UAS Cybersecurity: Drone Wolf - Hack Our Drone
Ronald Broberg, Hahna Latonick
In-Person Training | August 3 - 6 | 4 days
Dark Wolf's "Hack Our Drone" training provides participants the ability to learn hands-on cybersecurity testing techniques for evaluating Unmanned Autonomous Systems. The training includes a full Unmanned Autonomous System test target composed of a BeagleBone Blue Flight Vehicle (UAV), a Ground Control System (GCS), and a MAVLink over 802.11 WiFi Communications system. The training includes both instructor assistance and detailed lab manuals to guide participants through a series of tasks to discover and exploit cybersecurity weaknesses in the UAS. Tasks include firmware analysis, network service exploitation, password cracking, elevation of privilege, and UAV over-the-air hijacks. Participants are expected to bring a laptop with either Kali Linux installed or one that can boot a Kali Linux Live USB drive.
ABSTRACT
This training is divided into four hands-on modules:
- Ground Control System
- Uncrewed Aerial Vehicle
- Radio Communications
- Payloads and Logs
Each module includes tasks involved in describing the component, collecting software, analyzing for security vulnerabilities, and demonstrating exploits against a table top UAS. These tasks are drawn from our real-world experiences as cyber professionals providing security analysis of Uncrewed Aerial Systems in both commercial and governmental sectors.
Browse through our Drone Wolf Playbook for a glimpse of what you will learn!
INTENDED AUDIENCE
KEY LEARNING OBJECTIVES
- Cyber Threat Modeling for UAS
- Practical Cybersecurity Testing for UAS
- Recommendations and Mitigations of UAS Cybersecurity
COURSE DETAILS
AGENDA
- Introduction (Day 1)
1.1. Uncrewed Autonomous Systems
1.2. System Decomposition
1.3. Attack Surface
1.4. Threat Modeling
1.5. Risk Management
1.6. Mitigations - Ground Control System (GCS) (Day 1)
2.1. Hardware
2.1.1. Joystick Controller
2.1.2. Handset Computer
2.1.2.1. Form Factors
2.1.2.2. Operating Systems
2.2. Software
2.2.1. Mission Planner
2.2.2. QGroundControl
2.3. Labs
2.3.1. Orientation / OSINT
2.3.2. Physical Access
2.3.3. Bootloaders
2.3.4. Firmware
2.3.5. Files Extraction
2.3.6. Network - Wired
2.3.7. Network - Wireless
2.3.8. Vulnerability Analysis
2.3.9. Exploit Development
2.3.10. Credentials
2.3.11. Escalation of Privilege - Unmanned Aerial Vehicle (Day 2)
3.1. Hardware
3.1.1. Airframe - Quadcopter
3.1.2. Motors / ESC
3.1.3. Batteries
3.1.4. Cameras
3.1.5. Positioning / GPS
3.1.6. Drone ID / ADS-B
3.1.7. Radios
3.1.8. Payloads
3.1.9. Flight Computer
3.1.9.1. STM32
3.1.9.2. ARM
3.1.10. Operating Systems
3.1.10.1. RTOS
3.1.10.2. Linux
3.2. Software
3.2.1. ArduPilot
3.2.2. PX4
3.3. Labs
3.3.1. Orientation / OSINT
3.3.2. Physical Access
3.3.3. Bootloaders
3.3.4. Firmware
3.3.5. Files Extraction
3.3.6. Network - Wired
3.3.7. Network - Wireless
3.3.8. Vulnerability Analysis
3.3.9. Exploit Development
3.3.10. Credentials
3.3.11. Escalation of Privilege - Communications (Day 3)
4.1. Joystick Controls - Serial
4.1.1. PWM
4.1.2. Protocols
4.2. Telemetry Radios
4.2.1. Microhard
4.2.2. Si1000 (SiK)
4.2.3. Doodle
4.3. Telemetry RF Standards
4.3.1. 802.11 (Wifi)
4.3.2. 802.15 (Bluetooth)
4.3.3. 802.3 (Tethered Ethernet)
4.3.4. RF (raw, SDR)
4.4. Telemetry Protocols
4.4.1. MAVLink
4.4.2. Vendor Proprietary
4.5. Labs
4.5.1. Physical Access
4.5.2. Bootloaders
4.5.3. Firmware
4.5.4. File Extraction
4.5.5. Network - Wired
4.5.6. Network - Wireless
4.5.7. Vulnerability Analysis
4.5.8. Exploit Development
4.5.9. Credentials - Payloads (Day 4)
5.1. Hardware
5.1.1. Sensors
5.1.2. Servos
5.2. Software
5.2.1. Embedded Systems
5.2.2. SOCs
5.3. Comm Bus
5.3.1. USB Bus
5.3.2. Ethernet Bus
