Practical IoT Hacking

Title: Practical IoT Hacking

Duration: 3/5 Days

Objective

IoT or the Internet of Things is one of the most upcoming trends in technology as of now. A lot many new devices are coming up every single month. However, not much attention has been paid to the device’s security till now. “Practical IoT Hacking” is a brand new and unique course which offers security professionals the ability to assess the security of these smart devices. The training will cover assessing IoT attack surfaces and finding security issues. The course will be hands-on giving attendees the ability to try things themselves rather than just watching the slides. We will start from the very beginning discussing about the architecture of IoT devices, and then slowly moving to firmware analysis, identifying attack surface and finding/exploiting vulnerabilities.

The course labs include both emulated environments as well as real live devices which will be provided to the attendees during the training for the hands-on labs. Practical IoT Hacking training is designed for security professionals who want to kickstart their career in IoT Pentesting and the training does not expect the attendees to have a prior knowledge of assembly, mobile security or reversing. The attendees will be provided with VM image for IoT security testing platform called Drona created by us.

Course outline

• Introduction to IoT
• IoT Architecture
• Identify attack surfaces
• Mobile App security (Android)

  • App reversing and Analysis
  • Input validation attacks
  • Insecure Storage
  • Access control attacks
  • Hardcoding issues

• ARM

  • Architecture
  • Instruction Set
  • Reversing

• MIPS

  • Architecture
  • Instruction Set
  • Reversing
  • Device scanning
  • Conventional Attacks

• Firmware

  • Types
  • Firmware analysis and reversing
  • Firmware modification

• Simulating real environments
• USB/external Storage Attacks

Hardware

  • Identifying components
  • Identifying interfaces
  • Identifying pin functions
  • Firmware extraction

• Introduction to radio protocols

Who Should Take this Course

  • Pentesters/security professional
  • Embedded security enthusiast
  • Anyone interested to learn IoT pentesting
  • IoT Developers and testers

Pre-requisites

  • Basic knowledge of web and mobile security
  • Basic knowledge of Linux OS
  • Basic knowledge of programming (C, python) would be a plus

What attendees should bring

  • Laptop with at least 30 GB free space
  • 4 GB minimum RAM
  • External USB access
  • Administrative privileges on the system
  • Virtualization software – VirtualBox 5.X

What attendees will be provided With

  • Shared IoT devices will be provided during the class for Labs
  • Drona VM for pen testing IoT products
  • Slides (PDF)

What to Expect?

  • Hands-on Labs
  • Reversing binaries and apps
  • Getting familiar with the IoT security
  • This course will give you a direction to start performing pentests on IoT devices

What Not to Expect?

  • Becoming a hardware/IoT hacker overnight. Use the knowledge gained in the training to
    start pentesting IoT devices and sharpen your skills.