Offensive IoT Exploitation

COURSE ABSTRACT

IoT or the Internet of Things is one of the most upcoming trends in technology as of now. A lot many new devices are coming up every single month. However, not much attention has been paid to the device's security till now.

"Offensive IoT Exploitation" is a brand new and unique course which offers pentesters the ability to assess and exploit the security of these smart devices. The training will cover different varieties of IoT devices, assessing their attack surfaces and writing exploits for them. The 3-day (or 5-day) class will be hands-on giving attendees the ability to try things themselves rather than just watching the slides.

We will start from the very beginning discussing about the architecture of IoT devices, and then slowly moving to firmware analysis, identifying attack surface, finding vulnerabilities and then finally exploiting the vulnerabilities.

The course labs include both emulated environments as well as real live devices which will be provided to the attendees during the training. A custom VM - AttifyOS will be provided by the trainer which will be used for the entire class.

Offensive IoT Exploitation is the course for you if you want to try exploitation on different IoT devices and discover security vulnerabilities and 0-days in IoT devices. 

At the end of the class, there will be a final CTF challenge where the attendees will have to identify security vulnerabilities and exploit them, in a completely unknown device.

Note: The training is available as both on-site and live online instructor-led class. 


Topics covered

course outline

After the class, the attendees will be able to: 

  • Extract and analyze device firmwares 
  • Debug and Disassemble binaries 
  • Exploit UART, SPI, I2C and JTAGs 
  • JTAG debugging, exploitation
  • Dump firmware through various techniques 
  • Debug hardware and software 
  • Analyze security of MQTT, CoAP and M2MXML protocols
  • Attack cloud and mobile component of an IoT device
  • Sniff, Replay, MITM and Attack Radio communications 
  • BLE and Zigbee exploitation
  • ARM and MIPS Reversing
  • Conventional and Un-conventional attack techniques 
  • Side Channel Attacks (Clock, Vcc glitching, breaking crypto)
  • Write exploits for the platforms
    and more. 

All the above mentioned topics are taught with an extremely hands-on lab based practical sessions. 


Additional Information

 

What students will be provided with

  • IoT devices  
  • Attify's IoT pentesting VM
  • Printed Lab reference material and handouts
  • 600+ slides (PDF Copy)
  • Hardware Hacking Kit to take home

Who can attend this course

  • IoT Security Enthusiasts
  • Security Professionals and Penetration Testers
  • Embedded Developers

VERSIONS

  • 2-days Beginner Edition
  • 2-days Intermediate Edition
  • 2-days Advanced Edition
  • 3-days Pentesters Edition
  • 5-days Bootcamp (covers everything from basic to advanced) 
BlackHat OWASP AppSec Brucon
Training feedback
IoT Security training feedback
IoT Exploitation training feedback

REQUEST TO CONDUCT OFFENSIVE IOT EXPLOITATION AT YOUR ORGANIZATION