATT) profile
• Techniques for enumerating GATT services and characteristics
5.4 Sniffing GATT Protocol Communication
• Methods for capturing BLE GATT communication
• Tools for sniffing and analyzing GATT traffic
5.5 Reversing GATT Protocol Communication
• Techniques for reverse engineering GATT communication
• Tools and methodologies for reversing GATT protocols
5.6 Read and Writing on GATT Protocol
• Understanding read and write operations in GATT
• Methods and tools for performing read and write attacks
5.7 Cracking Encryption
• Techniques for breaking BLE encryption
• Tools and methodologies for cracking BLE encryption
Module 6
LoRa
6.1 Introduction and Protocol Overview
• Overview of LoRa (Long Range) protocol and its importance in IoT
• LoRa network architecture and key components
6.2 Reconnaissance
• Techniques for discovering LoRa networks and devices
• Tools and methodologies for network reconnaissance
6.3 Sniffing of Over-the-Air Communication
• Methods for capturing LoRa communication
• Tools for sniffing and analyzing LoRa traffic
6.4 Reverse Engineering of Protocol
• Techniques for reverse engineering LoRa protocols
• Tools and methodologies for protocol analysis
6.5 Replay Attack
• Understanding replay attacks on LoRa networks
• Methods and tools for conducting replay attacks
6.6 Packet Forging Attack
• Techniques for creating and injecting malicious LoRa packets
• Tools and methodologies for packet forging
Module 7
RFID
7.1 Introduction and Protocol Overview
• Overview of RFID technology and its importance in IoT
• RFID architecture and key components
7.2 Types of RFID and Classes
• Different types of RFID systems (active, passive, semi-passive)
• Classification of RFID tags and readers
7.3 Sniffing of Over-the-Air Communication
• Methods for capturing RFID communication
• Tools for sniffing and analyzing RFID traffic
7.4 Cloning of Cards
• Techniques for cloning RFID cards
• Tools and methodologies for card cloning
7.5 Fuzzing on RFID Readers
• Understanding fuzz testing on RFID readers
• Methods and tools for conducting fuzzing attacks
Module 8
NFC
8.1 Introduction and Protocol Overview
• Overview of NFC (Near Field Communication) and its importance in IoT
• NFC architecture and key components
8.2 Types of NFC and Classes
• Different types of NFC systems (active, passive)
• Classification of NFC tags and readers
8.3 Sniffing of Over-the-Air Communication
• Methods for capturing NFC communication
• Tools for sniffing and analyzing NFC traffic
8.4 Cloning of NFC Cards
• Techniques for cloning NFC cards
• Tools and methodologies for card cloning
Module 9
GPS
9.1 Introduction
• Overview of GPS technology and its importance in IoT
• GPS architecture and key components
9.2 Attack Through Rogue GPS
• Understanding rogue GPS attacks
• Methods and tools for conducting rogue GPS attacks
9.3 Modify GPS Coordinates
• Techniques for modifying GPS coordinates
• Tools and methodologies for GPS manipulation
9.4 Manipulating Coordinates Through Relay Attack
• Understanding relay attacks on GPS
• Methods and tools for conducting relay attacks
9.5 GPS Spoofing Attack
• Techniques for spoofing GPS signals
• Tools and methodologies for GPS spoofing
Module 10
Sub-GHz RF
10.1 Introduction
• Overview of Sub-GHz RF technology and its importance in IoT
• Sub-GHz RF architecture and key components
10.2 Reconnaissance
• Techniques for discovering Sub-GHz RF networks and devices
• Tools and methodologies for network reconnaissance
10.3 Overview of Various Shift Keying
• Understanding different types of shift keying (FSK, ASK, PSK)
• Applications and vulnerabilities of each type
10.4 Reversing of RF
• Techniques for reverse engineering RF protocols
• Tools and methodologies for protocol analysis
10.5 Crafting RF Signals
• Techniques for creating and injecting malicious RF signals
• Tools and methodologies for signal crafting
Module 11
Hardware
11.1 Basics of Electronics
• Introduction to basic electronic concepts and components
• Understanding voltage, current, resistance, and power
11.2 Understanding Electronic Components
• Overview of common electronic components (resistors, capacitors, diodes, transistors)
