Here's the page we think you wanted. See search results instead:

Advance Fault Injection Training

As modern embedded systems become faster, smarter, smaller, and more resilient at the software level, attackers increasingly rely on Fault Injection to compromise devices when software vulnerabilities are unavailable. While Fault Injection techniques are widely known, they are often applied through trial and error, without a deep understanding of the mechanisms that make attacks reliable, repeatable, and transferable. This training closes that gap by shifting the focus from simple glitching to a structured understanding of Fault Injection concepts, methodologies, and real-world attack strategies, enabling participants to analyze fault behavior, assess target susceptibility, and develop advanced, reproducible exploits for modern hardware security challenges. 

Audience

Security labs, device manufacturers, research institutes, forensic investigators, and law enforcement teams  

Format

Onsite, 75% hands‑on practice and 25% lectures 

Duration

4 days training

Locations

Customer site or Keysight Offices
(Delft, NL/San Francisco, US) 

Outcomes

Design Fault Injection campaigns like an expert; characterize targets, analyze and model faults, build attack primitives, and reproduce attacks (e.g., Secure Boot bypasses) using methods applicable to multiple System-on-Chip (SoC) platforms. 

Group Size

up to 6 or up to 10 participants 

What You Gain from This Training  

This training is designed to fundamentally change how you approach Fault Injection, moving you from ad-hoc experimentation to expert-level, methodical attack development. 

After completing the training, you will be able to: 

  • Operate Fault Injection like an expert by characterizing targets, analyzing and modeling faults, and developing attack primitives that generalize beyond a single device  
  • Reproduce documented, real-world Fault Injection attacks on the ESP32 and understand how to port these techniques to other System-on-Chip architectures 
  • Apply a repeatable Fault Injection methodology that goes beyond trial-and-error glitching, increasing confidence, readiness, and risk reduction for your organization 
Three workers collaborate with tech graphics overlaid

Not Another Basic or Online Course

This is a deeply hands-on, onsite training designed for practitioners who want to move beyond theory and isolated experiments. Approximately 75% of the training is spent working with real hardware, using precise timing, trigger-based fault injection, and realistic targets, an experience that cannot be replicated through slides, webinars, or recorded sessions. The remaining 25% is dedicated to focused lectures that provide the methodological foundation behind the exercises, covering attack strategy, decision-making, trigger selection, parameter optimization, and fault interpretation, not simply how to operate a tool. 

Training level: Intermediate to Advanced 

Hands-on oscilloscope tutorial setup with waveform signals, from Keysight’s educational resources for beginners learning electronic measurements

Designed for Experienced Practitioners 

This advanced training is designed for professionals working in embedded security testing who want to upgrade and accelerate their Fault Injection methodology and workflows. It focuses on applying structured Fault Injection techniques to real-world targets, combining conceptual depth with extensive hands-on experimentation to support advanced, repeatable attack development. 

Training Agenda 

This training can be delivered onsite at your location, working directly with your existing equipment, with additional Keysight tooling available upon prior arrangement, or at Keysight training facilities in Delft, Netherlands, or San Francisco, United States. The training is delivered by an expert security team with over 20 years of experience in embedded systems, and is structured as four full days, combining 25% expert-led lectures with 75% hands-on exercises focused on real-world Fault Injection attacks. 

Fundamentals 

  • Fundamentals of Fault Injection 
  • Building Fault Injection setups 
  • Fault Injection Reference Model  
  • Get familiar with the target  
  • Get (more) familiar with the tooling 
    • DS1180A Glitch Pattern Generator 
    • DS1140A 1.5 A Glitch Amplifier 
    • Inspector FJ2 Fault Injection Software (Python API) 
    • PicoScope 2406b (oscilloscope) 
    • Espressif ESP-Prog (hardware debugger) 

Advanced Techniques 

  • Target characterization; with and without custom code 
  • Analyzing faults to identify target behavior 
  • Plotting results to identify target behavior 
  • Modeling faults to build attack primitives 
  • Advanced trigger techniques for timing 
  • Vulnerability identification by reverse engineering 
  • Effective glitch parameter selection strategies 

Advanced Attacks 

  • Bypassing Secure Boot on ESP32 
  • Controlling the Program Counter on ESP32 
  • Glitching the OTP Transfer on ESP32  
  • Bypassing Encrypted Secure Boot on ESP32 

Prerequisites and Expected Background 

To get the most value from this training, participants are expected to have: 

1. Prior experience with basic Fault Injection attacks

2. Familiarity with embedded systems and laboratory tooling, such as oscilloscopes and debuggers 

3. Working knowledge of Python and C, basic reverse engineering concepts, and common cryptographic primitives, including RSA, AES, and SHA 

Advanced Fault Inejction Training FAQs

 No. This is an advanced training that assumes prior experience with basic FI attacks, embedded systems, and hardware lab workflows. We do offer an Essential Training for beginners.

No. We use Inspector Software, which includes over 100 ready-to-use modules. However, knowledge of C and Python is required to unlock advanced capabilities and customize scripts. 

No. The 4-day format is optimized to cover fundamentals, advanced techniques, and real-world attacks with sufficient hands-on time. 

Either at your office (onsite) or at Keysight Device Security offices in Delft (NL) or San Francisco (US). 

The maximum participants are up to 10 people. 

 At Keysight offices, everything is provided. At customer sites, you’ll need your own Keysight FI setups. 

We can bring additional Keysight setups, subject to prior agreement and availability. 

Familiarity with Python and C is expected for scripting and advanced customization. 

Yes. Participants should have experience performing basic FI attacks and working with embedded devices. 

Understanding of RSA, AES, and SHA is recommended for analyzing secure boot and related mechanisms.

Participants work in pairs to accelerate troubleshooting and attack iteration. 

Yes. You’ll receive the VM, scripts, target, and slides for continued practice. 

 No. This is an onsite, hands-on training, remote delivery cannot replicate the hardware timing realities required for Fault Injection (FI). 

Interested in this service? Reach out to learn more.