Back to Courses

Electronics and PCB Reverse Engineering (CESH-10x)

Instructor: Felix and Rob

BG

Introduction

The majority of us have seen a circuit board before. Most techies have also handled one and can point out the different major types of components. But do you truly understand how it actually works or how it can be abused? This course takes a dive into Printed Circuit Boards (PCBs) and electronic components.

Here we look at how to understand the purposes of an unfamiliar PCB, what attack surface it has and how to perform attacks such as firmware extraction. The course has significant practical as well as theoretical elements and students come away confident that they can identify cyber security issues at a hardware level.

Electronics and PCB Reverse Engineering course content

This list shows the various main topics we cover during the course:

  • Health and safety
  • Terminology
  • Component and feature identification
  • Materials from the Internet
  • Types of chips and other components, with when they would be chosen
  • Reverse engineering process
  • PCB operation analysis
  • Analysis prioritisation process
  • Attack surface identification
  • Lab equipment
  • Overcoming challenging connectivity
  • Defensive PCB design
  • Electrical calculations and power delivery circuitry
  • Identifying and dealing with antennas
  • Electrical diagrams and making sense of it all
  • Inter-component communication
  • Using multimeter, logic analysers, and other bits of kit
  • Firmware extraction in a variety of situations
  • Chip off primer and practice
  • Glitching introduction
  • Soldering
  • Introduction to using power analysis to reveal secrets

Deeper description

The Electronics and PCB Reverse Engineering course works through how PCBs are designed, how they work, and how they can be abused. Once you have finished this course you will be able to take an unfamiliar circuit board and analyse it, identifying the logical flow between components, what interfaces may be present and which components are the most likely to be weak.

We start off looking at initial information gathering, things like PCB layout, component identification and understanding data sheets.  To support this we will also briefly go through terminology and the common concepts that surround electricity.  As the course progresses, we then get deeper into analysing the purpose of the PCB, how its layout affects its operation and what we can do to abuse it.  This means understanding what lab equipment we might need, the techniques to quickly gather the relevant data, and how a PCB might be designed to thwart our efforts.

This course necessarily covers a large amount of theory, but also gives lots of opportunities for practical tasks and hands-on experience.  Because we will be dealing with high-temperatures, voltages and generally pointy and sharp objects we do have to go through a base-level of health and safety too.

Instructors / bio

The Electronics and PCB Reverse Engineering course is led by Felix, our resident embedded system nerd.  He has a long career of cyber security roles since around 2008 where he started officially working with customers to perform vulnerability assessments and developing what at the time was specialist security functions for web applications. 

Since then he officially became a security engineer for a boutique cloud service provider and then quickly transitioned into penetration testing.  A few years later he was promoted to be the principal consultant in the team and took on the not-very-nerdy duties of also running the penetration testing team.  At this point in his career Felix was caught by the prospect of causing cyber-physical effects and his career in embedded systems really got started.

Since then he has been involved in the cyber security design and penetration testing of all manner of embedded systems including: cars, medical devices, kiosk-style ordering systems, ships, and industrial CCTV systems.  And finally, Felix has a Master’s degree from Oxford University, sat numerous courses, spoken at conferences, and published vulnerabilities, tools and research.

Cost and dates

This course is new, the beta-edition of this course is 23 – 27 June 2025.

  • BETA | CESH100 – Full Course: 23-27 June 2025 (£2600+VAT/seat – £1000 discount!)
  • BETA | CESH101 – Introduction: 23-24 June 2025 (£1560+VAT/seat – £600 discount!)
  • BETA | CESH102 – Deep Dive: 25-27 June 2025 (£1040+VAT/seat – £400 discount!)

After which the next time this course runs is:

23 – 27 February 2026

  • CESH100 – Full Course: 23-27 February 2026 (£2600+VAT/seat)
  • CESH101 – Introduction: 23-24 February 2026 (£1560+VAT/seat)
  • CESH102 – Deep Dive: 25-27 February 2026 (£1040+VAT/seat)

Beta testers get the discounted rates (up to £1000 off!), you will also get public recognition in our hall of fame, dedicated beta-tester swag, and a special acknowledgement on your certificates. Additional costs include, your travel, accommodation and your breakfast and evening meals.