• Identifying and using electronic components in IoT devices
11.3 PCB Reverse Engineering and Component Identification
• Techniques for reverse engineering printed circuit boards (PCBs)
• Tools and methodologies for identifying components on PCBs
Module 12
I2C
12.1 Introduction
• Overview of I2C (Inter-Integrated Circuit) protocol
• Importance of I2C in IoT communication
12.2 I2C Protocol
• Understanding I2C communication model and key components
• Data transfer methods and addressing
12.3 Interfacing with I2C
• Techniques for interfacing with I2C devices
• Tools and methodologies for I2C communication
12.4 Manipulating Data via I2C
• Techniques for manipulating data on I2C bus
• Tools and methodologies for data manipulation
12.5 Sniffing Run-Time I2C Communication
• Methods for capturing I2C communication
• Tools for sniffing and analyzing I2C traffic
Module 13
SPI
13.1 Introduction
• Overview of SPI (Serial Peripheral Interface) protocol
• Importance of SPI in IoT communication
13.2 SPI Protocol
• Understanding SPI communication model and key components
• Data transfer methods and addressing
13.3 Interfacing with SPI
• Techniques for interfacing with SPI devices
• Tools and methodologies for SPI communication
13.4 Manipulating Data via SPI
• Techniques for manipulating data on SPI bus
• Tools and methodologies for data manipulation
13.5 Sniffing Run-Time SPI Communication
• Methods for capturing SPI communication
• Tools for sniffing and analyzing SPI traffic
Module 14
UART
14.1 Introduction
• Overview of UART (Universal Asynchronous Receiver/Transmitter) protocol
• Importance of UART in IoT communication
14.2 Identifying UART
• Techniques for identifying UART interfaces
• Tools and methodologies for UART identification (automated and manual)
14.3 Debugging Over UART
• Methods for debugging IoT devices via UART
• Tools and methodologies for UART debugging
Module 15
JTAG/SWD
15.1 Introduction
• Overview of JTAG (Joint Test Action Group) and SWD (Serial Wire Debug) protocols
• Importance of JTAG/SWD in IoT communication and debugging
15.2 Identifying JTAG/SWD
• Techniques for identifying JTAG/SWD interfaces
• Tools and methodologies for JTAG/SWD identification (automated and manual)
15.3 Debugging Over JTAG/SWD
• Methods for debugging IoT devices via JTAG/SWD
• Tools and methodologies for JTAG/SWD debugging
15.4 Dumping Data and Manipulating Memory Address and Data
• Techniques for data extraction and memory manipulation via JTAG/SWD
• Tools and methodologies for memory analysis and modification
Module 16
Firmware Reversing
16.1 Identifying Compression and Types
• Techniques for identifying firmware compression methods and formats
• Tools and methodologies for firmware extraction
16.2 Firmware Analysis
• Understanding firmware structure and components
• Techniques for static and dynamic firmware analysis
16.3 Simulating Firmware
• Methods for simulating firmware in virtual environments
• Tools and methodologies for firmware simulation
Module 17
ARM
17.1 Architecture
• Overview of ARM architecture and its importance in IoT
• Key components and design principles of ARM processors
17.2 Instruction Set
• Understanding ARM instruction set and assembly language
• Techniques for writing and analyzing ARM assembly code
17.3 Procedure Call Convention
• Understanding ARM procedure call conventions
• Techniques for function calling and parameter passing in ARM
17.4 System Call Convention
• Understanding ARM system call conventions
• Techniques for interacting with operating systems in ARM
17.5 Reversing Techniques
• Techniques for reverse engineering ARM-based firmware and applications
• Tools and methodologies for ARM reverse engineering
17.6 Buffer Overflow Attacks
• Understanding buffer overflow vulnerabilities in ARM systems
• Techniques and tools for exploiting buffer overflow vulnerabilities
BONUS AUTOMOTIVE
Module 1
Introduction of Automotive Industry
The automotive industry encompasses the design, development, manufacturing, marketing, and sale of motor vehicles. It is a complex ecosystem involving various stakeholders, including automakers, suppliers, dealerships, and aftermarket service providers.
