Workshop: Intro to SDR Hacking: Capture, Decode, Take Over

Join Paul Clark — co-author of the Field Expedient SDR book series and Practical SDR: Getting Started with SDR (No Starch Press) — for a fast-moving, four-hour introduction to the offensive side of software-defined radio (SDR).

Live Training $25 - $300

Course Length: 4 Hours

Includes a Certificate of Completion

Enroll Now

Next scheduled date: July 24th, 2026 @ 12:00 PM EDT

Description

Billions of wireless devices are deployed across homes, offices, and industrial facilities, and many of them have no meaningful authentication. In this workshop, you’ll learn how those signals are captured, decoded, and turned against the devices that send them. You’ll also gain experience doing this yourself, using Universal Radio Hacker (URH), GNU Radio, and Python against a 433 MHz remote-controlled outlet. No SDR hardware, no prior radio experience, and no engineering math required: Every lab runs on instructor-provided RF capture files, and your “target” is a Python software receiver that prints decoded commands to the screen. All you’ll need is a laptop to follow along.

By the end of the workshop, you’ll have executed your first full RF kill chain — find the signal, isolate it, decode the payload, build a transmit flowgraph that synthesizes a new payload, modify a bit, and watch the receiver respond because you told it to. You’ll come away knowing exactly how to take these skills further.

System Requirements
- This workshop is designed to be accessible without high-end hardware. Here's what you'll need to participate fully:
- OS: Linux, Windows, or macOS
- CPU: A modern dual-core processor is the minimum; a quad-core processor will run the lab VM more smoothly when several apps are open at once.
- RAM: 8 GB minimum on Linux hosts; 16 GB recommended on Windows or macOS (where the VM runs as a guest).
- Storage: Please ensure you have at least 25 GB of free disk space — enough for the lab VM, the RF capture files, and the workshop project files.
- GPU: No specialized graphics hardware is required. Standard integrated graphics are entirely sufficient.
- SDR Hardware: None required. Every hands-on lab runs against captured RF files supplied by the instructor, and the "attack target" is a Python software receiver that consumes simulated RF transmissions and displays state changes. No transmitter or receiver is needed. If you own an SDR, you're welcome to follow along on real spectrum for the receive-side labs, but the workshop is designed end-to-end for the no-hardware student.
VM/Lab/Student Information
- Recommended path: the pre-built Linux VM. A ~10 GB VirtualBox/VMware-compatible image is provided with everything pre-installed and pre-verified — Universal Radio Hacker, GNU Radio, and the workshop project files. This works on Windows, macOS, and Linux hosts.
- VirtualBox (free) or VMware Player (free) will run it. Links and one-page setup notes will be in pre-class instructions.
- Optional native install (Linux only): If you'd rather not run a VM, an INSTALL_NATIVE_LINUX.md guide is provided. URH and GNU Radio are packaged on most major distros (apt, dnf, pacman). Most students will be better served by the VM; the native install is offered for those who want it.
- Workshop files: These will be included in the VM and also available via a GitHub repository before the session — RF capture files, Python decoder skeletons, GNU Radio flowgraph templates, and the Python software receiver. Cloning the repo (or just opening the VM, which has it cloned already) is the only prep step.

Syllabus

Part A: Welcome and Intro to the RF Attack Surface

Welcome to the Workshop (Lecture)
Why Wireless Is the Most Under-Defended Attack Surface (Lecture)
The Capture → Decode → Takeover Kill Chain (Lecture)
Meet the Target: a 433 MHz Remote-Controlled Outlet (Live Demo)

Part B: Toolbox Setup — URH and the Software Receiver

What an SDR Really Is — in Five Minutes (Lecture)
IQ Files and Capturing Them (Lecture)
First Look at Universal Radio Hacker (Lab)
Run the Software Receiver Against a Known Capture (Lab)

Part C: Find the Signal (in URH)

Spectrum Reconnaissance in a Wideband Capture (Lecture + Lab)
Tuning and Channel Isolation by Drag-Selection (Lab)
URH vs. GNU Radio — Right Tool for the Job (Lecture)

Part D: Decode the Signal (in URH and Python)

On-Off Keying (OOK) in Five Minutes (Lecture)
Using URH to Interpret the Signal (Lab)
Recover the Structured Payload in URH (Lab)
Bridge to the Software Receiver (Lecture)

Part E: Take Over the Device (in GNU Radio + Python)

Why GNU Radio for Transmit (Lecture)
Build the OOK Transmitter Flowgraph (Lab)
Drive the Software Receiver with Your Synthesized Transmission (Lab)
CTF: Flip a Bit, Flip the Switch (Lab + CTF)
Defender’s Reframe (Lecture)

Part F: Where to from Here?

What You Just Did, in the Defender’s Language (Lecture)
Suggested Next Steps (Lecture)
Q&A (Discussion)

FAQ

Who should take this workshop:

This workshop is for security professionals, enthusiasts, and hobbyists who are curious about the wireless attack surface but have never touched an SDR.