Loading…

Course format

This course is a strong blend of theoretical discussion and practical, hands-on effort with tools that need physical instruction and as a result is currently only available in person.  This might not suit everyone’s needs, but, the good news is you get to visit us in Manchester where we also host a social on the first evening. To help everyone keep in touch during the course we provide a chat workspace.  This is good for coordinating social time as well as sharing notes and ideas about the course topics. Don’t worry about either the social night or the social media: first of all you don’t have to join in if this isn’t your thing, but also, this isn’t about any form of “professional networking” its just a bunch of people hanging out after learning some awesome stuff.

This course is five days long and as there is a lot to cover they are full days starting at 9:30am and finishing at 5pm.  During the day we have at least two breaks.  The course needs a minimum of 6 students and will never have more than 16.  The course ends with an optional practical assessment, if you complete the tasks required you get a certificate recognising your success.  Everyone who attends the full course also gets an attendance certificate.

The classroom is well appointed, has good WiFi and hot and cold drinks, its spacious, comfortable, has plenty of power sockets, lots of natural light, and is wheelchair friendly.  The course is delivered in English and digital versions of slides and handouts will be provided where appropriate.
Lunch and morning and afternoon snacks are provided so please make sure you let us know about any dietary needs at least a week before we get started.  With the exception of the social night, all other meals are for you to organise.  We suggest getting a hotel that provides breakfast, and there are many good restaurants in Manchester for your evening meals.  We will try and facilitate additional social arrangements, but, this is down to the individuals present.

There are a number of good and affordable hotels in the Manchester area.  We are based in an area called Media City and we are in the same complex as the northern head quarters of the BBC.  This means that there are lots of facilities locally and you could choose to not venture into the city centre.  If you do choose to look further around there are good tram links that can take you into the city as well as to key travel hubs such as Piccadilly, the national railway station, and Manchester International Airport.
Please check the weather before you travel and bring suitable clothes for the season.  If in doubt, assume you will need a waterproof coat and an umbrella.  The locals will tell you that Manchester is one of the rainiest places in the world, its not actually true but it does drizzle more than you might expect, even in summer.

Finally, we are a neurodiversity affirming organisation.  If you have any needs to help you learn and get the most out of the course, please get in touch.  We may not be able to cope with all requests, but, we will do what we can.

Why this is good for you

This course will give you the confidence to analyse hardware to a significant depth, identify vulnerabilities and attack surface, perform some hardware-level attacks.  From outside the community, looking at resistors, chips and and PCB traces can seem like a dark art but the reality is, it isn’t anything like that.  Once you have completed this course you will be able to understand what you are looking at and quickly be able to assess the target device to identify your next actions.  You will inevitably still chase down rabbit holes, we all do.  But the fact is that you will be able to see what rabbit holes are actually there and make a better informed decision about which ones to investigate deeper.

With this information you will be able to describe any identified issues, the technical risks that are present, and offer potential alternatives for further investigation.  You can take this new knowledge and confidence and use it to take your career into the hardware hacking scene, expand the types of penetration test you take on, or just show off to your mates.

All students that complete a course get advanced notification and access to sign up for new course dates, as well as early-bird pricing.  Those students that show particularly keen skills or enthusiasm will also be offered the exclusive opportunity to collaborate on a future research topic. If we identify vulnerabilities, we will then look to complete responsible disclosure with the vendor.  In the unlikely situation that no vulnerabilities or anything interesting is found, we would still look to publish a write up of the work that we did to ensure the world knows your name and about your talent.

Required equipment, tools, and software

You will need a laptop with at least 8GB RAM preferably 16GB, an up to date and stable Operating System, and an Ethernet port / reliable Ethernet dongle.  This laptop must be fully under your control such that you can install tools, dependencies and run arbitrary code.  It is often useful to have the ability to run virtual machines and any that we provide will be suitable for importing into VirtualBox.  If you use a different hypervisor, ensure that you are confident about importing VMs from OVF file formats.  Unfortunately we are unable to pause the course for technical difficulties as a result of the amount of material that we need to cover.

We will use a number of other tools during the course.  We put together a goodie bag which directly relates to the activities in the course.  The free goodie bag is yours to keep at the end of the course. The exact details of what is in it will vary depending on availability but we always make it a useful and interesting collection.  We provide any other tools needed to complete all the tasks set, aside from a laptop.

You don’t need to bring anything extra other than your enthusiasm!

Electronics and PCB Reverse Engineering Course – Prerequisites

There are no formal prerequisites, but the Electronics and PCB Reverse Engineering course is highly technical.  Experience of hardware concepts is useful but not needed. The course is designed to build good foundational knowledge first and then dig into increasingly interesting stuff as the days progress.

Get in touch

Register interest