Hacking the Invisible: SDR for Red Team Operations

Description

Part 1 — RF Foundations, SIGINT, COMINT

The first part takes students from RF fundamentals to operational SDR skills, with hands-on spectrum analysis and SIGINT techniques. The emphasis is on building the reflexes needed to approach any unknown wireless target — starting with passive recon before ever transmitting. RF Crash Course for Hackers

• How radio works: just enough physics to be dangerous
• Signal identification: waterfalls, spectrum analysis, and what to look for
• Modulation & demodulation: AM, FM, ASK, FSK, QPSK, others, and how to recognize them
• Encoding & decoding: from raw bits to structured data
• Legal considerations and how to stay safe
• Traps to avoid before and during assessments

Module 1 — SDR Hardware & Software Setup

• SDR device landscape: what to buy and why
• How to choose the right antenna and measure them
• Setting up RF Swift: your Docker-based SDR operations platform
• Quick tips and hardware hacks for the field

Module 2 — SIGINT & Spectrum Analysis

• Introduction to signals intelligence applied to red team operations
• Spectrum analyzers: identifying what's transmitting around you
• Signal hunting: finding interesting transmissions in the wild and classifying them

Module 3 — COMINT

• From captured signal to decoded data: the complete pipeline
• Manual analysis (with URH for example) and automated sample analysis workflows (with pre-made tools)
• Analyzing physical access systems such as alarms, gate openers
• Remote and Passive Keyless Entry systems (RKE & PKE)
• Other systems: TPMS, UAV communications, and more

Module 4 — Active Attacks

• Replay attacks on unsecured systems
• Crafting packets with existing tools
• Reversing blind communications based on responses
• Analyzing and attacking secure communication (encrypted, rolling codes, etc.)

Part 2 — Building Your SDR Toolkit: No Tools? No Problem!

In Part 2, we go beyond existing tools and create our own to exploit IT, OT, and IoT systems — even the most exotic ones. Students learn to design custom tools to automate attack chains and tackle communications that none of the existing tools support.

Module 1 — Hands-on with GNU Radio

• Building your first signal processing chains
• Block schemas, generators, sinks, sources, and operators
• Receiving real signals: AM/FM radio as a warm-up
• Transmitting simple signals (within legal boundaries)
• Optimizing sample processing for real-time operations
• Organizing flow-graphs
• Spying and injecting traffic on PMR, baby phones, and all unencrypted analog communications

Module 2 — Processing Binary Modulations

• Modulating and demodulating our previous targets
• Automating the full encoding and decoding chain to attack our targets

Module 3 — Attacking Connected Systems

• Attacking nRF systems: wireless mice, keyboards, presenters
• Looking at industrial communications such as LoRa
• Spying on drone cameras
• And more depending on the time

Bonus

• Studends can also bring a few devices, we can look at them during coffee break or during the conference ;)

Key Learning Objectives

• SIGINT/COMINT: RF recon & signal identification
• Capture, decode & analyze: alarms, gates, RKE/PKE, TPMS, UAVs
• Active attacks: replay, packet crafting, blind reversing
• GNU Radio: build custom offensive tools
• Analog interception: PMR, baby monitors, injection
• Connected systems: nRF hijacking, LoRa, drone camera spying
• RF Swift: operational SDR platform for red team engagements

Who Should Attend?

Pentesters, OT/IoT designers, defense and space

Prerequisite Knowledge

• Comfortable with Linux command line
• Basic programming skills (Python, C, or similar)
• Understanding of pentesting or red teaming concepts è No prior RF or SDR experience required - Part 1 covers all foundations

Hardware Requirements

Laptop capable of running Docker (8GB RAM recommended). Linux like Ubuntu for best experience with RF Swift.

Bio