Scoping a Hardware Penetration Test
A good hardware pen test starts with good scope. Here is how to define what gets tested, how deeply, and what the risks are before any probe touches a board.
Writing a Hardware Pentest Report That Gets Fixed
A finding nobody fixes is wasted work. Here is how to write a hardware penetration test report that engineers act on instead of filing away.
Building an Attack Tree for Embedded Hardware
An attack tree breaks a goal into the steps an attacker would take. Here is how to build one for embedded hardware and use it to prioritize defenses.
A Repeatable Hardware Security Test Plan
Ad-hoc probing finds some bugs. A repeatable plan finds them consistently. Here is the structure of a hardware security test plan that scales across products.
Threat Modeling Before the First Board Spin
The cheapest time to fix a security flaw is before the board exists. Here is why threat modeling belongs in the design phase, not after.
Writing a Security Requirements Doc for Hardware
Security that is not written down does not get built. Here is how to turn a threat model into requirements engineers can implement and test.
Replay Attacks on RF Remotes
Many RF remotes send the same code every time, which makes replay trivial. Here is how replay attacks work and how rolling codes stop them.