Offensive IoT Exploitation

IoT in 2024 is everywhere - it's in our cars, refrigerators, televisions, home automation systems, ICS, medical devices and any place you can imagine.  

What about the security of these devices? Turns out, most of these devices are not really secure.

But how would you get  ready to perform IoT penetration testing and exploitation?  

IoT Security is more complex than you can think. 

You have to learn about Firmware, Embedded Devices, Serial communication protocols, Software Defined Radio, Bluetooth Low Energy(BLE), ZigBee and what not! 

We at Attify decided to create a training curriculum, based on our experience of conducting 100+ penetration testing engagements in the past year. 

A class which is not just going through the slides and theoretical information, but actually giving everyone an opportunity to perform exploitation techniques on real world IoT devices

That's how Offensive IoT Exploitation was born - A 3/5 day class, which covers everything from the very basics to getting you ready for real-world IoT device pentesting. 

The class is taught by actual practitioners (not just security trainers), so that you get to see what happens in a real world penetration testing engagement - what kind of vulnerabilities you would most commonly see, how to identify them, how to exploit them and most importantly the tools and tactics which we use at Attify

Think of it as a mastermind session - where you get to join other people who are extremely passionate about IoT exploitation techniques, mentored by folks who have been doing this for years.  

We start the class with Internals of IoT, identifying attack surface, developing the pentest mindset, then moving into Firmware RE to internals of electronics to Embedded Device Hacking gradually into Software Defined Radio and finally exploiting BLE and ZigBee communication protocols - all with hands-on labs and exercises.  

This class is for you if - 

1. You want to learn IoT security research and pentesting

2. You want to build strong foundations to come up with unique exploitation strategies

3. You want to find 0-days in Internet of Things and Smart devices 

 

Topics covered

After the class, you will be able to: 

  • Extract and analyze device firmwares

  • Debug and Disassemble binaries

  • Exploit UART, SPI, I2C and JTAGs

  • JTAG debugging, exploitation

  • Dump firmware through various techniques

  • Debug hardware and software

  • Analyze security of MQTT and other communication protocols

  • Attack cloud and mobile component of an IoT device

  • Sniff, Replay, MITM and Attack Radio communications

  • BLE and Zigbee exploitation

  • ARM and MIPS Reversing

  • Conventional and Un-conventional attack techniques

  • Side Channel and Glitching based Attacks

  • Write exploits for the platforms
    and more.

All the above mentioned topics are taught with an extremely hands-on lab based practical sessions. 

What you will be provided with

  • Attify's IoT pentesting VM

  • Lab reference material and handouts

  • 1000+ slides (PDF Copy)

  • IoT Exploitation kit (optional)

Who can attend this course

  • IoT Security Enthusiasts

  • Security Professionals and Penetration Testers

  • Embedded Developers

Versions

  • 5-days Bootcamp (covers everything from basic to advanced) — Now available as an Online Class

 

BlackHat OWASP AppSec Brucon
Training feedback
IoT Security training feedback
IoT Exploitation training feedback

Private Training

We offer private training classes on-site and online with the option to customize the training classes as per your requirements for corporate and government organisations. Our team ensures that our training can deliver the outcomes for the attendees that you are looking for.