UAS Cybersecurity: Drone Wolf - Hack Our Drone // Ronald Broberg

In-Person | March 18-21 | 4 Days

BOOK NOW

ABSTRACT

Dark Wolf's "Hack Our Drone" training provides participants the ability to learn hands-on cybersecurity testing techniques for evaluating Unmanned Autonomous Systems. The training includes a full Unmanned Autonomous System test target composed of a BeagleBone Blue Flight Vehicle (UAV), a Ground Control System (GCS), and a MAVLink over 802.11 WiFi Communications system. The training includes both instructor assistance and detailed lab manuals to guide participants through a series of tasks to discover and exploit cybersecurity weaknesses in the UAS. Tasks include firmware analysis, network service exploitation, password cracking, elevation of privilege, and UAV over-the-air hijacks. Participants are expected to bring a laptop with either Kali Linux installed or one that can boot a Kali Linux Live USB drive.

Browse through our Drone Wolf Playbook for a glimpse of what you will learn!

UAS Cybersecurity: Drone Wolf - Hack Our Drone // Ronald Broberg, Hahna Latonick

In-Person | March 18-21 | 4 Days

BOOK NOW

INTENDED AUDIENCE

This course is designed for technical professionals from the fields of cybersecurity or UAS engineering with a basic familiarity with the Linux command line.

KEY LEARNING OBJECTIVES

This training is divided into four hands-on modules:

1. Ground Control System
2. Uncrewed Aerial Vehicle
3. Radio Communications
4. Payloads and Logs

Each module includes tasks involved in describing the component, collecting software, analyzing for security vulnerabilities, and demonstrating exploits against a table top UAS. These tasks are drawn from our real-world experiences as cyber professionals providing security analysis of Uncrewed Aerial Systems in both commercial and governmental sectors.

COURSE DETAILS

Introduction (Day 1)

• Uncrewed Autonomous Systems
• System Decomposition
• Attack Surface
• Threat Modeling
• Risk Management
• Mitigations

Ground Control System (GCS) (Day 1)

• Hardware
  • Joystick Controller
  • Handset Computer
    • Form Factors
    • Operating Systems
  • Software
    • Mission Planner
    • QGroundControl
  • Labs
    • Orientation / OSINT
    • Physical Access
    • Bootloaders
    • Firmware
    • Files Extraction
    • Network - Wired
    • Network - Wireless
    • Vulnerability Analysis
    • Exploit Development
    • Credentials
    • Escalation of Privilege

Unmanned Aerial Vehicle (Day 2)

• Hardware
  • Airframe - Quadcopter
  • Motors / ESC
  • Batteries
  • Cameras
  • Positioning / GPS
  • Drone ID / ADS-B
  • Radios
  • Payloads
  • Flight Computer
  • STM32
  • ARM
  • Operating Systems
    RTOS
  • Linux
• Software
  • ArduPilot
  • PX4
• Labs
  • Orientation / OSINT
  • Physical Access
  • Bootloaders
  • Firmware
  • Files Extraction
  • Network - Wired
  • Network - Wireless
  • Vulnerability Analysis
  • Exploit Development
  • Credentials
  • Escalation of Privilege

Communications (Day 3)

• Joystick Controls - Serial
  • PWM
  • Protocols
• Telemetry Radios
  • Microhard
  • Si1000 (SiK)
  • Doodle
• Telemetry RF Standards
  • 802.11 (Wifi)
  • 802.15 (Bluetooth)
  • 802.3 (Tethered Ethernet)
  • RF (raw, SDR)
• Telemetry Protocols
  • MAVLink
  • Vendor Proprietary
• Labs
  • Physical Access
  • Bootloaders
  • Firmware
  • File Extraction
  • Network - Wired
  • Network - Wireless
  • Vulnerability Analysis
  • Exploit Development
  • Credentials

Payloads (Day 4)

• Hardware
  • Sensors
  • Servos
• Software
  • Embedded Systems
  • SOCs
• Comm Bus
  • USB Bus
  • Ethernet Bus
  • Independent RF
• Video Protocols
  • HTTP Live Streaming (HLS)
  • Real-Time Messaging Protocol (RTMP)
  • WebRTC
  • Secure Reliable Transport (SRT)
  • Real-Time Streaming Protocol (RTSP)
  • Dynamic Adaptive Streaming over HTTP (MPEG-DASH)
• Labs
  • Physical Access
  • Bootloaders
  • Firmware
  • File Extraction
  • Network - Wired
  • Network - Wireless
  • Vulnerability Analysis
  • Exploit Development
  • Credentials

Logs (Day 4)

• Flight Software
  • Ardupilot
  • PX4
• Flight Logs
  • Flight Plans
  • Flight Paths
  • Imagery
  • PII
• Labs
  • Log File Retrieval
  • Log Decoding
  • Log Analysis

Risks, Mitigations, and Reporting (Day 4)

• Risk
  • Level of Effort
  • Level of Impact
  • Risk Matrix
• Mitigations
  • CIA Triad
  • OWASP IoT
  • Autonomous Industry Standards
  • AUVSI Green
• Reporting
  • Vulnerabilities
  • Penetration Test (Exploits)
  • Risks
  • Cyber Kill Chain
  • Recommended Mitigations

Prequisites

Participants should bring a laptop with Kali Linux installed or one that is capable of booting from a Kali Linux thumb drive. All other materials will be provided at the training.

YOUR INSTRUCTOR: Ronald Broberg

Ronald Broberg is a Prinical Cybersecurity Tester at Dark Wolf Solutions (DWS) since 2021 where he has tested UAS, counter-UAS, Zero Trust Network architectures, and Android platforms. Prior to DWS, he was a senior cybersecurity analyst at Lockheed Martin working in the Space and Command-and-Control domains. Ron's presentations include "Fuzzing NASA Core Flight System Software" at the DEF CON 29 Aerospace Village and "Exploiting 802.11n Narrow Channel Bandwidth in UAV" at the DEF CON 30 RF Village. He participates in Cyber CTFs and was a member of the team winning the DC 30 IoT CTF Black Badge. Not just a player, Ron also designs and runs Cyber CTFs including 4 consecutive National Cyber Security Awareness Month CTFs for Lockheed Martin and also Wireless/RF CTFs for BSidesDenver 2018 and HackSpaceCon 2024 at Cape Canaveral.

• https://www.linkedin.com/in/ronald-broberg-26494b72/
• https://github.com/dwdrone/lab