
Explore Bluetooth fundamentals and ethical hacking with hands-on lab exercises, covering classic vs BLE, pairing, bonding, encryption, scanning, rf jamming, nrf24l01 jammer demos, and scenario-based assessments.
Explore how bluetooth operates as a 2.4 ghz short-range wireless standard, with classic and ble variants, frequency hopping, channel counts, and a plan to study vulnerabilities in both protocols.
Explore how Bluetooth signal jamming works, with demonstrations of an NRF24L01 jammer, building a jammer with Arduino and NRF24L01, and a built-in jammer, plus a comparison of their effectiveness.
Demonstrate a wireless jammer using a Nrf24l01 with Arduino, showing how signals are interrupted between a speaker and a jammer, with plans to build and compare future jammers.
Demonstrates a built-in jammer that disrupts all 2.4 GHz devices, including Bluetooth and Wi-Fi, within about ten meters, causing speakers and networks to disconnect.
Search AliExpress and other sites to find suitable jammers from country-specific sellers, then check your country’s customs rules and legality before purchasing, and use them only in a sealed lab.
Explore advanced scanning of Bluetooth classic devices, including how paired devices disappear from scans and how a jammer can reveal them in pairing mode to capture mac addresses.
Understand denial of service attacks aimed at specific devices, jamming 2.4ghz devices such as speakers and smartwatches using the Blue Dot tool in Kali.
The NRF 52 840 module offers a graphical interface for interception of Bluetooth devices and complements methods, with software, SDK, and documentation to set up and update firmware via DFU.
Explore serious Bluetooth vulnerabilities, including CVE-2023-45866 HID, enabling keystroke injection without pairing on older devices. Apply updates, disable automatic pairing, and monitor behavior with a Blue Duckie demo.
Demonstrate microphone vulnerability in Bluetooth devices with Blue Spire and Blue Sky Pi by recording audio from earbuds and speakers. Learn steps to set up, run commands, and assess risks.
Learn a scenario based attack on Bluetooth classic devices by scanning for nearby devices, forcing disconnects with a jammer, and performing a Bluetooth spy attack to record data.
Conduct a scenario-based attack on a Bluetooth classic device by leveraging a jammer to seize control from the victim, then scan, connect, and read device model and serial number.
Master practical Bluetooth offensive and defensive skills with this hands-on, lab-driven course designed for red-teamers, penetration testers, security researchers, and hardware security enthusiasts. You’ll move from clear foundational theory into realistic, mission-oriented exercises that mirror real engagement workflows: recon -->weaponized --> execute -->document --> remediate.
The course begins with a concise introduction and a requirements checklist so you can prepare your lab (Raspberry Pi 5, USB Bluetooth adapters, nRF52840, Arduino + NRF24L01, and test mobile devices). Next we cover core theory — the key differences between Bluetooth Classic and BLE and the security implications of each — so you understand how attacks map to protocol specifics.
Practical modules include:
• Basic & Advanced Scanning: learn adapter capabilities, perform passive and active scans, fingerprint devices and services, and use the RPI-5 default dongle for repeatable captures.
• Jamming & RF Interference: safe demonstrations of NRF24L01 jammers, step-by-step Arduino builds (with code and Fritzing diagrams), device comparisons, and controlled Portapack measurements inside shielded testbeds.
• Denial of Service (DoS): protocol-level DoS on BLE and Classic, how L2CAP/ACL floods behave, and how to measure and mitigate impact.
• Intercepting Devices: hands-on nRF52840 setup, sniffer role emulation, and practical interception workflows using bluetoothctl and Nordic tooling.
• Exploring Real Issues: responsible reproductions of HID and audio vulnerabilities — including CVE-2023-45866, BlueDucky HID techniques, and BlueSpy microphone demonstrations — with defenses and detection strategies taught alongside.
• Scenario-Based Attacks & Capstone: full attack chains for Classic and BLE, OPSEC best practices, and a final scenario where you plan and document a professional assessment.
Every module balances offensive techniques with defensive controls, detection strategies, and ethical/legal rules. Labs are non-destructive by default and designed for isolated testbeds; safety checklists and reporting templates are included. By course end you will be able to execute repeatable Bluetooth assessments, construct lab-grade demos, and deliver clear remediation guidance for stakeholders. Prepare your lab, follow the safety rules, and join to gain employer-ready Bluetooth red-team skills.
Disclaimer:
Important: All demonstrations and exercises in this course are conducted in controlled lab environments and are intended strictly for educational and ethical research purposes. Students must adhere to all applicable laws and regulations. Unauthorized interception, transmission, or manipulation of live devices, networks, or signals is strictly prohibited. This course focuses on defensive security, signal analysis, and research-based experimentation only.