The Car Hacker’s Methodology and Checklist for Application Security Hackers

Course Details

Training Level: Beginner; Intermediate


Early Bird: RM5,000 (Use Code: SS2024TEB. Ends 31st May, 2359H)
Normal: RM6,300

Course Abstract

Unlocking the doors of a car is sort of like a “Hello World” in Car Hacking. But this isn’t the end – it’s not a tip of an iceberg but there are other things you can also hack or play. There is more to just opening the doors and hacking infotainments. And so the speaker drafted a Car Hacker’s Methodology and Checklist geared towards application security hackers and professionals based on his experience as an automotive security bug triager and a car hacker himself.

Join Jay as he summarizes his own checklist for the following attack surfaces and activate this proposed talk into a workshop mode: 

  • Infotainment, Telematics and every IoT Devices in the Car 
  • CAN Access and Injection – RF (Radio Frequency) Hub 
  • Apps Connected to the Vehicle 
  • Web Endpoints, Firmware Update Servers, PKI Bridge

The instructor would also demonstrate real world attacks against known vehicles and how you may be able to replicate it or do it on a cheap hardware or known hardware. The author would like to point out some attacks that are also misunderstood or overlooked like sometimes you don’t need to jam or perform rolljam to open a car. canTot which is made by the instructor will also be shown as part of a tool he uses for automation in car hacking.

Course Outline

  1. Introduction
  2. Attack Surfaces of a Connected Vehicle Roundup
    • Infotainment, Telematics and every IoT Devices in the Car
    • CAN Bus
    • RF (Radio Frequency) Hub, Key fobs
    • Apps Connected to the Vehicle
    • Web Endpoints, Firmware Update Servers, PKI Bridge
  3. CAN Bus Hacking and Simulation
    • Setting Up Tools
    • Demo or Labs with ICSIM
    • Actual Labs with a Physical Instrument Cluster
    • CAN Bus Hacking on a cheap
    • Metasploit for Car Hacking
  4. Fast- Paced RF Hacking
  5. Vulnerability Disclosure
  6. Q & A

Who should attend?

  1. Application security engineers, bug hunters or penetration testers who want to get started with car hacking.
  2. Junior automotive security engineers
  3. Automotive security engineers


  1. Participants should bring a laptop and has a virtual machine that has Kali installed
  2. Intermediate Linux, Python, Bash knowledge
  3. Intermediate Pentesting knowledge

Trainer Profile

Jay Turla

Jay Turla is a Principal Security Researcher at VicOne, and one of the goons of ROOTCON. He has presented at international conferences like ROOTCON, HITCON, Nullcon, DEFCON, etc. He used to work for HP Fortify and Bugcrowd in the areas of appsec. His main interest or research right now is about car hacking and is currently one of the main organizers of the Car Hacking Village of ROOTCON / Philippines which is recognized and supported by the Car Hacking Village community.

Scroll to top