Offensive IoT Exploitation
IoT in 2024 is everywhere - it's in our cars, refrigerators, televisions, home automation systems, ICS, medical devices and any place you can imagine.
What about the security of these devices? Turns out, most of these devices are not really secure.
But how would you get ready to perform IoT penetration testing and exploitation?
IoT Security is more complex than you can think.
You have to learn about Firmware, Embedded Devices, Serial communication protocols, Software Defined Radio, Bluetooth Low Energy(BLE), ZigBee and what not!
We at Attify decided to create a training curriculum, based on our experience of conducting 100+ penetration testing engagements in the past year.
A class which is not just going through the slides and theoretical information, but actually giving everyone an opportunity to perform exploitation techniques on real world IoT devices.
That's how Offensive IoT Exploitation was born - A 3/5 day class, which covers everything from the very basics to getting you ready for real-world IoT device pentesting.
The class is taught by actual practitioners (not just security trainers), so that you get to see what happens in a real world penetration testing engagement - what kind of vulnerabilities you would most commonly see, how to identify them, how to exploit them and most importantly the tools and tactics which we use at Attify.
Think of it as a mastermind session - where you get to join other people who are extremely passionate about IoT exploitation techniques, mentored by folks who have been doing this for years.
We start the class with Internals of IoT, identifying attack surface, developing the pentest mindset, then moving into Firmware RE to internals of electronics to Embedded Device Hacking gradually into Software Defined Radio and finally exploiting BLE and ZigBee communication protocols - all with hands-on labs and exercises.
This class is for you if -
1. You want to learn IoT security research and pentesting
2. You want to build strong foundations to come up with unique exploitation strategies
3. You want to find 0-days in Internet of Things and Smart devices
Topics covered
After the class, you will be able to:
Extract and analyze device firmwares
Debug and Disassemble binaries
Exploit UART, SPI, I2C and JTAGs
JTAG debugging, exploitation
Dump firmware through various techniques
Debug hardware and software
Analyze security of MQTT and other communication protocols
Attack cloud and mobile component of an IoT device
Sniff, Replay, MITM and Attack Radio communications
BLE and Zigbee exploitation
ARM and MIPS Reversing
Conventional and Un-conventional attack techniques
Side Channel and Glitching based Attacks
Write exploits for the platforms
and more.
All the above mentioned topics are taught with an extremely hands-on lab based practical sessions.
What you will be provided with
Attify's IoT pentesting VM
Lab reference material and handouts
1000+ slides (PDF Copy)
IoT Exploitation kit (optional)
Who can attend this course
IoT Security Enthusiasts
Security Professionals and Penetration Testers
Embedded Developers
Versions
5-days Bootcamp (covers everything from basic to advanced) — Now available as an Online Class
Private Training
We offer private training classes on-site and online with the option to customize the training classes as per your requirements for corporate and government organisations. Our team ensures that our training can deliver the outcomes for the attendees that you are looking for.