IoT Security Assessment

Securing the connected world.

We are at the front line of IoT security research & proud owners of expliot.io. We understand the IoT ecosystem inside out. In the last 8+ years, Payatu has performed, security assessment of 100+ IoT product ecosystems.

Extensive/comprehensive testing of all aspects of IoT

  • Physical

    I2C, SPI, UART, GPIO

  • Radio

    Wifi, Bluetooth, GSM, GPRS, GPS (susceptible to radio-based attacks)

  • Remote

    Web application, Web Service, Mobile Application, and Cloud Infrastructure from the Internet.

We have identified eight critical elements of the IoT product ecosystem that needs to be cover during the security assessment/audit process

Our Methodology

Our methodology takes into consideration the industry-wide projects looking at the most commonly vulnerable areas of the application deployments, considering the OWASP top 10 and Web Application Security Consortium.

  • Initial Reconnaissance
  • Meeting with Developer/SME
  • Attack Surface Identification
  • Threat Modeling
  • Protocol Endpoints
  • Cloud Pentest
  • Mobile App Pentest
  • Firmware RE + Vulnerability Analysis
  • Fuzzing Protocol Endpoints
  • Hardware vulnerability analysis
  • Reporting
  • Mitigation Proposal

GET STARTED

Get to know more about our process, methodology & team!

Close the overlay

I am looking for
Please click one!

All Blogs ›  Latest Blogs

05/08/2016
ashfaq

Uninitialized Stack Variable – Windows Kernel Exploitation

18/01/2016
ashfaq

From Crash To Exploit: Cve-2015-6086 – Out Of Bound Read/aslr Bypass

28/05/2015
ashfaq

Hacksys Extreme Vulnerable Driver

All News ›  Latest News

Webinar, Online
11-July-2020

Munawwar will give security professionals a comprehensive understanding of the ARM Architecture, reversing ARM binaries, exploiting vulnerabilities and the nuances of ARM shellcoding.

Webinar, Online
21-May-2020

Arun Magesh will be delivering a webinar on <em>Introduction to IoT Reversing Firmware</em> and discussing how to get started with IoT pentesting with hands-on.

Workshop, Online
25-April-2020

Ashfaq Ansari is conducting a workshop to get you started with kernel vulnerability analysis and exploitation in the Android platform.