If you’ve watched a Wild West Hackin’ Fest talk about replay attacks on garage doors, key fobs, or industrial sensors and wondered how these actually work, this is the on-ramp.

It’s equally relevant to defenders: By walking the full capture-decode-takeover kill chain yourself, you’ll come away with a concrete mental model of what unauthorized RF activity looks like and where it could be detected on your own network’s airwaves.

Pen-testers, red teamers, blue teamers, SOC analysts, hardware hackers, makers, and students are all welcome!

Audience skill level:

Beginner

Prerequisites:

The workshop assumes no prior experience with SDR, GNU Radio, Universal Radio Hacker, RF theory, or digital signal processing. No engineering or math background needed.

Some general comfort with running software on your own computer — installing a VM, opening a terminal, editing a Python file — will make the labs go faster, but is not strictly required. If you have prior SDR experience, this workshop will still be useful as a fast review of the offensive workflow and as a head start on GNU Radio or URH if you haven’t used them before.

Key Takeaways:

By the end of this workshop, you will be able to do the following:

Explain, in plain language, how a software-defined radio captures and emits RF signals
Open and inspect an IQ capture file in Universal Radio Hacker (URH)
Read a spectrogram and identify an unknown signal of interest in a wideband capture
Recognize an On-Off Keyed (OOK) signal, demodulate it, and extract bits
Build a GNU Radio flowgraph that transmits an OOK signal from a chosen payload
Modify a payload at the bit level and watch the receiver report the new command
Know which kinds of offensive and defensive approaches are possible with SDR

About the Instructor

Paul Clark

Bio

With nearly a decade of experience as a business owner and software‑defined radio (SDR) consultant and trainer, Paul helps clients and students leverage the power and potential of SDR technology. His company, Factoria Labs, provides consulting services as well as training, particularly in the realm of wireless communications, RF reverse engineering, and GNU Radio.
Before founding Factoria Labs, he worked as a software development consultant for Meadow Registry, where he developed and marketed C++ tools for SDR‑based forensics. He has co‑authored three books in a series on getting started with SDR and GNU Radio, sharing his knowledge and passion for the topic.

He also has a strong background in product management, embedded software, and mixed‑signal integrated circuit design, having led a cross‑functional team of 20 at Cypress Semiconductor to deliver innovative software solutions for PSoC® microcontrollers. He holds a Master of Science in Electrical and Electronics Engineering from the University of Washington and two patents in the fields of SDR and biometrics.

Register for Upcoming

Filter by Product Instructor
- Paul Clark
Filter by Product Date
- 07/24/2026 12:00 PM EDT
Filter by Product Type
- Live Training

Workshop: Intro to SDR Hacking: Capture, Decode, Take Over

Pay What You Can - Complete Package

Live Training Paul Clark

Virtual

Includes:

• Virtual Ticket to WWHF

• $100 off next AT class

• 12 months Cyber Range Access

• T-Shirt

• The Future Is ****** comic

• Sticker Pack

• Certificate of completion

• 6 months class recording access via Discord

• Pay it forward to 6 students

• Free ACE-T Core certification test

We are currently unable to ship internationally.

Pay What You Can

Live Training Paul Clark

Virtual

Includes:

• $50 off next AT class

• 12 months Cyber Range Access

• T-Shirt

• The Future Is ****** comic

• Sticker Pack

• Certificate of completion

• 6 months class recording access via Discord

• Pay it forward to 3 students

• Free ACE-T Core certification test

We are currently unable to ship internationally.

Pay What You Can

Live Training Paul Clark

Virtual

Includes:

• T-Shirt

• The Future Is ****** comic

• Sticker Pack

• Certificate of completion

• 6 months class recording access via Discord

• Pay it forward to 1 student

• Free ACE-T Core certification test

We are currently unable to ship internationally.

Pay What You Can

Live Training Paul Clark

Virtual

Includes:

• Certificate of completion

• 6 months class recording access via Discord

For tuition assistance with this course please send an email to: [email protected]

$25 - $300

July 24th, 2026 12:00 PM EDT - 4:00 PM EDT

Registration End Date: 10:00 PM, EDT July 23rd 2026

Next scheduled date: July 24th, 2026 @ 12:00 PM EDT

Description

System Requirements

VM/Lab/Student Information

Syllabus

FAQ

About the Instructor

Bio

Register for Upcoming

Workshop: Intro to SDR Hacking: Capture, Decode, Take Over

Pay What You Can - Complete Package

Pay What You Can

Pay What You Can

Pay What You Can

$25 - $300 $300 $150 $50 $25

July 24th, 2026 12:00 PM EDT - 4:00 PM EDT

Related products

Workshop: How to Befriend and Bedazzle Online Threat Actors

Red Team Fundamentals for Active Directory

Workshop: Build a Multi-Modal C2 Covert Channel in Golang

Workshop: Hands on Kerberos

$25 - $300