5.3.3. Independent RF
5.4. Video Protocols
5.4.1. HTTP Live Streaming (HLS)
5.4.2. Real-Time Messaging Protocol (RTMP)
5.4.3. WebRTC
5.4.4. Secure Reliable Transport (SRT)
5.4.5. Real-Time Streaming Protocol (RTSP)
5.4.6. Dynamic Adaptive Streaming over HTTP (MPEG-DASH)
5.5. Labs
5.5.1. Physical Access
5.5.2. Bootloaders
5.5.3. Firmware
5.5.4. File Extraction
5.5.5. Network - Wired
5.5.6. Network - Wireless
5.5.7. Vulnerability Analysis
5.5.8. Exploit Development
5.5.9. Credentials - Logs (Day 4)
6.1. Flight Software
6.1.1. Ardupilot
6.1.2. PX4
6.2. Flight Logs
6.2.1. Flight Plans
6.2.2. Flight Paths
6.2.3. Imagery
6.2.4. PII
6.3. Labs
6.3.1. Log File Retrieval
6.3.2. Log Decoding
6.3.3. Log Analysis - Risks, Mitigations, and Reporting (Day 4)
7.1. Risk
7.1.1. Level of Effort
7.1.2. Level of Impact
7.1.3. Risk Matrix
7.2. Mitigations
7.2.1. CIA Triad
7.2.2. OWASP IoT
7.2.3. Autonomous Industry Standards
7.2.4. AUVSI Green
7.3. Reporting
7.3.1. Vulnerabilities
7.3.2. Penetration Test (Exploits)
7.3.3. Risks
7.3.4. Cyber Kill Chain
7.3.5. Recommended Mitigations
KNOWLEDGE PREREQUISITES
- This course is designed for technical professionals from the fields of cybersecurity or UAS engineering with a basic familiarity with the Linux command line.
REQUIREMENTS
Participants should bring a laptop with Kali Linux installed or one that is capable of booting from a Kali Linux thumb drive. All other materials will be provided at the training.
ABOUT THE INSTRUCTORS
Ronald Broberg is a Prinical Cybersecurity Tester at Dark Wolf Solutions (DWS) since 2021 where he has tested UAS, counter-UAS, Zero Trust Network architectures, and Android platforms. Prior to DWS, he was a senior cybersecurity analyst at Lockheed Martin working in the Space and Command-and-Control domains. Ron's presentations include "Fuzzing NASA Core Flight System Software" at the DEF CON 29 Aerospace Village and "Exploiting 802.11n Narrow Channel Bandwidth in UAV" at the DEF CON 30 RF Village. He participates in Cyber CTFs and was a member of the team winning the DC 30 IoT CTF Black Badge. Not just a player, Ron also designs and runs Cyber CTFs including 4 consecutive National Cyber Security Awareness Month CTFs for Lockheed Martin and also Wireless/RF CTFs for BSidesDenver 2018 and HackSpaceCon 2024 at Cape Canaveral.
https://www.linkedin.com/in/ronald-broberg-26494b72/
https://github.com/dwdrone/lab
Hahna Latonick: For the past 18 years of her engineering career, Hahna Kane Latonick has worked throughout the defense industry specializing in cybersecurity as a computer security researcher for the Department of Defense and other defense contracting companies. She has been featured as a cybersecurity subject matter expert on Fox Business News, ABC, U.S. News and World Report, and other national media outlets. She currently serves as a Director of Security Research for a cybersecurity firm and has led four tech startups related to computer security, serving as CTO of two of them, VP of R&D, and Director of R&D. She has trained and developed security researchers at one of the top five aerospace and defense industry companies. She has also taught at Black Hat, CanSecWest, Ringzer0, and BSides conferences. At the 2023 DEF CON IoT CTF, she and her team tied for first place. In 2014, she became a DEFCON CTF finalist, placing in 6th and ranking in the top 1.5% of ethical hackers worldwide. She also holds cybersecurity certifications, including CISSP, CEH, and Certified Android Exploit Developer. Latonick attended Swarthmore College and Drexel University where she earned her B.S. and M.S. in Computer Engineering along with a Mathematics minor
https://twitter.com/hahnakane
https://www.linkedin.com/in/hahnakane/
https://github.com/hahnakane