Learn more about the training offered at INFILTRATE

Boston Cybernetics Institute: Vulnerability Assessment for Embedded Systems

This course is intended for engineers who need to perform assessments and then actually demonstrate vulnerabilities on embedded systems, IoT devices or similar systems. Students learn how to find vulnerabilities, demonstrate them by writing exploits, and communicate the nature and severity of vulnerabilities to a non-technical audience.

This is a majority hands-on course, with theory and lectures as needed. Exercises focus on embedded Linux and ARM but other architectures are mixed in for perspective. This course balances application of skills with fundamental knowledge so no one is just “going through the steps” but rather is engaging in a creative problem-solving experience, just like in the real world.

Learning Objectives

  • Students will be able to identify vulnerabilities in embedded products
  • Students will be able to bypass multiple exploit mitigations
  • Students will know the pros and cons of different approaches
  • Students will be able to communicate findings to management


Students are expected to be familiar with reading and writing programs in C and Python We are experienced teachers and are prepared for a variance in backgrounds in each class. We specifically address this through our exercises and environment.

Course Information

Date: October 11th - October 14th
Course Fee: $5,100
CPE Credits: 0

View the Conference Calendar

More Infiltrate Courses

If you are trying to determine which course is best suited for you, email us at infiltrate@immunityinc[dot]com and we will assist you.

See all the courses


Course Length: 4 Days

DAY 1 - Reversing Embedded Architectures

  • Remote debugging with IDA Pro and QEMU
  • Extract, parse, and analyze firmware
  • Architecture specific challenges
  • Reversing ARM/MIPS/PowerPC binaries
  • Overcoming anti-analysis techniques

DAY 2 - Vulnerability Analysis

  • Bug classes
  • Source and binary auditing
  • Stack and heap-based memory corruption
  • Information disclosures

DAY 3 - Exploitation

  • Writing and using shellcode
  • Abusing stack and heap semantics
  • Manufacturing Information disclosures
  • No-execute bit, ASLR, stack canaries
  • Return oriented programming

DAY 4 - Comprehensive

  • End-to-end exploitation of an embedded device
  • Extract and parse target filesystem and to emulate applications
  • Identify vulnerabilities in software
  • Exploit vulnerabilities to gain control of target

View Detailed Syllabus

Infiltrate Sponsors

Register Now

Tickets will be released soon.

Training & Workshops

Learn more about the technical training and workshops offered at INFILTRATE

Attend a session