Module 2
Vehicle External Communications
The Electrical/Electronic (EE) architecture of vehicles refers to the network of electronic control units (ECUs), sensors, actuators, and communication buses that control and monitor vehicle functions. It includes high-speed CAN (Controller Area Network), LIN (Local Interconnect Network), Ethernet, and FlexRay buses.
Module 3
Briefing of ECU Groups/Domains
ECUs in vehicles are grouped into domains based on their functionalities:
• Powertrain: Controls engine, transmission, and drivetrain systems.
• Chassis: Manages steering, braking, suspension, and stability control.
• Body: Controls lighting, climate control, door locks, and windows.
• Infotainment: Manages multimedia, navigation, and connectivity features.
• Safety: Includes ECUs for airbag deployment, collision avoidance, and driver assistance systems (ADAS).
OBD2 (On-Board Diagnostics)
OBD2 is a standard protocol used for diagnostics and reporting of vehicle emissions and performance. It provides access to real-time data from ECUs, enabling vehicle maintenance and troubleshooting.
I'm Hrishikesh Somchatwar, a Storyteller, Electronics Hacker, and Bestselling Author based in France.
🔗 Connect With Me:
Email: hrishikeshsom@gmail.com
LinkedIn: linkedin.com/in/hrishikesh-somchatwar/
📖 Publications:
"Exploitation of Embedded Systems" – Presented at Car Hacking Village
"Hacking with Physics" – Showcased at HackFest Canada 2021
"Car Hacking Village" – Authored publication
Speaker & Trainer:
I've had the privilege of speaking and providing training at esteemed cybersecurity conferences, including:
DeepSec Austria
SCSA Georgia
SecurityFest Sweden
Defcamp Romania (2019, 2023)
Bsides Ahmedabad
Bsides Delhi
c0c0n
HackFest Canada
Key Topics:
Automotive Cybersecurity
Hardware Security
IoT Security
Car hacking techniques
Tools for embedded system exploitation
📚 Author:
As the bestselling author of "Hacking the Physical World", my book topped Amazon charts in the USA and India.
🎧 Podcast:
Check out "The Storytelling Hacker", where I blend storytelling with electronics hacking. Available on:
Spotify
Apple Podcasts
Google Podcasts
💼 Professional Journey:
Valeo: Worked on cutting-edge automotive cybersecurity solutions and advanced hardware technologies.
Security Researcher: Contributed to NDA-protected projects at a confidential company in Maharashtra, India.
Hardware Security Intern: Played a pivotal role in a cybersecurity startup, conducting security testing on:
Cars
IoT devices
PLCs
SCADA systems
A Trailblazer in Security, Innovation, and Education Arun Mane, a visionary leader and luminary in the field of cybersecurity, wears many hats. He is not only the Founder and CEO of Amynasec Labs, but also the co-Founder and CEO of UnoAcademy, a distinguished training provider. With a resolute focus on Vehicle/IoT/ICS/IoMT security, Arun is also a recognized Hardware, IoT, and ICS Security Researcher, shaping the future of digital protection.Arun's passions encompass a spectrum of technological domains. He delves into Hardware Security, SCADA systems, Automotive Security, Fault Injection, RF protocols, and the intricacies of Firmware Reverse Engineering. His inquisitive mind thrives on unraveling complex systems and identifying vulnerabilities that safeguard the digital landscape. Arun's expertise extends to performing Security Audits aligned with ISO 62443, ISO 21434, NIST frameworks, catering to both government and private clients. His insights have proven invaluable in fortifying digital infrastructures against ever-evolving threats. His prominence shines brightly on the international stage. Arun has delivered captivating talks at an array of prestigious conferences, leaving a lasting impact on audiences worldwide. Noteworthy appearances include nullcon in Goa from 2016 to 2018, GNUnify 2017, Defcamp in Romania from 2017 to 2019,2023, Hacktivity in Budapest 2019,2023, Rootcon 2020 in the Philippines, BsidesDelhi 2017, c0c0n x in 2017 and 2019, BSides Ahmedabad 2021, EFY 2018, x33fcon from 2018 to 2021, BlackHat USA 2018, Defcon USA 2018, OWASP Seasides 2019 in Goa, and HITB Red Team Village 2020,Phuket 2023. These platforms serve as a testament to his remarkable insights and thought leadership in the cybersecurity realm.