c0c0n 2026

c0c0n is a 19 years old platform that is aimed at providing opportunities to showcase, educate, understand and spread awareness on Information Security, data protection, and privacy...

Venue & Date

Contact Us

  • Home
  • Trainings
  • Automotive Security in Practice: Exploitation, Risk Assessment & CAN IDS!

Automotive Security in Practice: Exploitation, Risk Assessment & CAN IDS!

c0c0n 3-Day Professional Training

Automotive Security in Practice: Exploitation, Risk Assessment & CAN IDS!

Objective

Modern automotive security extends far beyond isolated CAN Bus attacks. With the increasing complexity of connected vehicles, security practitioners must understand not only how to identify and exploit weaknesses in in-vehicle networks, but also how to assess their impact and design practical defensive strategies.

This workshop is designed to provide participants with a hands-on understanding of modern automotive cybersecurity by combining in-vehicle network security, CAN and UDS security testing, Threat Analysis and Risk Assessment (TARA) aligned with ISO 21434, and an applied introduction to CAN Intrusion Detection Systems (IDS).

Through guided practical exercises using open-source tooling and vulnerable automotive lab environments, participants will learn how to analyze vehicle communication, perform protocol-level security assessments, map exploitation paths to risk outcomes, and explore practical detection approaches for identifying malicious activity on CAN networks.

Course Content

Day 1: Foundations of Automotive Security, Vehicle Architecture & Risk Assessment
Session 1: Introduction to Modern Automotive Security
  • Evolution of automotive cybersecurity
  • Modern vehicle architectures and ECUs
  • Trust boundaries in connected vehicles
  • Defining the automotive attack surface
  • Current trends in automotive penetration testing
Session 2: Threat Analysis and Risk Assessment (TARA)
  • Introduction to TARA in the context of ISO 21434
  • Item definition and asset identification
  • Damage scenarios and threat scenarios
  • Attack path analysis
  • Feasibility rating and impact assessment
  • Technical and business risk quantification
Session 3: Controller Area Network (CAN) Fundamentals
  • Introduction to CAN protocol and communication model
  • CAN frame structure and arbitration
  • Practical understanding of CAN message flow
  • Tooling setup for hands-on exercises
  • Introduction to the vulnerable lab environment
Day 2: Practical CAN Exploitation & Security Assessment
Session 4: Hands-on CAN Traffic Analysis
  • Capturing and interpreting CAN traffic
  • Identifying meaningful communication patterns
  • Sniffing, replaying, and observing ECU behavior
Session 5: CAN Packet Injection & Manipulation
  • Crafting and transmitting CAN messages
  • Message tampering and practical effects
  • Replay and manipulation techniques in a controlled environment
Session 6: Protocol-Level CAN Attacks
  • Bus Off attack
  • Overload / denial-style abuse scenarios
  • Double Receive attack
  • Attack chaining and impact demonstration
  • Discussion on safety, cybersecurity, and operational implications
Session 7: Mapping Exploitation to Risk
  • Connecting practical attack findings back to TARA
  • Evaluating exploit feasibility and business impact
  • Automotive CIA considerations
  • Risk alignment and mitigation prioritization
Day 3: CAN IDS & Defensive Engineering
Session 8: CAN IDS – Detection, Monitoring & Response
  • Why intrusion detection matters in automotive networks
  • Signature-based and anomaly-based detection approaches
  • Detecting replay, injection, flooding, and abnormal message behavior
  • Building practical detection logic using open-source tooling/scripts
  • Understanding false positives, limitations, and tuning considerations
  • Mapping CAN IDS alerts to attack scenarios and risk outcomes
Session 9: Mitigation, Hardening & Wrap-Up
  • Defensive strategies for CAN and diagnostic security
  • Risk-based mitigation planning
  • Hardening considerations for in-vehicle communication
  • Open discussion on real-world constraints and implementation challenges
  • Final recap, Q&A, and practical discussion
Note to the attendees

This workshop is designed to be highly interactive and hands-on. While the core structure and learning objectives will remain consistent, selected modules especially the CAN IDS segment and supporting practical exercises may be further curated based on audience profile, live feedback, and the pace of the session. This allows the training to remain adaptive and aligned with the workflow of the participants while preserving the overall agenda and intended learning outcomes.

Pre-requisite

  • Basic understanding of networking and cybersecurity is a plus
  • Familiarity with Linux command line will be helpful
  • Prior automotive security experience is beneficial but not mandatory

Who Should Attend

  • ECU / Vehicle Cybersecurity Architects
  • Teams from OEMs and ECU suppliers
  • Security professionals interested in IVN and vehicle pentesting
  • Researchers interested in automotive protocol security and detection engineering

Participant's Requirements

  • Laptop (Windows/Linux/macOS)
  • Minimum 8GB RAM
  • Python and Linux installed
  • USB-to-CAN adapter if available; can be provided otherwise

What to expect

  • Hands-on experience in analyzing, attacking, and securing in-vehicle networks
  • Practical understanding of TARA and ISO 21434-aligned risk assessment
  • Deep dive into CAN and UDS security testing
  • Introduction to CAN IDS concepts and practical detection approaches

What Not to Expect

  • Theory-only discussions without practical application
  • Exhaustive coverage of every automotive protocol outside the workshop scope
  • A purely tool-driven session without risk and engineering context

Trainer(s)

Kartheek Lade

Kartheek Lade

Automotive Security Researcher

Training Information

  • Duration 3 Day Training
  • Dates 11th Oct, 2026 to 13th Oct, 2026
  • Time 09:30 IST - 17:30 IST
  • Venue Grand Hyatt, Bolgatty, Kochi, Kerala

Trainings

Oct 6–8 Pre-Conference
T1
Hook, Line, and Sinker: Exploring the Phishing Abyss
T2
Applied Infrastructure Security Assessment
T3
Creating Custom Tooling for Offensive Security after 2025 - Beyond Autopilot Pentesting
T4
Operational Open Source Intelligence (OSINT), From Online Data to Real-World Impact.
T5
AI Security Engineering Masterclass
T6
Practical AI Security: Attacking and Defending LLMs, Agents and MCP
T7
Practical Fuzzing: A Hands-On Learning Experience for Uncovering Vulnerabilities on Linux
T8
Attacking and Defending GitHub CI CD Pipelines
T9
Threat Tradecraft: Infrastructure Hunting & Malware Analysis
T10
Telecom Network Exploitation: Pentesting Across 4G/5G Stacks
T11
Hacking Android, iOS and IoT apps by Example - 2026 Edition
T12
Multi-Cloud Security (AWS, Azure, GCP) - AI Edition
T13
Red Team: Identity Exploitation & Nation-State Implant Tradecraft
T20
Invite Only (For Law Enforcement)
Oct 11–13 Post-Conference
T14
Hack the IoT
T15
Automotive Security in Practice: Exploitation, Risk Assessment & CAN IDS!
T16
HuntOps: From Telemetry to Adversary Detection
T17
HackTheWeb: Pentest Smarter with AI
T18
Weaponizing Defense: Attacking Windows 11 Kiosks Using Enterprise Hardening Solutions
T19
The Art of Finding Bugs: Advanced Techniques in Vulnerability & 0-Day Research

Register Now