DEF CON is one of the world's largest and most iconic hacking conference. And this year we had the incredible opportunity to not only attend but actively participate with a booth, workshops, and celebrating the launch of Hextree.

The Glitching Lab: A Hands-On Fault Injection Experience

The goal of our booth at DEF CON was to introduced attendees to hardware fault injection attacks. But instead of doing a classical workshop, we used our Hextree platform with self-paced courses to let them figure it out. So here is how it worked.

We invited people through social media to come to our booth if they want to learn about fault injection. They can bring their own laptop, we give them the required hardware, and let them go to through our self-paced step-by-step video courses on Hextree.io. If they got stuck or had general questions, we were there to help. We found this method quite effective, as we were able to teach a lot more people about the topic, than in a typical workshop environment. And there was no speed conflict between experienced and non experienced participants.

Unfortunately not everybody brought their laptop to DEF CON. Luckily our booth neighbours (Raspberry Pi) had some Pi workstations left over, that they graciously gave us.

‍

As the target to attack, we used our Glitch Tag. The Hextree GlitchTag is a "totally not AirTag inspired" board for the nRF52832 microcontroller. It is not made intentionally vulnerable - it just has the PCB setup with access to all the pins, so you don't need soldering. To perform the attack, we used our own hardware the Faultier (german pun on the word sloth). Thomas created the hardware and Python library to easily setup and automate fault injection attacks. And it's not just a toy example, Thomas actively uses the hardware himself in lots of his research.

Overall the booth was a huge success and we think about doing this again at other conferences as well. Thanks so much for everybody who came by and we hope you learned something new.

We also want to express our gratitude to the Embedded Systems Village for hosting us. Their team went above and beyond to support us throughout the event, whether it was helping with logistics or bringing us food and drinks when we were too busy to grab any ourselves—thank you!

Other Events around DEF CON

You can imagine we were quite busy with our booth at DEF CON. But our trip to Las Vegas wasn’t just about that. ‍We partnered with Raspberry Pi to create a hardware security challenges based on their latest RP2350 chip.

And we also held various talks and workshops:

• Google Workshop: We led an Android application security workshop at a Google Bug Hunter event, diving deep into a real vulnerability found during the creation of our Android courses.
• University Talk: At the University of Nevada, Las Vegas (UNLV), I held a 20-minute talk on Android reverse engineering to a room students, as part of Google’s init.g event. You can also watch the talk on YouTube.
• DEF CPN and Black Hat Talk: Thomas presented a technical session at Black Hat and DEF CON, further solidifying our presence in the cybersecurity community.

If you want to see more of our experience in Las Vegas, you can also checkout my Vlog on YouTube: