Skip to main content

What You Need to Know About the Certified Hardware Hacker (CH2) Certification

As someone who began in embedded engineering and transitioned into cybersecurity, I’ve always been interested in that gray space where hardware meets software. When I came across the Certified Hardware Hacker (CH2) certification from We Hack In Disguise (WHID), it felt like a solid way to expand my skills into hardware hacking. The course promised a deep dive into embedded and IoT device security with hands-on labs, real-world tooling, and a technical curriculum. Now that I’ve completed the training and passed the certification, here’s my review for those considering it.


A Look Inside the Training

The CH2 training is built around a self-paced, lab-heavy approach. It blends theory and practice with structured content, walkthroughs, and exercises that you can follow at your own speed. From the start, it was clear this wasn’t just another set of slides and multiple-choice questions. The labs drive the learning process, and that’s where most of the value lies.

Topics covered include:

  • Dumping memory (eMMC, NAND)

  • Debug protocols: UART, JTAG, I2C, SPI, SWD

  • Soldering and desoldering techniques

  • PCB reverse engineering

  • Fault injection fundamentals

  • Emulating embedded firmware (MIPS/ARM)

  • Threat modeling for embedded and IoT devices

There’s also a full section dedicated to practical electronics, which even for someone with prior experience was a useful refresher.

Who This Course is (and Isn’t) For

CH2 is best suited for:

  • Security professionals looking to explore embedded/IoT targets

  • Penetration testers branching out into hardware

  • Researchers with some background in Linux and tooling

If you’re already familiar with terminal work, basic electronics, and reverse engineering concepts, you’ll likely find the pace appropriate. However, this isn’t designed for absolute beginners or those unfamiliar with Linux. There’s an expectation that you can pick up new tools quickly and troubleshoot on your own.

Coming from an embedded engineering background, I found the earlier modules a bit elementary, but the later stages (especially memory extraction , firmware emulation and fault injection) were rewarding and practical.

What Worked Well

  • Lab-First Approach: Nearly every theoretical concept is tied to a hands-on exercise. That alone sets CH2 apart from many “watch-and-forget” security courses.

  • Self-Paced with Depth: The material is dense but digestible. You can go at your own speed and still walk away with tangible skills.

  • Focus on Practical Tools and Methods: No vendor lock-in or overly abstract ideas—just real tools used in real audits.

  • Clear Technical Progression: You move from basic soldering to advanced attack surfaces in a logical way.

Where It Could Improve

  • Limited Community Interaction: While there is a student community, it’s relatively quiet—likely due to the niche nature of hardware hacking and the course’s early stage. It doesn’t have the scale or activity of larger platforms like OffSec or HTB. That said, Luca (the instructor) is responsive and helpful, providing direct support when needed, especially around exercises and questions.

  • Cost Considerations: At around $2000, it's a significant investment. Worth it if you're serious, but not exactly entry-level pricing.

Additionally, I would have liked to see more advanced coverage of topics like fault injection and power analysis. A deeper dive with practical examples in those areas would take the course to another level.

The CH2 Certification Exam Experience

The certification exam is a live, 45–60-minute video call. It’s a mix of technical questioning and practical discussion, led by the course creator himself. It felt more like a peer-to-peer conversation than a test, which I appreciated.

You’re asked to explain key concepts, show understanding of the labs, and answer technical questions based on the material. There’s no trickery—if you’ve done the work, you’ll be well-prepared. I found the conversation engaging and informative, and we even ended up discussing some broader security topics by the end.

The cert doesn’t expire and doesn’t require renewals. That’s a small but appreciated detail.

Final Verdict: Is CH2 Worth It?

For anyone with a background in embedded systems or pentesting, CH2 is a worthwhile investment. It provides a structured path into hardware security that balances practical labs with theoretical depth.

If you're looking to transition into IoT/embedded device hacking, this course will give you the foundations and tools to begin real-world work. It's not flashy or marketing-heavy—it’s built for people who want to learn by doing.

Overall, CH2 delivers where it counts: hands-on skills, real tools, and a clear learning path.


This Article Was Sponsored By:

Popular posts from this blog

Open eClass – CVE-2024-26503: Unrestricted File Upload Leads to Remote Code Execution

During an assessment, I identified a severe security vulnerability within Open eClass, an e-learning platform extensively utilized across educational institutions, notably within Greece, where it is deployed by virtually all Greek Universities and educational entities. Open eClass, developed by GUnet (Greek Universities Network), is instrumental in delivering asynchronous e-learning services. The vulnerability, cataloged under CVE-2024-26503, involves an unrestricted file upload flaw that enables remote code execution (RCE), impacting versions 3.15 and earlier of the platform. This critical security lapse presents a significant risk, potentially allowing unauthorized access and control over the system, thereby compromising the integrity and security of the educational infrastructure. Affected Versions: ●   version <=  3.15 CVSSv3.1 Base Score: 9.1 ( Critical ) CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Exploitation Guide The vulnerability can be e...
Read more

Chamilo LMS: CVE-2024-27524 & CVE-2024-27525

CVE-2024-27524:  Stored XSS in tickets Severity:  High  (Base Score  7.1 ) CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H   Mitigation: Upgrade to Chamilo LMS 1.11.28 and above. Patch:  https://github.com/chamilo/chamilo-lms/commit/53275c152275958b33a1f87a21843daa52fb543a CVE-2024-27525:  Self XSS in social network Base Score:  Medium  (Base Score  4.6 ) CVSS Vector:  CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L Mitigation: Upgrade to Chamilo LMS 1.11.28 and above. Patch:  https://github.com/chamilo/chamilo-lms/commit/a63e03ef961e7bf2dab56f4ede6f87edef40ba0c Overview This advisory covers the discovery of two vulnerabilities within Chamilo LMS, an open-source learning management system (LMS) widely used across educational institutions. These vulnerabilities—stored cross-site scripting (Stored XSS) and self-cross-site scripting (Self XSS)—pose different levels of security risks but highlight critical consideration...
Read more

How I Use Obsidian for Penetration Testing, CVE Hunting, and Studying

In the ever-evolving realm of cyber security, the tools and techniques at our disposal are as varied as the threats we aim to counteract. Among these tools, note-taking applications play a pivotal role, not just in organizing our thoughts but in streamlining our entire workflow. Today, I'm excited to share how Obsidian, a tool I embraced over two and a half years ago while preparing for my eJPT exam, has become an indispensable ally in my journey through penetration testing, CVE hunting, and continuous learning. If you're not yet familiar with Obsidian, it's a robust note-taking application that operates on a local collection of plain text Markdown files. What sets it apart is its capability to interlink ideas, forming an expansive web of knowledge that is both intuitive and comprehensive to explore. Through considerable customization, I've developed what I consider to be an ideal method for consolidating notes, insights, and projects into a unified workspace. Here'...
Read more