All Trainings

About This Workshop

Bluetooth Low Energy is everywhere — smart locks, wearables, medical devices, industrial sensors. This introductory yet hands-on workshop dives into the world of BLE security from an offensive perspective, giving you the conceptual foundation and practical skills to assess BLE-enabled systems.

Starting from fundamentals (how BLE works, device roles, the GATT model) you'll progress through the protocol stack, learn to identify trust boundaries and insecure configurations, then get hands-on with real attack techniques: passive sniffing, GATT enumeration, replay attacks, unauthorized access, downgrade attacks, and Man-in-the-Middle scenarios.

Privacy & Tracking Attacks
Passive Sniffing & Traffic Interception
GATT Enumeration
Replay Attacks
Unauthorized Access
Downgrade Attacks
Man-in-the-Middle (MitM)
Vulnerable Implementation ID

Your Trainer

David Sopas
David Sopas
Security Research Lead at Char49 · IoT & Vulnerability Research Specialist

David Sopas leads a team of security researchers at Char49. With more than 15 years experience in pentesting and vulnerability research, he has been acknowledged by companies like Google, Yahoo!, eBay and Microsoft. Retired from bug bounty hunting, Sopas now focuses on IoT security and tries to learn something new every day.

Workshop Outline

1

BLE Fundamentals & Ecosystem

  • Design goals, real-world use cases across IoT, smart devices and embedded systems
  • Core BLE terminology and device roles: Central, Peripheral, Advertiser, Scanner
  • GATT model: services, characteristics, and descriptors
2

Protocol Stack Deep Dive

  • Physical Layer, Link Layer, L2CAP, ATT, GATT
  • Security Manager Protocol (SMP): pairing, bonding, and encryption
  • Where design decisions introduce attack opportunities
3

Communication Model & Attack Surface Analysis

  • Advertising-based discovery and connection-oriented communication
  • Identifying trust boundaries and insecure configurations
  • Exposed functionality that may be abused by attackers
4

Common BLE Attacks & Offensive Techniques

  • Passive sniffing and traffic interception
  • GATT enumeration to discover exposed services and sensitive functionality
  • Replay attacks, unauthorized access, and downgrade attacks on weak pairing modes
  • Man-in-the-Middle scenarios in practice
5

BLE Offensive Security Tools

  • Scanning, enumeration and traffic analysis utilities
  • BLE sniffing hardware and its usage
  • Practical attacker workflows: discovery → enumeration → analysis → exploitation
6

Guided Hands-on Labs & Q&A

  • Environment setup and interacting with live BLE devices
  • Applying the techniques covered throughout the training
  • Q&A: clarify concepts and discuss real-world testing scenarios

What You'll Be Able To Do

Ready to Break BLE?

Seats are limited. Training ticket required — separate from the main conference ticket.

Book Your Seat