2026-06-26 –, Yoga Studio
Hecate is an open source UART implant framework designed to make common hardware hacking tasks easy with minimal code. It turns any CircuitPython microcontroller into a powerful, customizable UART implant.
In this workshop, you'll get to use all the core features of Hecate and see how they work against multiple target devices. We'll start hands-on by listening to a device's UART output, and then configuring Hecate to operate in standalone mode and log it to a file. Once we've seen it in action, we'll step back for a bit of lecture about UART, what it's used for, and what we designed Hecate to be capable of.
Armed with this knowledge, you'll dive into more hands-on labs: a payload dropper that will playback a custom transaction and a simple detector that will signal an alert when it detects a pattern. We'll reconvene for a last bit of lecture on Hecate's advanced features like in-flight implant-in-the-middle attacks in case you want to explore them after the workshop.
Hecate makes developing embedded implants trivial, while remaining flexible enough for advanced research and rapid prototyping. You'll walk away with hands-on experience using the Hecate framework and a working understanding of what's possible with UART interception, manipulation, and exploitation.
Hardware Requirement: Bring a laptop with a USB port and a text editor, any operating system.
Recommended: Mu-editor installed or Chrome/Chromium-based browser for https://circuitpy.dev in-browser editor
Experience: Beginner friendly. Familiarity with python, experience with text consoles, and some fundamental UART understanding would all be very helpful, but not required.
We'll bring all the hardware you'll need, and you'll get to keep one of the boards for your own use.
Rough outline:
Lab 1: Finding and Logging UART (15 minutes)
Lecture 1: UART basics and Hecate intro (20 minutes)
Lab 2: Dropping a crafted UART payload (20 minutes)
Lab 3: Alerting on a UART pattern match (20 minutes)
Lecture 2: Advanced Hecate usage (15 minutes)
Joe FitzPatrick (@securelyfitz) is a trainer and researcher at SecuringHardware.com with a personal mission to make all hardware devices at least a bit more secure. He builds tools like Tigard and Erebus, and teaches Applied Hardware Attacks trainings to help people break - and secure - their hardware devices. His actual superpower is the ability to instantly end awkward conversational pauses if you ask him about BSides Portland, the CTRL-H Hackerspace, or drone taco delivery at ToorCamp.
nyx is a Portland-based hacker, engineer, and self-described cyberpunk. As an unwilling participant in the late-capitalist, mass-surveillance dystopia, he is passionate about digital privacy, data self-custody, and running his own infra.
After being fired from his corporate day job for stealing from the office, he has so far managed to eke out a modest living as an independent embedded security researcher. His hobbies include poisoning everybody.