Register Online

Contact Info

(+91)-974-690-6654
support@c0c0n.org

Social Links

WS-05

Home WorkshopsAutomotive Security: A Hands-On Approach

Automotive Security: A Hands-On Approach

07-09 October, 2025

WORKSHOP OBJECTIVE

Modern automotive security extends far beyond simple CAN Bus aƩacks. With the rise of connected vehicles, security assessment must cover the entire ecosystem, from the in-vehicle network (IVN) to vehicle-to-everything (V2X) communications.

This workshop will develop attendees’ threat-modeling skills, helping them understand interconnected attack surfaces, vulnerabilities, and exploitation paths within modern vehicle architectures.

Through guided hands-on exercises using vulnerable ECU(s), participants will gain pracƟcal experience in penetration testing, protocol exploitation, and applying security risk assessment methodologies like Threat Analysis and Risk Assessment (TARA) as per ISO 21434.

PRE-REQUISITE

  •     Basic understanding of networking & cybersecurity is a plus
  •     Familiarity with Linux command line will be a plus
  •     Experience with automotive security is beneficial but not mandatory

PARTICIPANT'S REQUIREMENTS

  •     Laptop (Windows/Linux/macOS)
  •     Minimum 8GB RAM, Python & Linux installed
  •     USB-to-CAN Adapter (if available, will be provided otherwise)

WHO SHOULD ATTEND

  •     ECU/Vehicle Cybersecurity Architects
  •     Teams from OEMs & ECU Suppliers
  •     Security Professionals interested in IVN & Vehicle Pentesting

WHAT TO EXPECT

  •     Hands-on experience in attacking & securing in-vehicle networks
  •     Practical understanding of TARA and ISO 21434 implementation
  •     Deep dive into CAN & UDS security assessments

WHAT NOT TO EXPECT

  •     Theoretical-only discussions without practical applications
  •     Exhausive coverage of every vehicle protocol outside IVN scope

Trainer

Kartheek Lade

Automotive Security Researcher

Day wise Training Plan

  • DAY 1 - Foundations of Automotive Security & TARA (8 Hours)
    • Session 1: Introduction to Automotive Security (2 Hours)
      • Modern Vehicle Functions and Architectures
      • Trends in Vehicle Penetration Testing
      • Defining the Automotive Attack Surface
    • Session 2: Introduction to Threat Analysis and Risk Assessment (TARA) (3 Hours)
      • Overview of TARA (ISO 21434)
      • Item & Asset Definition
      • Damage & Threat Scenarios
      • Attack Paths
      • Feasibility & Risk Rating
      • Technical and Business Risk Quantification
    • Session 3: Introduction to Controller Area Network (CAN) (3 Hours)
      • Packet Structure & Communication Rules
      • Understanding CAN Message Format
      • Setting Up Open-Source Tools for Hands-on Labs
  • DAY 2 - Practical CAN Bus Attacks & Security Assessments (8 Hours)
    • Session 4: Hands-on CAN Bus Labs with Open-Source Tools (1 Hour)
      • Sniffing CAN Traffic
      • Packet Injection & Manipulation
    • Session 5: CAN Bus Protocol-Based Attacks (5 Hours)
      • Bus Off Attack
      • Freeze Doom Loop / Overload Attack
      • Double Receive Attack
      • Janus Attack
    • Session 6: TARA & Business Impact (2 Hours)
      • Relation between Safety and Cybersecurity
      • Impact on Business!
      • What's Automotive CIAAA?
      • Cybersecurity Assurance Levels (CAL) & Risk Alignment
      • Insights on converting internal metrics to CAL
      • Alignment of Responsibilities
  • DAY 3- Advanced Risk Mitigation, UDS, & Defensive Strategies (8 Hours)
    • Session 7: TARA Implementation & Mitigation Strategies (4 Hours)
      • Applying TARA to real-world automotive vulnerabilities
      • Mapping vulnerabilities to attack feasibility
      • Case studies on previous automotive cybersecurity incidents
      • Risk-based mitigation strategies
      • Hands-on : TARA on real-world attack surfaces
    • Session 8: Unified Diagnostic Services (UDS - ISO 14229-1) & Security Challenges (2 Hours)
      • Overview of UDS Protocol for Vehicle Diagnostics
      • Understanding Diagnostic Trouble Codes (DTCs)
      • Security Features & Weaknesses
      • Defensive Techniques & Hardening Strategies
    • Session 9: Wrap-Up & Final Q&A (2 Hours)
      • Recap of Key Learnings
      • Open Discussion on Real-World Scenarios
      • Final Hands-on Challenge (If time permits)
      • Q&A and Closing Remarks

Book your seat Now

Workshops

Windows Kernel Exploitation Foundation & Advanced Training
Read More
Multi-Cloud (AWS, Azure & GCP) Security [2025 Edition]
Read More
Offensive OSINT
Read More
Android Security Primer
Read More
Automotive Security: A Hands-On Approach
Mastering Telecom Security: A Hands-on Guide to RAN & Core Network Protection
Read More
Hands on in Signal intelligence, Electronic Warfare, and CEMA for Security Applications
Read More
StealthOps: Red Team Operations 2025 Edition
Read More
HackTheWeb: Pentesting Beyond Basics
Read More
Secure Code Audit Exclusive Edition
Read More
Hacking Android, iOS and IoT apps by Example
Read More
Attacking CI CD Environments
Read More
Breaking Smart Kiosks with Windows 11 OS Hardening
Read More
Offensive Tradecraft Development
Read More

COMMUNITY PARTNERS

INDUSTRY CONFERENCE ALLIES

Contact Us

© Copyright 2025 -c0c0n. All Right Reserved