Introduction to Embedded System Exploitation
Embedded hardware is everywhere you look today – from your vehicle’s infotainment system to refrigerators to medical devices and everything else in-between. With so much exposure one would think that such devices are secure against attack; however, sadly for a large number of devices this is not the case. For proof, just look no further than your local news reports. They are full of reports on devices being hacked into.
So, as engineers, how do we go about first identifying and mitigating (or capitalizing) these potential security vulnerabilities within these devices? The answer to this question, and the subject of this seminar, is through the reverse engineering of the hardware itself. This seminar is a combination of lecture and hands-on exercises which will conclude with the students attempting to attack and defeat a custom embedded device.
Organizations are becoming increasingly aware of the importance of developing secure software. These classes introduce the student to the concepts of software assurance, which have direct application in all software industries, including automotive and aerospace sectors. Students gain an appreciation of the technical challenges associated with software assurance and develop the technical skills necessary to engineer secure software. Laboratory exercises reinforce the principles taught in the course, and give students an opportunity to develop their skills.Learn More
Trust in Web and Network Technologies
This course demonstrates to students the requirement to properly employ web and network technologies when developing secure software systems. Web and networked systems have a disproportionate reliance on trust, and are often vulnerable to remote exploitation. This course examines vulnerabilities that potentially introduce unique opportunities to exploit software, and even execute arbitrary (attacker-supplied) code. Finally, the course enumerates these classes of vulnerabilities associated with trust in web and network technologies, and presents prevention and mitigation techniques, along with methods to test and discover such vulnerabilities.
This course demonstrates to students the requirement to perform input validation when developing secure software systems. It examines a variety of vulnerabilities—caused by failure to validate input—that potentially allow an attacker to alter intended program execution flow and execute arbitrary (attacker-supplied) code. Finally, the course enumerates several classes of vulnerabilities associated with input validation, and presents prevention and mitigation techniques, along with methods to test and discover such vulnerabilities. The specific vulnerability classes addressed during this course account for 50% of the most critical vulnerabilities reported to the National Vulnerability Database from 2011 through 2015.
Language, Environment and Human-computer Interaction
This course demonstrates to students the requirement to consider object-oriented programming vulnerabilities, as well as potential adverse effects of the execution environment and human-computer interactions, when developing secure software systems. It examines vulnerabilities that potentially introduce unique opportunities to exploit software, and even execute arbitrary (attacker-supplied) code. Finally, the course enumerates these classes of vulnerabilities associated with languages, execution environment, and human-computer interaction, and presents prevention and mitigation techniques, along with methods to test and discover such vulnerabilities.
If you’re interested in any of our course offerings,
Cyber Security Essentials for DoD Weapon Systems
Students are introduced to threats that exist for our increasingly sophisticated DoD weapon systems with a foundation for strategies to reduce and combat those threats. Through real-world examples, students learn how attackers can exploit weapon systems, and develop the fundamentals of relevant cyber security, along with supply chain risks, system weaknesses, and operational implications. These concepts are critical for anyone involved in the designing, testing, evaluating, assessing, commanding or operating DoD weapon systems.
An organization’s livelihood is in large part dependent on its ability to grow and protect its most critical assets: employees, customers, sensitive information, revenue, reputation and supporting infrastructure. Given the investment most companies make to develop these assets, protecting them should be a continuous priority. While controls are established to limit access to systems and information and ensure authorized availability, many of these same controls can be easily bypassed by exploiting one of the weakest links in any corporate security chain: the employee. Employees are often not security conscious, and/or bypass security controls out of laziness and/or the pressure to be productive.
While some organizations provide reminders and internal information security training, the employee often focuses more on “checking the box” than actually retaining and implementing the information they have been provided. What does all of this mean? Employees unnecessarily take and introduce risks to their employer and critical assets. This is where AIS can help.
We provide practical information security awareness training that is delivered in a straightforward, relaxed and interactive manner. Attendees are exposed to relevant information that can be seamlessly converted into proactive action within their professional and personal lives, all with minimal impact on productivity. Our training encompasses both cyber and physical elements and demonstrates the impact by highlighting actual techniques that criminals utilize to gain unauthorized access to, and/or disrupt the availability of, critical assets. AIS’s Information Security Training is completely customizable to an organization’s specific needs, including target audience, executive leadership, management, employees, partners and vendors.
Contact us to learn more, as we are confident that our training will help protect your organization’s critical assets.
AIS provides custom training courses in a number of different areas related to cyber and security. Whether it’s a pre-existing training course, or one developed from scratch to support your organization’s unique needs, contact us to learn how we can help. In addition to having qualified staff on hand to deliver our training, our diverse offering of cyber and security services is supported by industry leading employees who possess strong backgrounds in computer science, engineering, and cyber security. In fact, many of these same employees also teach at various colleges and universities. With all of this expertise, we are confident that AIS can develop and deliver a quality course that exceeds your expectations.
Sample training topics include:
- Secure software design and development
- Cyber security assessments
- Security configuration reviews
- Penetration testing
- Application security assessments
- Hardware hacking
- Red Team assessments
- Cyber investigations
- Forensics and eDiscovery
- Policy design and development approaches
- Security awareness for executive leadership, management, and employees
Contact us today about these or any other topics you may be interested in.