"The great power of Internet Of Things comes with the great responsibility of security". Being the hottest technology, the developments and innovations are happening at a stellar speed, but the security of IoT is yet to catch up. Since the safety and security repercussions are serious and at times life threatening, there is no way you can afford to neglect the security of IoT products.
"Practical IoT Hacking: Basic Edition" is a research backed and unique course which offers security professionals, a good understanding of the core of IoT Technology i.e. IoT protocols, sensor tech and their underlying weaknesses. The extensive hands-on labs enable attendees to master the art, tools and techniques to find-n-exploit or find-n-fix the vulnerabilities in IoT, not just on emulators but on real smart devices as well.
The course is aimed at security professionals who want to enhance their skills and move to/specialize in IoT security. The course is structured for beginner level attendees who do not have any experience in IoT, reversing or hardware.
The course specifically focuses on the security issues and attacks on evolving IoT technologies including widely used IoT protocols and platforms in various domains such as home, enterprise etc. It covers grounds-up on various IoT protocols including internals, specific attack scenarios for individual protocols and open source software/hardware tools one needs to have in their IoT penetration testing arsenal. We also discuss in detail how to attack the underlying hardware of the sensors using various practical techniques.
Attendees will be provided with:
- Drona - an attack VM that has most of the required tools and features for IoT security analysis.
- ExplIoT - Open Source IoT exploitation framework created by us specifically for IoT penetration testing.
- DIVA–IoT - a vulnerable IoT sensor made in-house for hands-on exercises.
- Practical IoT Hacking Lab Manual - with detailed and step by step information on each lab.
Course Layout
Software
- IoT Architecture
- IoT Attack Surface
- IoT Security Testing process
- ExplIot Framework architecture
- Writing your own exploits/test cases using ExplIoT
- IoT Protocol attacks - MQTT, CoAP...
Hardware
- Radio IoT Protocol attacks - ZigBee, BLE
- Conventional attacks on Sensors
- Firmware analysis and Reverse engineering
- External Storage Attacks
- Hardware components and Reconnaissance
- Identifying Debug ports
- Interfacing with debug ports
- Analyzing and extracting data from memory chips
- Sniffing bus communication
- Hardware protocol understanding - UART, I2C, SPI, JTAG...